surya/freeplanet_serverside
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- aggiornamento refreshtoken (parte 1)

Browse Source 
- PCB: fix listino
This commit is contained in:
Surya Paolo
2024-04-09 21:56:50 +02:00
parent 3221cf8d25
commit 07c210c59e
17 changed files with 280 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.env.dev.pcb
View File

@@ -31,6 +31,9 @@ GCM_API_KEY=""
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

3
.env.dev.riso
View File

@@ -31,6 +31,9 @@ GCM_API_KEY=""
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

9
.env.development
View File

@@ -1,11 +1,11 @@
DATABASE=test_FreePlanet DATABASE=test_PiuCheBuono
UDB=paofreeplanet UDB=paofreeplanet
PDB=mypassword@1A PDB=mypassword@1A
SEND_EMAIL=0 SEND_EMAIL=0
SEND_EMAIL_ORDERS=1 SEND_EMAIL_ORDERS=1
PORT=3000 PORT=3000
appTelegram_TEST=["1","13"] appTelegram_TEST=["1","17"]
appTelegram=["1","13"] appTelegram=["1","17"]
DOMAIN=mongodb://localhost:27017/ DOMAIN=mongodb://localhost:27017/
AUTH_MONGODB=true AUTH_MONGODB=true
MONGODB_USER=admin MONGODB_USER=admin
@@ -31,6 +31,9 @@ GCM_API_KEY=""
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=Askb38v23jjDFaoskBOWj92axXCQ SECRK=Askb38v23jjDFaoskBOWj92axXCQ
SECRTK=prova123prova567ASDADASDAS
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
FTPSERVER_HOST=139.162.166.31 FTPSERVER_HOST=139.162.166.31
FTPSERVER_PORT=21 FTPSERVER_PORT=21
FTPSERVER_USER=ftpusrsrv_ FTPSERVER_USER=ftpusrsrv_

3
.env.prod.pcb
View File

@@ -29,4 +29,7 @@ PATH_SSL_CHAIN_PEM=chain.pem
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
SECRTK=jAxKm02emx5SeJvz2IGmtRf6YqCgope
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNVZZ AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNVZZ

2
.env.test.pcb
View File

@@ -29,4 +29,6 @@ PATH_SSL_CHAIN_PEM=chain.pem
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

2
.env.test.risosrv
View File

@@ -26,4 +26,6 @@ PATH_SSL_CHAIN_PEM=chain.pem
PROD=0 PROD=0
PROJECT_DESCR_MAIN='__PROJECTS' PROJECT_DESCR_MAIN='__PROJECTS'
SECRK=iUUb38v23jjDFaosWj92axkBOXCQ SECRK=iUUb38v23jjDFaosWj92axkBOXCQ
TOKEN_LIFE=2h
REFRESH_TOKEN_LIFE=86400
AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV AUTH_NEW_SITES=B234HDSAOJ734ndcsdKWNV

20
deploynodejs_on_risosrv_test.sh
View File

@@ -3,14 +3,14 @@
source ./.env.test.risosrv source ./.env.test.risosrv
echo "Sincronizzazione in corso..." echo "Sincronizzazione in corso..."
rsync -avz -e 'ssh -p 5522' css root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' css pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' docs root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' docs pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' emails root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' emails pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' images root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' images pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' plugins root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' plugins pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' sass root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' sass pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' src root@risosrv:/var/www/$SERVERDIR_WEBSITE/ rsync -avz -e 'ssh -p 8822' src pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/
rsync -avz -e 'ssh -p 5522' .env.test.risosrv root@risosrv:/var/www/$SERVERDIR_WEBSITE/.env.test rsync -avz -e 'ssh -p 8822' .env.test.pcb pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/.env.test
rsync -avz -e 'ssh -p 5522' package.json root@risosrv:/var/www/$SERVERDIR_WEBSITE/package.json rsync -avz -e 'ssh -p 8822' package.json pcbuser@pcb:/var/www/$SERVERDIR_WEBSITE/package.json
echo "Sincronizzazione TERMINATA! - SERVER TEST!" echo "Sincronizzazione TERMINATA! - SERVER RISO TEST!"

