fix: fixes merge conflicts with origin/dev

speckleworks · Aug 5, 2019 · 10230d8 · 10230d8
2 parents 19da355 + 9569d25
commit 10230d8
Show file tree

Hide file tree

Showing 26 changed files with 9,253 additions and 1,606 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -3,3 +3,15 @@ npm-debug.log
 # keep only the data folder
 data/*
 !data/.gitkeep
+.editorconfig
+.env-base
+.eslintignore
+.eslintrc.js
+.eslintrc.json
+.gitignore
+.gitmodules
+appveyor.yml
+deploy.sh
+docker-compose.yml
+*.md
+releaserc.json
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,6 @@ data/*
 !data/.gitkeep
 cloc_output.txt
 tree_out.txt
+
+#don't track our super secret speckle stuff™ file
+.env
diff --git a/.releaserc.json b/.releaserc.json
@@ -0,0 +1,11 @@
+{
+    "plugins": [
+        "@semantic-release/commit-analyzer",
+        "@semantic-release/release-notes-generator",
+        "@semantic-release/github",
+        "@semantic-release/npm",
+        ["@semantic-release/exec", {
+            "publishCmd": "bash deploy.sh ${nextRelease.version}"
+        }]
+    ]
+}
diff --git a/app/api/accounts/UserCreate.js b/app/api/accounts/UserCreate.js
@@ -1,10 +1,7 @@
 const winston = require( '../../../config/logger' )
 const jwt = require( 'jsonwebtoken' )
-const cryptoRandomString = require( 'crypto-random-string' )
 
 const User = require( '../../../models/User' )
-const ActionToken = require( '../../../models/ActionToken' )
-
 const SendEmailVerification = require( '../../../app/email/index' ).SendEmailVerification
 
 module.exports = ( req, res ) => {
@@ -29,14 +26,6 @@ module.exports = ( req, res ) => {
   let sessionSecret = process.env.SESSION_SECRET
   let userCount = 1 // do not default to 0
 
-  let validationToken = new ActionToken( {
-    owner: myUser._id,
-    token: cryptoRandomString( { length: 20, type: 'base64' } ),
-    action: "email-confirmation"
-  } )
-
-  let savedUser = {}
-
   User.count( {} )
     .then( count => {
       userCount = count
@@ -45,18 +34,13 @@ module.exports = ( req, res ) => {
     .then( user => {
       if ( user ) throw new Error( 'Email taken. Please login. Thanks!' )
       myUser.apitoken = 'JWT ' + jwt.sign( { _id: myUser._id }, sessionSecret, { expiresIn: '2y' } )
-      if ( userCount === 0 && process.env.FIRST_USER_ADMIN === 'true' )
+      if ( userCount === 0 )
         myUser.role = 'admin'
       return myUser.save( )
     } )
-    .then( user => {
-      savedUser = user
-      return validationToken.save( )
-    } )
-    .then( () => {
-      SendEmailVerification( { name: savedUser.name, email: savedUser.email, token: validationToken.token } )
+    .then( savedUser => {
       let token = 'JWT ' + jwt.sign( { _id: myUser._id, name: myUser.name }, sessionSecret, { expiresIn: '24h' } )
-      return res.send( { success: true, message: 'User saved. Redirect to login.', resource: { apitoken: savedUser.apitoken, token: token, email: savedUser.email }, validationToken: res.token } )
+      return res.send( { success: true, message: 'User saved. Redirect to login.', resource: { apitoken: savedUser.apitoken, token: token, email: savedUser.email } } )
     } )
     .catch( err => {
       winston.error( JSON.stringify( err ) )

diff --git a/app/api/accounts/UserGetAdmin.js b/app/api/accounts/UserGetAdmin.js
@@ -0,0 +1,16 @@
+const winston = require( '../../../config/logger' )
+
+const User = require( '../../../models/User' )
+
+module.exports = function ( req, res ) {
+  User.find( {}, '-password' )
+    .then( myUsers => {
+      if ( !myUsers ) throw new Error( 'no user found.' )
+      res.send( { success: true, resource: myUsers } )
+    } )
+    .catch( err => {
+      winston.error( JSON.stringify( err ) )
+      res.status( 400 )
+      res.send( { success: false, message: err.toString() } )
+    } )
+}
diff --git a/app/api/accounts/UserLogin.js b/app/api/accounts/UserLogin.js
@@ -11,6 +11,10 @@ module.exports = function( req, res ) {
 
