Hd8jC6Yj

· 7 years ago · Jun 30, 2018, 02:18 PM
1var express = require('express');
2var router = express.Router();
3var config = require('../../config');
4var common = require('../controllers/common');
5var authController = require('../controllers/authController.js');
6var userController = require('../controllers/userController.js');
7var mongodbController = require('../../controllers/mongodbController.js');
8var passport = require('../configs/passport.js').passport;
9var jwt = require('jsonwebtoken');
10var responseStatus = require('../configs/responseStatus.js');
11// var bruteforceCreateAccount = require('../configs/express-brute').bruteforceCreateAccount;
12var constants = require('./../configs/constant');
13var AuthService = require('../services/AuthService');
14const logger = require('../configs/logger').getLogger(module);
15
16router.post('/signIn', function (req, res, next) {
17	passport.authenticate('local', function (err, user, info) {
18		if (err) { return res.send({ errorMessage: err.errorMessage }); }
19		if (!user) {
20			return res.send({ errorMessage: responseStatus.USER_NOT_FOUND });
21		}
22		req.session.token = info.token;
23		req.session.user = info.user;
24		req.session.user.isSocialLogging = false;
25		// req.brute.reset(); // reset brute-force (security package)
26		req.logIn(user, function (err) {
27			if (err) { return next(err); }
28			return res.send({ user: info.user, token: info.token });
29		});
30	})(req, res, next);
31});
32
33router.get('/facebook', passport.authenticate('facebook'));
34
35router.get('/facebook/callback', function (req, res, next) {
36	passport.authenticate('facebook', function (err, user, info) {
37		if (err) {
38			logger.error(err);
39			return res.send({ errorMessage: err });
40		}
41		req.session.user.isSocialLogging = true;
42
43		if (req.session.user.role == constants.userRoleTypes.EventOwner) {
44			return res.redirect('/user/' + req.session.user.shortLink);
45		}
46
47		if (req.session.redirectUrl) {
48			res.redirect(req.session.redirectUrl);
49		} else {
50			res.redirect('/');
51		}
52	})(req, res, next);
53});
54
55router.post('/facebook/token', passport.authenticate('facebook-token'), function (req, res) {
56	if (req.user) {
57		let token = jwt.sign({ email: req.user.email }, process.env.SECRET, {
58			expiresIn: process.env.TOKEN_EXPIRE
59		});
60		req.session.token = token;
61		userController.saveMobileToken(req, req.user.id, function (err, user) {
62			res.send(responseStatus.Code200({ user: user, token: token }));
63		});
64	} else {
65		res.send(responseStatus.Code403({ errorMessage: 'Failed to authenticate' }));
66	}
67});
68
69router.get(
70	'/google',
71	passport.authenticate('google', {
72		scope: [
73			'openid',
74			'email',
75			'profile'
76		]
77	})
78);
79
80router.get('/google/callback', function (req, res, next) {
81	passport.authenticate('google', function (err, user) {
82		if (err) { return res.send({ errorMessage: err }); }
83		delete user.password;
84		req.session.user = user;
85		req.session.user.isSocialLogging = true;
86
87		if (req.session.user.role == constants.userRoleTypes.EventOwner) {
88			return res.redirect('/user/' + req.session.user.shortLink);
89		}
90
91		if (req.session.redirectUrl) {
92			res.redirect(req.session.redirectUrl);
93		} else {
94			res.redirect('/');
95		}
96	})(req, res, next);
97});
98
99router.post('/google/token', passport.authenticate('google-token'), function (req, res) {
100	if (req.user) {
101		let token = jwt.sign({ email: req.user.email }, process.env.SECRET, {
102			expiresIn: process.env.TOKEN_EXPIRE
103		});
104		req.session.token = token;
105		userController.saveMobileToken(req, req.user.id, function (err, user) {
106			res.send(responseStatus.Code200({ user: user, token: token }));
107		});
108	} else {
109		res.send(responseStatus.Code500({ errorMessage: 'Failed to authenticate' }));
110	}
111});
112
113// for android only
114router.post('/google/token2', passport.authenticate('google-id-token'), function (req, res) {
115	if (req.user) {
116		let token = jwt.sign({ email: req.user.email }, process.env.SECRET, {
117			expiresIn: process.env.TOKEN_EXPIRE
118		});
119		req.session.token = token;
120		userController.saveMobileToken(req, req.user.id, function (err, user) {