68
src/server/middleware/authenticate.js
View File

@@ -13,6 +13,7 @@ const auth_default = (req, res, next) => {
const authenticate = (req, res, next) => { const authenticate = (req, res, next) => {
const token = req.header('x-auth'); const token = req.header('x-auth');
//const refreshToken = req.header('x-refrTok');
// console.log('authenticate... '); // console.log('authenticate... ');
@@ -29,32 +30,30 @@ const authenticate = (req, res, next) => {
const access = 'auth'; const access = 'auth';
User.findByToken(token, access).then((user) => { return User.findByToken(token, access, true).then((ris) => {
if (!user) { if (ris && ris.user && !!ris.user.deleted) {
// tools.mylog("TOKEN " + token); if (ris.user.deleted)
// tools.mylog(" NOT FOUND! (Maybe Connected to other Page) ACCESS: '" + access + "'"); ris.user = null;
return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
// res.status().send();
} }
if (!!user.deleted) { if (ris.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
if (user.deleted) return Promise.reject(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED);
user = null;
} }
if (!user) { if (!ris.user) {
return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN); return Promise.reject(server_constants.RIS_CODE_HTTP_INVALID_TOKEN);
} }
if (!!user) { if (!!ris.user) {
// Save last time online // Save last time online
user.lasttimeonline = new Date(); ris.user.lasttimeonline = new Date();
user.useragent = req.get('User-Agent'); ris.user.useragent = req.get('User-Agent');
return user.save().then(() => { return ris.user.save().then(() => {
req.user = user; req.user = ris.user;
req.token = token; req.token = token;
// req.refreshToken = refreshToken;
req.access = access; req.access = access;
next(); next();
}); });
@@ -62,32 +61,41 @@ const authenticate = (req, res, next) => {
// tools.mylog('userid', user._id); // tools.mylog('userid', user._id);
}).catch((e) => { }).catch((e) => {
if (e === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
return res.status(server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED).send();
}
tools.mylog("ERR authenticate invalid Token =", e); tools.mylog("ERR authenticate invalid Token =", e);
res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send(); res.status(server_constants.RIS_CODE_HTTP_INVALID_TOKEN).send();
}); });
}; };
const authenticate_noerror = (req, res, next) => { const authenticate_noerror = (req, res, next) => {
const token = req.header('x-auth'); try {
const token = req.header('x-auth');
const refreshToken = req.header('x-refrTok');
const access = 'auth'; const access = 'auth';
User.findByToken(token, access).then((user) => { return User.findByToken(token, access, false).then((ris) => {
if (!user) { if (ris.code !== server_constants.RIS_CODE_OK) {
req.user = null;
req.token = null;
req.access = null;
} else {
req.user = ris.user;
req.token = token;
req.refreshToken = refreshToken;
req.access = access;
}
next();
}).catch((e) => {
req.user = null; req.user = null;
req.token = null; req.token = null;
req.access = null; req.access = null;
} else { });
req.user = user; } catch (e) {
req.token = token; console.error('Err', e);
req.access = access; }
}
next();
}).catch((e) => {
req.user = null;
req.token = null;
req.access = null;
});
}; };
module.exports = { authenticate, authenticate_noerror, auth_default }; module.exports = { authenticate, authenticate_noerror, auth_default };

1
src/server/models/site.js
View File

@@ -139,6 +139,7 @@ const SiteSchema = new Schema({
enableTodos: { type: Boolean, default: false }, enableTodos: { type: Boolean, default: false },
enableRegByBot: { type: Boolean, default: false }, enableRegByBot: { type: Boolean, default: false },
enableRegMultiChoice: { type: Boolean, default: false }, enableRegMultiChoice: { type: Boolean, default: false },
enableTokenExpired: { type: Boolean, default: false },
enableDebugOn: { type: Boolean, default: false }, enableDebugOn: { type: Boolean, default: false },
enabledRegNeedTelegram: { type: Boolean, default: false }, enabledRegNeedTelegram: { type: Boolean, default: false },
showViewEventi: { type: Boolean, default: false }, showViewEventi: { type: Boolean, default: false },