   User.findOne( { 'email': req.body.email.toLowerCase( ) } )
     .then( myUser => {
+      if  ( myUser.archived ){
+        winston.error( 'This user is archived' )
+        return res.status( 403 ).send ( {success: false, message: 'This user is archived.'} )
+      }
       if ( !myUser ) {
         winston.error( 'Invalid credentials.' )
         return res.status( 401 ).send( { success: false, message: 'Invalid credentials.' } )

diff --git a/app/api/accounts/UserProfile.js b/app/api/accounts/UserProfile.js
@@ -9,7 +9,7 @@ module.exports = function ( req, res ) {
     res.send( { success: false, message: 'Malformed request.' } )
   }
 
-  let projection = '_id name surname company' + ( req.app.get( 'expose emails' ) ? ' email' : '' )
+  let projection = '_id name surname company archived' + ( req.app.get( 'expose emails' ) ? ' email' : '' )
 
   User.findOne( { _id: req.params.userId }, projection )
     .then( user => {

diff --git a/app/api/accounts/UserPutAdmin.js b/app/api/accounts/UserPutAdmin.js
@@ -0,0 +1,45 @@
+'use strict'
+const winston = require( '../../../config/logger' )
+
+const User = require( '../../../models/User' )
+
+// Used only to grant other users admin role
+module.exports = function ( req, res ) {
+  // if (req.params.userId === req.user._id.toString()) {
+  //   return res.status(400).send({ success: false, message: 'Why would you want to change your own role? Sneaky.' })
+  // }
+  User.findOne( { _id: req.params.userId }, '-password' )
+    .then( user => {
+      //make sure we have a valid request
+      if ( !user ) throw new Error( 'no user found.' )
+      if ( req.body.name == null ||
+        req.body.surname == null ||
+        req.body.company == null ||
+        req.body.email == null ||
+        req.body.role == null ||
+        req.body.archived == null
+      ) { throw new Error( 'Request body is missing required field' ) }
+
+      //update fields
+      let fields = [ 'name', 'surname', 'company', 'email', 'role', 'archived' ]
+      fields.forEach( field => {
+        updateField( user, req.body, field )
+      } )
+      return user.save()
+    } )
+    .then( () => {
+      res.send( { success: true, message: 'User profile updated.' } )
+    } )
+    .catch( err => {
+      winston.error( JSON.stringify( err ) )
+      res.status( 400 )
+      res.send( { success: false, message: err.toString() } )
+    } )
+}
+
+function updateField( user, body, field ){
+  if ( user[field] != body[field] ){
+    user[field] = body[field]
+    user.markModified( field )
+  }
+}
diff --git a/app/api/accounts/UserPutByParam.js b/app/api/accounts/UserPutByParam.js
diff --git a/app/api/accounts/UserSearch.js b/app/api/accounts/UserSearch.js
@@ -20,7 +20,7 @@ module.exports = function( req, res ) {
 
   let projection = '_id name surname company' + ( process.env.EXPOSE_EMAILS ? ' email' : '' )
 
-  User.find( { $or: conditions }, projection ).limit( 10 )
+  User.find( { $and: [ {$or: conditions}, {archived: 'false'} ] }, projection ).limit( 10 )
     .then( myUsers => {
       if ( !myUsers ) throw new Error( 'no users found.' )
       res.send( { success: true, resources: myUsers } )

diff --git a/app/api/clients/ClientGetAll.js b/app/api/clients/ClientGetAll.js
@@ -5,10 +5,10 @@ const UserAppClient = require( '../../../models/UserAppClient' )
 module.exports = ( req, res ) => {
   let query = q2m( req.query )
 
