- aggiornata la grafica della Home di RISO

- Profilo Completition
- Email Verificata
- Invita un Amico (invio di email)

src/middleware/asyncHandler.js

@@ -0,0 +1,6 @@
+// @ts-check
+const ah = (fn) => (req, res, next) =>
+  Promise.resolve(fn(req, res, next)).catch((err) => next(err));
+
+
+module.exports = { ah };

src/middleware/authenticate.js

@@ -0,0 +1,124 @@
+const server_constants = require('../tools/server_constants');
+
+var { User } = require('../models/user');
+
+const tools = require('../tools/general');
+
+const auth_default = (req, res, next) => {
+  if (req.body.keyappid === process.env.KEY_APP_ID) next();
+};
+
+const authenticateMiddleware = async (req, res, next, withUser = false, lean = false, noError = false) => {
+  // Wrapper per res.send che logga automaticamente
+  const originalSend = res.send;
+  res.send = function (data) {
+    logResponse(req, res, data);
+    return originalSend.call(this, data);
+  };
+
+  try {
+    const logPrefix = noError ? (withUser ? (lean ? 'WITHUSERLEAN' : 'WITHUSER') : 'NOERROR') : 'AUTH';
+
+    // Validazione token
+    const token = req.header('x-auth');
+    if (!token) {
+      return handleAuthFailure(req, res, next, {
+        code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN,
+        message: 'TOKEN INVALIDO',
+        logPrefix,
+        noError,
+      });
+    }
+
+    // Recupera utente
+    const refreshToken = req.header('x-refrtok');
+    const user = await User.findByToken(token, 'auth', false, withUser, lean);
+
+    // Imposta dati richiesta
+    req.user = user.code === server_constants.RIS_CODE_OK ? user.user : null;
+    req.token = user.code === server_constants.RIS_CODE_OK ? token : null;
+    req.refreshToken = refreshToken;
+    req.code = user.code;
+    req.statuscode2 = null;
+
+    // Gestione token scaduto
+    if (user.code === server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED) {
+      return handleAuthFailure(req, res, next, {
+        code: server_constants.RIS_CODE_HTTP_FORBIDDEN_TOKEN_EXPIRED,
+        message: 'TOKEN SCADUTO',
+        logPrefix,
+        noError,
+      });
+    }
+
+    // Gestione altri errori di autenticazione
+    if (user.code !== server_constants.RIS_CODE_OK) {
+      return handleAuthFailure(req, res, next, {
+        code: user.code,
+        message: 'AUTENTICAZIONE FALLITA',
+        logPrefix,
+        noError,
+      });
+    }
+
+    next();
+  } catch (e) {
+    console.error('❌ Errore nel middleware di autenticazione:', e);
+    return handleAuthFailure(req, res, next, {
+      code: server_constants.RIS_CODE_HTTP_INVALID_TOKEN,
+      message: 'ERRORE INTERNO',
+      logPrefix: 'ERROR',
+      noError,
+    });
+  }
+};
+
+// Funzione helper per gestire i fallimenti di autenticazione
+function handleAuthFailure(req, res, next, { code, message, logPrefix, noError }) {
+  req.user = null;
+  req.token = null;
+  req.code = code;
+
+  if (noError) {
+    req.statuscode2 = code;
+    console.log(`   ## ${logPrefix} - ${message} (noError mode, continuing) ⚠️`);
+    return next();
+  } else {
+    console.log(`   ## SEND RES ${logPrefix} - ${message} ❌`);
+    return res.status(code).send();
+  }
+}
+
+// Funzione per loggare le risposte
+function logResponse(req, res, data) {
+  const statusCode = res.statusCode;
+  const method = req.method;
+  const url = req.originalUrl || req.url;
+  const userId = req.user?._id || req.user?.id || 'N/A';
+
+  const emoji = statusCode >= 200 && statusCode < 300 ? '✅' : statusCode >= 400 && statusCode < 500 ? '⚠️' : '❌';
+
+  console.log(
+    `${emoji} [${method}] ${url} | Status: ${statusCode} | User: ${userId} | Data: ${
+      data ? JSON.stringify(data).substring(0, 100) : 'empty'
+    }`
+  );
+}
+
+const authenticate = (req, res, next) => authenticateMiddleware(req, res, next);
+const authenticate_withUser = (req, res, next) => authenticateMiddleware(req, res, next, true);
+const authenticate_withUserLean = (req, res, next) => authenticateMiddleware(req, res, next, true, true);
+const authenticate_noerror = (req, res, next) => authenticateMiddleware(req, res, next, false, false, true);
+const authenticate_noerror_WithUser = (req, res, next) => authenticateMiddleware(req, res, next, true, false, true);
+const authenticate_noerror_WithUserLean = (req, res, next) => {
+  return authenticateMiddleware(req, res, next, true, true, true);
+}
+
+module.exports = {
+  authenticate,
+  authenticate_noerror,
+  auth_default,
+  authenticate_withUser,
+  authenticate_noerror_WithUser,
+  authenticate_noerror_WithUserLean,
+};

src/middleware/error.js

@@ -0,0 +1,13 @@
+// @ts-check
+function notFound(_req, res) {
+  res.status(404).json({ message: 'Not Found' });
+}
+
+function errorHandler(err, _req, res, _next) {
+  const status = err.status || 500;
+  const message = err.message || 'Server Error';
+  if (status >= 500) console.error(err);
+  res.status(status).json({ message });
+}
+
+module.exports = { notFound, errorHandler };

src/middleware/rateLimit.js

@@ -0,0 +1,21 @@
+// @ts-check
+const buckets = new Map();
+/** 10 secondi */
+const WINDOW_MS = 10_000;
+const LIMIT = 100;
+
+function rateLimit(req, res, next) {
+  const key = req.ip || 'global';
+  const now = Date.now();
+  const bucket = buckets.get(key) || { count: 0, ts: now };
+  if (now - bucket.ts > WINDOW_MS) {
+    bucket.count = 0;
+    bucket.ts = now;
+  }
+  bucket.count++;
+  buckets.set(key, bucket);
+  if (bucket.count > LIMIT) return res.status(429).json({ message: 'Troppo traffico, riprova tra poco.' });
+  next();
+}
+
+module.exports = { rateLimit };