85
src/server/models/user.js
View File

@@ -123,6 +123,10 @@ const UserSchema = new mongoose.Schema({
type: String, type: String,
required: true, required: true,
}, },
refreshToken: {
type: String,
default: '',
},
date_login: { date_login: {
type: Date, type: Date,
}, },
@@ -530,8 +534,19 @@ UserSchema.methods.generateAuthToken = function (req) {
const access = 'auth'; const access = 'auth';
const browser = useragent; const browser = useragent;
const prova = 'PROVAMSG@1A' const prova = 'PROVAMSG@1A'
const token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username }, let attiva_scadenza = user.idapp ? tools.getEnableTokenExpiredByIdApp(user.idapp) : false;
process.env.SIGNCODE).toString();
let token = null;
if (attiva_scadenza)
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE, { expiresIn: process.env.TOKEN_LIFE }).toString();
else
token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SIGNCODE).toString();
const refreshToken = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username },
process.env.SECRK, { expiresIn: process.env.REFRESH_TOKEN_LIFE }).toString();
const date_login = new Date(); const date_login = new Date();
// CANCELLA IL PRECEDENTE ! // CANCELLA IL PRECEDENTE !
@@ -539,15 +554,17 @@ UserSchema.methods.generateAuthToken = function (req) {
return (tok.access !== access) || return (tok.access !== access) ||
((tok.access === access) && (tok.browser !== browser)); ((tok.access === access) && (tok.browser !== browser));
}); });
user.tokens.push({ access, browser, token, date_login });
user.tokens.push({ access, browser, token, date_login, refreshToken });
user.lasttimeonline = new Date(); user.lasttimeonline = new Date();
return user.save().then(() => { return user.save().then(() => {
// console.log("TOKEN CREATO IN LOGIN : " + token); // console.log("TOKEN CREATO IN LOGIN : " + token);
return token; return { token, refreshToken };
}).catch(err => { }).catch(err => {
console.log('Error', err.message); console.log('Error', err.message);
return { token: '', refreshToken: '' }
}); });
}; };
@@ -687,21 +704,58 @@ UserSchema.statics.isFacilitatore = function (perm) {
} }
}; };
UserSchema.statics.findByToken = function (token, typeaccess) { UserSchema.statics.findByToken = async function (token, typeaccess, con_auth) {
const User = this; const User = this;
let decoded; let decoded;
let code = server_constants.RIS_CODE_HTTP_INVALID_TOKEN;
let user = null;
try { try {
decoded = jwt.verify(token, process.env.SIGNCODE); if (token) {
decoded = jwt.verify(token, process.env.SIGNCODE);
code = server_constants.RIS_CODE_OK;
}
} catch (e) { } catch (e) {
return Promise.resolve(null);
if (e.expiredAt) {
if (con_auth) {
return { user: null, code: server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED };
} else {
}
} else {
console.error('Err findByToken:', e);
}
} }
return User.findOne({ if (code === server_constants.RIS_CODE_OK) {
'_id': decoded.smart, user = await User.findOne({
'tokens.token': token, '_id': decoded.smart,
'tokens.access': typeaccess, 'tokens.token': token,
}); 'tokens.access': typeaccess,
});
if (user) {
let check_expiry_date = false
// Controlla se il sito ha attivo il controllo del Token Scaduto
if (tools.getEnableTokenExpiredByIdApp(user.idapp)) {
check_expiry_date = true
}
if (check_expiry_date && (decoded.exp < Date.now() / 1000)) {
console.log('Il token è scaduto, generazione del nuovo token...');
code = server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED;
} else {
// TOKEN ANCORA VALIDO
code = server_constants.RIS_CODE_OK;
}
}
}
return { user, code };
}; };
UserSchema.statics.findByTokenAnyAccess = function (token) { UserSchema.statics.findByTokenAnyAccess = function (token) {
@@ -5212,9 +5266,10 @@ UserSchema.statics.getProfilePerActivitiesByUsername = async function (idapp, us
try { try {
let myuser = await User.findOne({ idapp, username }).lean(); let myuser = await User.findOne({ idapp, username }).lean();
if (myuser) { if (myuser) {
return { return {
mygroups: myuser.profile.mygroups, mygroups: myuser.profile.mygroups,
mycircuits: myuser.profile.mycircuits }; mycircuits: myuser.profile.mycircuits
};
} }
} catch (e) { } catch (e) {
console.error('e', e); console.error('e', e);