-  UserAppClient.find( { owner: req.user._id }, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+  UserAppClient.find( { owner: req.user._id }, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     .then( clients => {
       if ( !clients ) throw new Error( 'Failed to find clients.' )
-      res.send( { success: true, message: 'Stream list for user ' + req.user._id, resources: clients } )
+      res.send( { success: true, message: 'Client list for user ' + req.user._id, resources: clients } )
     } )
     .catch( err => {
       winston.error( JSON.stringify( err ) )

diff --git a/app/api/comments/CommentGetAll.js b/app/api/comments/CommentGetAll.js
@@ -24,7 +24,7 @@ module.exports = ( req, res ) => {
     { 'assignedTo': mongoose.Types.ObjectId( req.user._id ) }
   ]
 
-  Comment.find( finalCriteria, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+  Comment.find( finalCriteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     .then( resources => {
       res.send( { success: true, resources: resources } )
     } )

diff --git a/app/api/index.js b/app/api/index.js
@@ -1,4 +1,5 @@
 const passport = require( 'passport' )
+const adminCheck = require( './middleware/AdminCheck' )
 
 module.exports = function ( app, express, urlRoot, plugins ) {
   var r = new express.Router( )
@@ -24,14 +25,17 @@ module.exports = function ( app, express, urlRoot, plugins ) {
   // get profile xxx
   r.get( '/accounts', mandatoryAuthorisation, require( './accounts/UserGet' ) )
 
+  // get all accounts
+  r.get( '/accounts/admin', mandatoryAuthorisation, adminCheck, require( './accounts/UserGetAdmin' ) )
+
   // update profile xxx
   r.put( '/accounts', mandatoryAuthorisation, require( './accounts/UserPut' ) )
 
   // get other user's display profile xxx
   r.get( '/accounts/:userId', mandatoryAuthorisation, require( './accounts/UserProfile' ) )
 
   // modify an account's role  (needs to be admin)
-  r.put( '/accounts/:userId', mandatoryAuthorisation, require( './accounts/UserPutByParam' ) )
+  r.put( '/accounts/:userId', mandatoryAuthorisation, adminCheck, require( './accounts/UserPutAdmin' ) )
 
   // search profiles by email xxx
   r.post( '/accounts/search', mandatoryAuthorisation, require( './accounts/UserSearch' ) )
@@ -69,6 +73,9 @@ module.exports = function ( app, express, urlRoot, plugins ) {
   // get a user's streams xxx
   r.get( '/streams', mandatoryAuthorisation, require( './streams/StreamGetAll' ) )
 
+  // get every stream on the server
+  r.get( '/streams/admin', mandatoryAuthorisation, adminCheck, require( './streams/StreamGetAdmin' ) )
+
   // get stream / perm check 'read' xxx
   r.get( '/streams/:streamId', optionalAuthorisation, require( './streams/StreamGet' ) )
 
@@ -150,6 +157,9 @@ module.exports = function ( app, express, urlRoot, plugins ) {
   // get user's projects xxx
   r.get( '/projects', mandatoryAuthorisation, require( './projects/ProjectGetAll' ) )
 
+  // get all the projects on the server
+  r.get( '/projects/admin', mandatoryAuthorisation, adminCheck, require( './projects/ProjectGetAdmin' ) )
+
   // get project by id xxx
   r.get( '/projects/:projectId', mandatoryAuthorisation, require( './projects/ProjectGet' ) )
 

diff --git a/app/api/middleware/AdminCheck.js b/app/api/middleware/AdminCheck.js
@@ -0,0 +1,4 @@
+module.exports = ( req, res, next ) => {
+  if ( req.user.role==="admin" ) next()
+  else return res.status( 401 ).send( "Only admins can access this route" )
+}
diff --git a/app/api/projects/ProjectGetAdmin.js b/app/api/projects/ProjectGetAdmin.js
@@ -0,0 +1,16 @@
+const winston = require( '../../../config/logger' )
+const q2m = require( 'query-to-mongo' )
+const Project = require( '../../../models/Project' )
+
+module.exports = ( req, res ) => {
+  let query = q2m( req.query )
+  Project.find( { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
+    .then( resources => {
+      res.send( { success: true, resources: resources } )
+    } )
+    .catch( err => {
+      winston.error( JSON.stringify( err ) )
+      res.status( err.message.indexOf( 'authorised' ) >= 0 ? 401 : 404 )
+      res.send( { success: false, message: err.message, streamId: req.streamId } )
+    } )
+}
diff --git a/app/api/projects/ProjectGetAll.js b/app/api/projects/ProjectGetAll.js
@@ -22,7 +22,7 @@ module.exports = ( req, res ) => {
     { 'canRead': mongoose.Types.ObjectId( req.user._id ) }
   ]
 