121			res.send(responseStatus.Code200({ user: user, token: token }));
122		});
123	} else {
124		res.send(responseStatus.Code500({ errorMessage: 'Failed to authenticate' }));
125	}
126});
127
128router.post('/verify_phone_number', function (req, res) {
129	var token = req.headers['x-access-token'] || req.session.token || req.body.token;
130	AuthService.isLogined(token).then(_resolve => {
131		userController.getUserPrivate(req.body.userID)
132			.then(resolve => {
133				userController.savePhoneNumberVerified(req, resolve.user, function (err, user) {
134					res.send(responseStatus.Code200({ user: user, token: token }));
135				});
136			})
137			.catch(reject => {
138				res.send(responseStatus.Code500({ user: req.user, token: token }));
139			});
140	})
141		.catch(_reject => {
142			res.send(responseStatus.Code403());
143		});
144});
145
146router.post('/changePassword', function (req, res) {
147	var id = req.body.id || '';
148	var oldPassword = req.body.oldPassword || '';
149	var newPassword = req.body.newPassword || '';
150	authController.changePassword(id, newPassword, oldPassword, function (err, data) {
151		if (err) {
152			res.send({ errorMessage: err.errorMessage });
153		} else {
154			req.session.user = data;
155			res.send({ user: data });
156		}
157	});
158});
159
160// router.post('/signUp', [bruteforceCreateAccount.prevent, function (req, res) {
161router.post('/signUp', function (req, res) {
162	var email = req.body.email || '';
163	var password = req.body.password || '';
164	var name = req.body.name || '';
165	var phoneNumber = req.body.phoneNumber || '';
166	const domain = req.get('host');
167	authController.signUp(domain, email, password, name, phoneNumber)
168		.then(resolve => {
169			// req.session.user = resolve.data;
170			// req.session.token = resolve.token;
171			res.send(resolve);
172		})
173		.catch(reject => res.send(reject));
174});
175
176router.post('/resendVerifyEmail', function (req, res) {
177	var email = req.body.email || '';
178	const domain = req.get('host');
179	authController.resendVerifyEmail(domain, email, function (err, data) {
180		if (err) {
181			res.send({ errorMessage: err.errorMessage });
182		} else {
183			// req.session.token = data.token;
184			// req.session.user = data.user;
185			res.send({ message: 'Resend successfull' });
186		}
187	});
188});
189
190
191router.post('/resetPassword', function (req, res) {
192	var email = req.body.email || '';
193	console.log(email);
194	authController.resetPassword(email, function (err, data) {
195		if (err) {
196			logger.error(err);
197			res.send({ status: err.status, errorMessage: err.errorMessage });
198		} else {
199			console.log('sent mail thanh cong');
200			res.send({ status: 200, message: 'Reset password successfully' });
201		}
202	});
203});
204
205router.get('/backupAllData', function (req, res) {
206	mongodbController.backupAllData(function (err) {
207		if (err) {
208			res.render('error', { title: 'Error', status: err.status, message: err.errorMessage });
209		} else {
210			res.render('success', { title: 'Success', status: 200, message: 'Backup successfully' });
211		}
212	});
213});
214
215router.get('/restoreData', function (req, res) {
216	var fileName = req.query.fileName;
217	mongodbController.restoreData(fileName, function (err) {
218		if (err) {
219			res.render('error', { title: 'Error', status: err.status, message: err.errorMessage });
220		} else {
221			res.render('success', { title: 'Success', status: 200, message: 'Restore successfully' });
222		}
223	});
224});
225
226router.get('/signOut', function (req, res) {
227	delete req.session.user;
228	delete req.session.token;
229	res.send({ success: true });
230});
231
232router.get('/s3-froala-signature', function (req, res) {
233	var configs = {
234		// The name of your bucket.
235		bucket: process.env.AWS_BUCKET_NAME,
236
237		// S3 region. If you are using the default us-east-1, it this can be ignored.
238		region: 'us-east-1',
239
240		// The folder where to upload the images.
241		keyStart: 'event-images',
242
243		// File access.
244		acl: 'public-read',
245
246		// AWS keys.
247		accessKey: process.env.AWS_ACCESS_KEY_ID,
248		secretKey: process.env.AWS_SECRET_KEY
249	};
250	var s3Hash = common.getS3HashForFroala(configs);
251	res.send(s3Hash);
252});
253
254module.exports = router;