3
src/server/router/admin_router.js
View File

@@ -402,6 +402,9 @@ router.post('/import', authenticate, async (req, res) => {
} }
} }
return res.status(200).send({ updated, imported, errors });
} else if (cmd === shared_consts.Cmd.PRODUCTS_V2) { } else if (cmd === shared_consts.Cmd.PRODUCTS_V2) {
let mydata = `[${data.arrdata}]`; let mydata = `[${data.arrdata}]`;
dataObjects = mydata.replace(/\n/g, ''); dataObjects = mydata.replace(/\n/g, '');

53
src/server/router/index_router.js
View File

@@ -253,14 +253,15 @@ router.post(process.env.LINK_UPDATE_PWD, async (req, res) => {
user.lasttimeonline = new Date(); user.lasttimeonline = new Date();
// Crea token // Crea token
user.generateAuthToken(req).then(token => { user.generateAuthToken(req).then(ris => {
user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più... user.tokenforgot = ''; // Svuota il tokenforgot perché non ti servirà più...
user.tokenforgot_code = ''; // Svuota il tokenforgot perché non ti servirà più... user.tokenforgot_code = ''; // Svuota il tokenforgot perché non ti servirà più...
// Salva lo User // Salva lo User
user.save().then(() => { user.save().then(() => {
res.header('x-auth', token). res.header('x-auth', ris.token)
send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno .header('x-refrTok', ris.refreshToken)
.send({ code: server_constants.RIS_CODE_OK }); // Ritorna il token di ritorno
}); });
}); });
} }
@@ -344,7 +345,7 @@ router.post('/settable', authenticate, async (req, res) => {
&& !User.isEditor(req.user.perm) && !User.isEditor(req.user.perm)
&& !User.isFacilitatore(req.user.perm)) && !User.isFacilitatore(req.user.perm))
&& &&
await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id: '')) { await !tools.ModificheConsentite(req, params.table, fieldsvalue, mydata ? mydata._id : '')) {
// If without permissions, exit // If without permissions, exit
return res.status(404). return res.status(404).
send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' }); send({ code: server_constants.RIS_CODE_ERR_UNAUTHORIZED, msg: '' });
@@ -768,14 +769,15 @@ router.post('/getpage', async (req, res) => {
const mypath = params.path; const mypath = params.path;
let found = await MyPage.findOne({ idapp, path: mypath }).then((ris) => { let found = await MyPage.findOne({ idapp, path: mypath }).then((ris) => {
if (ris) if (ris && ris._doc)
return res.send({ mypage: ris }); return res.send({ mypage: ris._doc });
else else
return null; return null;
}).catch((e) => { }).catch((e) => {
console.log(e.message); console.log(e.message);
res.status(400).send(e); res.status(400).send(e);
}); });
if (!found) { if (!found) {
// trova quelli con il : // trova quelli con il :
let regexp = new RegExp(`:`, 'ig') let regexp = new RegExp(`:`, 'ig')
@@ -1415,7 +1417,7 @@ function load(req, res, version) {
let socioresidente = false; let socioresidente = false;
if (!!req.user) if (req.user)
socioresidente = req.user.profile.socioresidente; socioresidente = req.user.profile.socioresidente;
if (userId !== '0') { if (userId !== '0') {
@@ -1673,13 +1675,11 @@ function load(req, res, version) {
} }
router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => { router.get(process.env.LINK_CHECK_UPDATES, authenticate_noerror, async (req, res) => {
const userId = req.user._id;
const idapp = req.query.idapp; const idapp = req.query.idapp;
// console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId); // console.log("POST " + process.env.LINK_CHECK_UPDATES + " userId=" + userId);
if (!req.user) {
if (!ObjectID.isValid(userId)) {
return res.status(404).send(); return res.status(404).send();
} }
@@ -1690,22 +1690,31 @@ router.get(process.env.LINK_CHECK_UPDATES, authenticate, async (req, res) => {
// ++Add to Log Stat .... // ++Add to Log Stat ....
let last_msgs = null;
let last_notifs = null;
let usersList = null;
// const sall = '0'; // const sall = '0';
// msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp); // msgs = SendMsg.findAllByUserIdAndIdApp(userId, req.user.username, req.user.idapp);
let last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp);
let last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40);
let usersList = null;
if (req.user) { if (req.user) {
// If User is Admin, then send user Lists
if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
User.isManager(req.user.perm)) {
// Send UsersList const userId = req.user._id;
usersList = User.getUsersList(idapp); if (!ObjectID.isValid(userId)) {
// usersList = null; return res.status(404).send();
}
last_msgs = SendMsg.findLastGroupByUserIdAndIdApp(userId, req.user.username, idapp);
last_notifs = SendNotif.findLastNotifsByUserIdAndIdApp(req.user.username, idapp, 40);
if (req.user) {
// If User is Admin, then send user Lists
if (User.isAdmin(req.user.perm) || User.isEditor(req.user.perm) ||
User.isManager(req.user.perm)) {
// Send UsersList
usersList = User.getUsersList(idapp);
// usersList = null;
}
} }
} }