-  Project.find( finalCriteria, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+  Project.find( finalCriteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     .then( resources => {
       res.send( { success: true, resources: resources } )
     } )

diff --git a/app/api/streams/StreamClientsGet.js b/app/api/streams/StreamClientsGet.js
@@ -16,7 +16,7 @@ module.exports = ( req, res ) => {
     .then( ( ) => {
       let query = q2m( req.query )
       query.criteria[ 'streamId' ] = req.params.streamId
-      return UserAppClient.find( query.criteria, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+      return UserAppClient.find( query.criteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     } )
     .then( clients => {
       res.send( { success: true, resources: clients, message: `Client list for stream ${req.params.streamId} returned.` } )

diff --git a/app/api/streams/StreamGetAdmin.js b/app/api/streams/StreamGetAdmin.js
@@ -0,0 +1,39 @@
+const winston = require( '../../../config/logger' )
+const q2m = require( 'query-to-mongo' )
+const DataStream = require( '../../../models/DataStream' )
+
+module.exports = ( req, res ) => {
+  winston.debug( 'Getting *all* streams.' )
+  let query = q2m( req.query )
+
+  let finalCriteria = {}
+
+  // perpare array for $and coming from url params
+  // delete populate permission field if present, as it hijacks the actual query criteria
+  if ( query.criteria.populatePermissions ) delete query.criteria.populatePermissions
+  let andCrit = Object.keys( query.criteria ).map( key => {
+    let crit = {}
+    crit[key] = query.criteria[key]
+    return crit
+  } )
+
+  // if we actually have any query params, include them
+  if ( andCrit.length !== 0 ) finalCriteria.$and = andCrit
+
+  DataStream.find( finalCriteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
+    .then( myStreams => {
+      let resources = myStreams
+      let streams = []
+      resources.forEach( ( stream, i ) => {
+        streams.push( stream.toObject() )
+        if ( streams[i].objects ) streams[i].objects = streams[i].objects.map( o => { return { _id: o.toString(), type: 'Placeholder' } } )
+      } )
+
+      res.send( { success: true, message: 'Master stream list returned.', resources: streams } )
+    } )
+    .catch( err => {
+      winston.error( JSON.stringify( err ) )
+      res.status( 400 )
+      res.send( { success: false, message: 'Something failed.' } )
+    } )
+}
diff --git a/app/api/streams/StreamGetAll.js b/app/api/streams/StreamGetAll.js
@@ -31,7 +31,7 @@ module.exports = ( req, res ) => {
     { 'canRead': mongoose.Types.ObjectId( req.user._id ) }
   ]
 
-  DataStream.find( finalCriteria, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+  DataStream.find( finalCriteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     .populate( { path: 'canRead', select: userSelect } )
     .populate( { path: 'canWrite', select: userSelect } )
     .then( myStreams => {

diff --git a/app/api/streams/StreamObjectsGet.js b/app/api/streams/StreamObjectsGet.js
@@ -19,7 +19,7 @@ module.exports = ( req, res ) => {
       streamObjects = stream.objects.map( o => o.toString( ) )
       let query = q2m( req.query )
       query.criteria[ '_id' ] = { $in: stream.objects }
-      return SpeckleObject.find( query.criteria, query.options.fields, { sort: query.options.sort, offset: query.options.offset, limit: query.options.limit } )
+      return SpeckleObject.find( query.criteria, query.options.fields, { sort: query.options.sort, skip: query.options.skip, limit: query.options.limit } )
     } )
     .then( objects => {
       let list = streamObjects.reduce( ( arr, o ) => {