From 4871c2d8687fc3b97263a678bac6e0a047417bbf Mon Sep 17 00:00:00 2001 From: Surya Paolo Date: Thu, 7 Dec 2023 08:34:24 +0100 Subject: [PATCH] Aggiornata Chiave Segreta per accesso SIGNCODE. - Inserito autenticazione MongoDB ai database. -PCB: Aggiunto altri campi a products --- .env.prod.pcb | 30 +++++++++++++++++++++++++ .env.test.pcb | 11 ++++++--- .env.test.risosrv | 2 +- src/server/db/mongoose.js | 22 ++++++++++++------ src/server/models/product.js | 18 +++++++++++++++ src/server/models/site.js | 36 ++++++++++++++++++++++++++++++ src/server/models/user.js | 15 ++++++++----- src/server/router/cart_router.js | 2 +- src/server/server.js | 4 ++++ src/server/telegram/telegrambot.js | 20 ++++++++++++++--- 10 files changed, 140 insertions(+), 20 deletions(-) create mode 100644 .env.prod.pcb diff --git a/.env.prod.pcb b/.env.prod.pcb new file mode 100644 index 0000000..275e951 --- /dev/null +++ b/.env.prod.pcb @@ -0,0 +1,30 @@ +DATABASE=PiuCheBuono +UDB=paofreeplanet +PDB=suerteFreePlanet@1A +SEND_EMAIL=1 +PORT=3000 +appTelegram_TEST=["17"] +appTelegram=["17"] +ENABLE_PUSHNOTIFICATION=1 +DIRECTORY_SERVER=freeplanet_serverside +SERVERDIR_WEBSITE=www.freeplanet_server +PORT_APP1="0" +DOMAIN=mongodb://localhost:32001/ +AUTH_MONGODB=true +MONGODB_USER=admin +MONGODB_PWD=mypwadminREAL@1A +SIGNCODE=SU2134hncaskjdbo231oihJSDNHEI$1@AB +DEBUG=0 +LOCALE=0 +DELAY_SENDEMAIL=1000 +VAPI_KEY_SUBJECT="mailto:surya@riso.app" +PUBLIC_VAPI_KEY="BJgo8XR_upbnbMLWgCAUELo6DK7dRXffYAnFOxbaMMz5favBgcQBKT-eISqouO-jRad4Sw8l5nd2wCF6KorGiTc" +PRIVATE_VAPI_KEY="LVpFDJuKscdHuQr5pe20dFuYuWX1-ZRb6x72PP-Pp4I" +GCM_API_KEY="AIzaSyD7w1jztfVV05mX1iyxoI-r1pZWxuxdUK8" +PATH_CERT_KEY=key.pem +PATH_SERVER_CRT=cert.pem +PATH_SSL_ROOT_PEM=root.pem +PATH_SSL_CHAIN_PEM=chain.pem +PROD=0 +PROJECT_DESCR_MAIN='__PROJECTS' +SECRK=iUUb38v23jjDFaosWj92axkBOXCQ diff --git a/.env.test.pcb b/.env.test.pcb index f3385b0..cb717e6 100644 --- a/.env.test.pcb +++ b/.env.test.pcb @@ -1,14 +1,19 @@ -DATABASE=FreePlanet +DATABASE=test_PiuCheBuono UDB=paofreeplanet PDB=suerteFreePlanet@1A SEND_EMAIL=1 PORT=3001 +appTelegram_TEST=["17"] +appTelegram=["17"] ENABLE_PUSHNOTIFICATION=1 DIRECTORY_SERVER=freeplanet_serverside SERVERDIR_WEBSITE=test.freeplanet_server PORT_APP1="0" -DOMAIN=mongodb://localhost:27018/ -SIGNCODE=abc123 +DOMAIN=mongodb://localhost:32002/ +AUTH_MONGODB=true +MONGODB_USER=admin +MONGODB_PWD=mypwadmin@1A +SIGNCODE=SU2134hncaskjdbo231oihJSDNHEI$1@AB DEBUG=0 LOCALE=0 DELAY_SENDEMAIL=1000 diff --git a/.env.test.risosrv b/.env.test.risosrv index e9a22cd..56d0ce0 100644 --- a/.env.test.risosrv +++ b/.env.test.risosrv @@ -8,7 +8,7 @@ DIRECTORY_SERVER=freeplanet_serverside SERVERDIR_WEBSITE=test.freeplanet_server PORT_APP1="0" DOMAIN=mongodb://localhost:27018/ -SIGNCODE=abc123 +SIGNCODE=SU2134hncaskjdbo231oihJSDNHEI$1@AB DEBUG=0 LOCALE=0 DELAY_SENDEMAIL=1000 diff --git a/src/server/db/mongoose.js b/src/server/db/mongoose.js index c07b665..be0e2a6 100755 --- a/src/server/db/mongoose.js +++ b/src/server/db/mongoose.js @@ -38,22 +38,30 @@ const options = { // keepAliveInitialDelay: 300000 // keepAliveInitialDelay is the number of milliseconds to wait before initiating keepAlive on the socket. }; +if (process.env.AUTH_MONGODB) { + options.auth = { + authSource: "admin", + poolSize: 10, + user: process.env.MONGODB_USER, + password: process.env.MONGODB_PWD, + }; +} const db = mongoose.connection; - -// mongoose.connect(process.env.MONGODB_URI + '?authSource=admin', { options }) -// console.log(' -> PASSAGGIO PARAMETRI MONGOOSE') console.log('Node Version ' + process.version); console.log('Mongoose Version ' + mongoose.version); -console.log('Connessione a ' + process.env.MONGODB_URI + ' in corso...'); -mongoose.connect(process.env.MONGODB_URI, options); + +connectionUrl = process.env.MONGODB_URI; + +console.log('Connessione a ' + connectionUrl + ' in corso...'); +mongoose.connect(connectionUrl, options); db.on('error', console.error.bind(console, 'connection error:')); -db.once('open', function() { +db.once('open', function () { // we're connected! console.log('*** CONNESSIONE EFFETTUATA ! ' + process.env.MONGODB_URI + ' db: ' + process.env.DATABASE) }); -module.exports = {mongoose}; +module.exports = { mongoose }; diff --git a/src/server/models/product.js b/src/server/models/product.js index 09ba539..2767358 100755 --- a/src/server/models/product.js +++ b/src/server/models/product.js @@ -28,6 +28,12 @@ const productSchema = new Schema({ code: { type: String, }, + codice_EAN: { + type: String, + }, + barcode: { + type: String, + }, name: { type: String, }, @@ -61,6 +67,9 @@ const productSchema = new Schema({ weight: { type: Number }, + vegan: { + type: Boolean + }, unit: { type: Number }, @@ -97,6 +106,15 @@ const productSchema = new Schema({ img3: { type: String, }, + ingredienti: { + type: String, + }, + valori_nutrizionali: { + type: String, + }, + note: { + type: String, + }, }); var Product = module.exports = mongoose.model('Product', productSchema); diff --git a/src/server/models/site.js b/src/server/models/site.js index 4aff25c..84780d2 100755 --- a/src/server/models/site.js +++ b/src/server/models/site.js @@ -8,6 +8,8 @@ mongoose.level = "F"; mongoose.set('debug', false); +const {ObjectID} = require('mongodb'); + // Resolving error Unknown modifier: $pushAll mongoose.plugin(schema => { schema.options.usePushEach = true @@ -239,3 +241,37 @@ module.exports.findAllIdApp = async function (idapp) { return {}; }; + +module.exports.createFirstUserAdmin = async function () { + + const { User } = require('../models/user'); + const telegrambot = require('../telegram/telegrambot'); + + try { + + let arrSite = await Site.find({ idapp: { $exists: true } }).lean(); + + for (const mysite of arrSite) { + if (mysite.idapp > 0) { + const numusers = await User.countDocuments({ idapp: mysite.idapp }); + if (numusers === 0) { + // Non esistono utenti, quindi creo quello di Admin + const utenteadmin = await User.findOne({ idapp: '13', username: telegrambot.ADMIN_USER_SERVER }).lean() + + const newuser = new User(utenteadmin); + newuser._id = new ObjectID(); + newuser.idapp = mysite.idapp; + newuser.profile.mygroups = []; + newuser.profile.mycircuits = []; + + await newuser.save(); + } + } + + } + + } catch (e) { + console.error('Error ', e); + } + +}; diff --git a/src/server/models/user.js b/src/server/models/user.js index 28fc87d..c9747f9 100755 --- a/src/server/models/user.js +++ b/src/server/models/user.js @@ -512,7 +512,8 @@ UserSchema.methods.generateAuthToken = function (req) { const access = 'auth'; const browser = useragent; - const token = jwt.sign({ _id: user._id.toHexString(), access }, + const prova = 'PROVAMSG@1A' + const token = jwt.sign({ _id: prova, smart: user._id.toHexString(), access, un: user.username }, process.env.SIGNCODE).toString(); const date_login = new Date(); @@ -670,7 +671,7 @@ UserSchema.statics.findByToken = function (token, typeaccess) { } return User.findOne({ - '_id': decoded._id, + '_id': decoded.smart, 'tokens.token': token, 'tokens.access': typeaccess, }); @@ -687,7 +688,7 @@ UserSchema.statics.findByTokenAnyAccess = function (token) { } return User.findOne({ - '_id': decoded._id, + '_id': decoded.smart, 'tokens.token': token, }); }; @@ -1290,7 +1291,7 @@ UserSchema.statics.createNewRequestPwd = function (idapp, email, code) { return { ris: false }; } else { // Creo il tokenforgot - user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE). + user.tokenforgot = jwt.sign({_id: 'prova123##', smart: user._id.toHexString()}, process.env.SIGNCODE). toString(); user.date_tokenforgot = new Date(); user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999); @@ -1316,8 +1317,12 @@ UserSchema.statics.createNewRequestPwdByUsernameAndGetLink = async function (ida }); if (user) { + const additionalData = { + code: user.username, + }; + const prova = 'dasdas1231#11'; // Creo il tokenforgot - user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE). + user.tokenforgot = jwt.sign({_id: prova, smart: user._id.toHexString(), ...additionalData}, process.env.SIGNCODE). toString(); user.date_tokenforgot = new Date(); user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999); diff --git a/src/server/router/cart_router.js b/src/server/router/cart_router.js index 006b626..c2822e5 100755 --- a/src/server/router/cart_router.js +++ b/src/server/router/cart_router.js @@ -38,7 +38,7 @@ router.get('/:userId', authenticate, async function (req, res, next) { if (cart) return res.send({ code: server_constants.RIS_CODE_OK, cart }); else - return res.status(400).send(e); + return res.send({ code: server_constants.RIS_CODE_OK, cart: null }); }).catch((err) => { console.error('Err', err); return res.send({ code: server_constants.RIS_CODE_ERR, cart: null }); diff --git a/src/server/server.js b/src/server/server.js index 5e26a82..d3d6e00 100755 --- a/src/server/server.js +++ b/src/server/server.js @@ -38,6 +38,8 @@ require('./db/mongoose'); const { Settings } = require('./models/settings'); +const Site = require('./models/site'); + // test const i18n = require('i18n'); @@ -494,6 +496,8 @@ async function inizia() { } + await Site.createFirstUserAdmin(); + /*const {Circuit} = require('./models/circuit'); await Circuit.setDeperimentoOff(); diff --git a/src/server/telegram/telegrambot.js b/src/server/telegram/telegrambot.js index 1dfb32e..55f0594 100755 --- a/src/server/telegram/telegrambot.js +++ b/src/server/telegram/telegrambot.js @@ -705,7 +705,21 @@ const MyTelegramBot = { }, getAppTelegram: function () { - return appTelegram; + if (process.env.appTelegram) { + return JSON.parse(process.env.appTelegram); + } else { + return appTelegram; + } + + }, + + getAppTelegramTest: function () { + if (process.env.appTelegram_TEST) { + return JSON.parse(process.env.appTelegram_TEST); + } else { + return appTelegram_TEST; + } + }, local_sendMsgTelegramByIdTelegram: async function (idapp, idtelegram, text, @@ -4045,11 +4059,11 @@ function getclTelegByidapp(idapp) { //if (!tools.testing() || true) { if (true) { - let arrTeleg = appTelegram; + let arrTeleg = MyTelegramBot.getAppTelegram(); if (process.env.NODE_ENV === 'development') arrTeleg = appTelegram_DEVELOP; else if (process.env.NODE_ENV === 'test') - arrTeleg = appTelegram_TEST; + arrTeleg = MyTelegramBot.getAppTelegramTest(); var internetAvailable = require('internet-available');