24
src/server/router/subscribe_router.js
View File

@@ -5,7 +5,7 @@ const Subscription = require('../models/subscribers');
const tools = require('../tools/general'); const tools = require('../tools/general');
var {authenticate} = require('../middleware/authenticate'); var { authenticate } = require('../middleware/authenticate');
const isValidSaveRequest = (req, res) => { const isValidSaveRequest = (req, res) => {
try { try {
@@ -79,7 +79,7 @@ router.post('/', authenticate, async (req, res) => {
tools.sendBackNotif(subscription, req.body.options); tools.sendBackNotif(subscription, req.body.options);
} }
// console.log('Subscription saved... ') // console.log('Subscription saved... ')
return res.send({data: 'Subscription saved.'}); return res.send({ data: 'Subscription saved.' });
} }
}); });
}); });
@@ -88,13 +88,19 @@ router.post('/', authenticate, async (req, res) => {
router.delete('/del', authenticate, (req, res) => { router.delete('/del', authenticate, (req, res) => {
// tools.mylog("TOKENREM = " + req.token); // tools.mylog("TOKENREM = " + req.token);
const browser = req.get('User-Agent'); try {
Subscription.findOneAndRemove(
{userId: req.user._id, access: req.access, browser}).then(() => {
res.status(200).send(); const browser = req.get('User-Agent');
}, () => { Subscription.findOneAndRemove(
res.status(400).send(); { userId: req.user._id, access: req.access, browser }).then(() => {
}); res.status(200).send();
}, () => {
res.status(400).send();
});
} catch (e) {
}
}); });
router.get('/', (req, res) => { router.get('/', (req, res) => {

64
src/server/router/users_router.js
View File

@@ -298,8 +298,11 @@ router.post('/', async (req, res) => {
await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser); await telegrambot.askConfirmationUser(myuser.idapp, shared_consts.CallFunz.REGISTRATION, myuser);
const token = await myuser.generateAuthToken(req); const { token, refreshToken } = await myuser.generateAuthToken(req);
res.header('x-auth', token).send(myuser); res
.header('x-auth', token)
.header('x-refrTok', refreshToken)
.send(myuser);
return true; return true;
} }
} }
@@ -333,7 +336,7 @@ router.post('/', async (req, res) => {
return 0; return 0;
} }
}). }).
then(async (token) => { then(async (ris) => {
// tools.mylog("passo il TOKEN: ", token); // tools.mylog("passo il TOKEN: ", token);
if (recextra) { if (recextra) {
@@ -343,9 +346,9 @@ router.post('/', async (req, res) => {
// await User.fixUsername(user.idapp, user.ind_order, user.username); // await User.fixUsername(user.idapp, user.ind_order, user.username);
} }
return token; return ris;
}). }).
then(async (token) => { then(async (ris) => {
// tools.mylog("LINKREG = " + user.linkreg); // tools.mylog("LINKREG = " + user.linkreg);
// Invia un'email all'utente // Invia un'email all'utente
@@ -358,7 +361,10 @@ router.post('/', async (req, res) => {
await sendemail.sendEmail_Registration(user.lang, user.email, user, await sendemail.sendEmail_Registration(user.lang, user.email, user,
user.idapp, user.linkreg); user.idapp, user.linkreg);
// } // }
res.header('x-auth', token).send(user); res
.header('x-auth', ris.token)
.header('x-refrTok', ris.refreshToken)
.send(user);
return true; return true;
}); });
}).catch((e) => { }).catch((e) => {
@@ -605,6 +611,33 @@ router.post('/notifs', authenticate, async (req, res) => {
}); });
router.post('/newtok', async (req, res) => {
try {
const refreshToken = req.body.refreshToken;
// Ottieni l'utente in base al refreshtoken
const recFound = await User.findOne({ 'tokens.refreshToken': refreshToken });
if (recFound) {
return recFound.generateAuthToken(req)
.then((ris) => {
return res.status(200).send({
usertosend,
token: ris.token,
refreshToken: ris.refreshToken
});
})
}
} catch (e) {
console.error('Err', e);
}
res.status(404).send({ code: server_constants.RIS_CODE_LOGIN_ERR });
});
router.post('/login', (req, res) => { router.post('/login', (req, res) => {
var body = _.pick(req.body, var body = _.pick(req.body,
['username', 'password', 'idapp', 'keyappid', 'lang']); ['username', 'password', 'idapp', 'keyappid', 'lang']);
@@ -640,7 +673,7 @@ router.post('/login', (req, res) => {
then(user => { then(user => {
// console.log('Lgn-Ok'); // console.log('Lgn-Ok');
if (user) { if (user) {
return user.generateAuthToken(req).then((token) => { return user.generateAuthToken(req).then((ris) => {
var usertosend = new User(); var usertosend = new User();
shared_consts.fieldsUserToChange().forEach((field) => { shared_consts.fieldsUserToChange().forEach((field) => {
@@ -655,7 +688,7 @@ router.post('/login', (req, res) => {
// tools.mylog("user.verified_email:" + user.verified_email); // tools.mylog("user.verified_email:" + user.verified_email);
// tools.mylog("usertosend.userId", usertosend.userId); // tools.mylog("usertosend.userId", usertosend.userId);
return { usertosend, token }; return { usertosend, token: ris.token, refreshToken: ris.refreshToken };
}).then((myris) => { }).then((myris) => {
const access = 'auth'; const access = 'auth';
@@ -671,6 +704,7 @@ router.post('/login', (req, res) => {
return { return {
usertosend: myris.usertosend, usertosend: myris.usertosend,
token: myris.token, token: myris.token,
refreshToken: myris.refreshToken,
subsExistonDb, subsExistonDb,
}; };
}). }).
@@ -678,6 +712,7 @@ router.post('/login', (req, res) => {
return { return {
usertosend: myris.usertosend, usertosend: myris.usertosend,
token: myris.token, token: myris.token,
refreshToken: myris.refreshToken,
subsExistonDb: false, subsExistonDb: false,
}; };
}); });
@@ -685,11 +720,14 @@ router.post('/login', (req, res) => {
// console.log('res', myris.token, myris.usertosend); // console.log('res', myris.token, myris.usertosend);
// SEND TOKEN AND CODE RESULT // SEND TOKEN AND CODE RESULT
return res.header('x-auth', myris.token).send({ return res
usertosend: myris.usertosend, .header('x-auth', myris.token)
code: server_constants.RIS_CODE_OK, .header('x-refrTok', myris.refreshToken)
subsExistonDb: myris.subsExistonDb, .send({
}); usertosend: myris.usertosend,
code: server_constants.RIS_CODE_OK,
subsExistonDb: myris.subsExistonDb,
});
// tools.mylog("TROVATOOO!"); // tools.mylog("TROVATOOO!");

2
src/server/server.js
View File

@@ -157,7 +157,7 @@ myLoad().then(ris => {
}); });
app.use(cors({ app.use(cors({
exposedHeaders: ['x-auth'], exposedHeaders: ['x-auth', 'x-refrTok'],
})); }));
app.use(bodyParser.json()); app.use(bodyParser.json());

48
src/server/tools/general.js
View File

@@ -1697,6 +1697,16 @@ module.exports = {
return false; return false;
}, },
getEnableTokenExpiredByIdApp: function (idapp) {
const myapp = this.MYAPPS.find(item => item.idapp === idapp);
if (myapp) {
return myapp.confpages.enableTokenExpired;
}
return false;
},
getConfParamSiteByIdApp: function (idapp, field) { getConfParamSiteByIdApp: function (idapp, field) {
const myapp = this.MYAPPS.find(item => item.idapp === idapp); const myapp = this.MYAPPS.find(item => item.idapp === idapp);
@@ -4710,6 +4720,17 @@ module.exports = {
} else if (tablerec === shared_consts.TABLES_MYHOSPS) { } else if (tablerec === shared_consts.TABLES_MYHOSPS) {
newdescr = i18n.__('Hosp', userorig, mydescr); newdescr = i18n.__('Hosp', userorig, mydescr);
} }
let contatto = userorig;
try {
let username_telegram = myrec.profile.username_telegram;
if (username_telegram)
contatto = `@${username_telegram}`;
} catch (e) {
}
let organizedBy = '';
let cat = ''; let cat = '';
let status = ''; let status = '';
let online = false; let online = false;
@@ -4726,6 +4747,18 @@ module.exports = {
} }
} else if (tablerec === shared_consts.TABLES_MYHOSPS) { } else if (tablerec === shared_consts.TABLES_MYHOSPS) {
cat = ''; cat = '';
} else if (tablerec === shared_consts.TABLES_MYBACHECAS) {
if (myrec.organisedBy) {
organizedBy = myrec.organisedBy;
contatto = '';
}
if (myrec.contact_phone) {
contatto += '/n' + myrec.contact_phone;
}
if (myrec.contact_telegram) {
contatto += '/n' + myrec.contact_telegram;
}
} }
// let out = i18n.__('NEW_ANNUNCIO_TELEGRAM', mydescr, dovestr, descrestesa, userorig); // let out = i18n.__('NEW_ANNUNCIO_TELEGRAM', mydescr, dovestr, descrestesa, userorig);
@@ -4744,7 +4777,7 @@ module.exports = {
let note = this.convertHTMLTagsToText(myrec.note) let note = this.convertHTMLTagsToText(myrec.note)
let descrcontent = this.firstchars(this.removeLastSpaceAndACapo(note), 400, true, url); let descrcontent = this.firstchars(this.removeLastSpaceAndACapo(note), 500, true, url);
// descrcontent = '<span size="3"><b>Prova Pao</b> Ciaooo</span>'; // descrcontent = '<span size="3"><b>Prova Pao</b> Ciaooo</span>';
@@ -4763,16 +4796,13 @@ module.exports = {
if (contributo) if (contributo)
out += this.addRowTelegram('💰', 'Contributo', contributo, true); out += this.addRowTelegram('💰', 'Contributo', contributo, true);
let contatto = userorig; if (organizedBy) {
try { out += this.addRowTelegram('🏠', 'Organizzato da', organizedBy, true);
let username_telegram = myrec.profile.username_telegram; out += this.addRowTelegram('', 'Redatto da', contatto, true);
} else {
if (username_telegram) out += this.addRowTelegram('👤', 'Contatto', contatto, true);
contatto = `@${username_telegram}`;
} catch (e) {
} }
out += this.addRowTelegram('👤', 'Contatto', contatto, true);
out += this.addRowTelegram('', `👉🏻 Vedi Annuncio completo su RISO`, url, true, true); out += this.addRowTelegram('', `👉🏻 Vedi Annuncio completo su RISO`, url, true, true);

2
src/server/tools/server_constants.js
View File

@@ -29,6 +29,8 @@ module.exports = Object.freeze({
RIS_ISCRIZIONE_OK: 5, RIS_ISCRIZIONE_OK: 5,
RIS_CODE_HTTP_INVALID_TOKEN: 403, RIS_CODE_HTTP_INVALID_TOKEN: 403,
RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED: 408,
RIS_CODE_TOKEN_RESETPASSWORD_NOT_FOUND: -23, RIS_CODE_TOKEN_RESETPASSWORD_NOT_FOUND: -23,
RIS_SUBSCRIBED_OK: 1, RIS_SUBSCRIBED_OK: 1,