admin/tgCrewAdmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

before delete 3software

Browse Source
This commit is contained in:
CCTVcalc
2025-06-29 18:55:59 +03:00
parent ebd77a3e66
commit b51a472738
147 changed files with 257326 additions and 3151 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
backend/_old/backend_v4.zip Normal file
View File

Binary file not shown.

BIN
backend/_old/backend_v5.zip Normal file
View File

Binary file not shown.

BIN
backend/_old/backend_v6.zip Normal file
View File

Binary file not shown.

BIN
backend/_old/backend_v7.zip Normal file
View File

Binary file not shown.

1
backend/_old/v8/1.log Normal file
View File

@@ -0,0 +1 @@
[object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object][object Object]

26
backend/_old/v8/2.log Normal file
View File

@@ -0,0 +1,26 @@
Listening at port 3000
[2025-05-23T22:15:26.439] [INFO] - [Running gramJS version 2.26.21]
[2025-05-23T22:15:26.443] [INFO] - [Connecting to 149.154.167.51:80/TCPFull...]
[2025-05-23T22:15:26.492] [INFO] - [Connection to 149.154.167.51:80/TCPFull complete!]
[2025-05-23T22:15:26.493] [INFO] - [Using LAYER 198 for initial connect]
UpdateConnectionState {
state: 1,
_entities: Map(0) {},
_client: {
session: StringSession {
_serverAddress: '149.154.167.51',
_dcId: 2,
_port: 443,
_takeoutId: undefined,
_entities: [Set],
_updateStates: {},
_key: <Buffer 01 df e5 3c 01 d0 90 2a a4 13 5d 20 25 1e ef a8 8d 4f 8d d8 cf e4 de 97 0a ed fe c5 59 79 2d fd df 33 6f bb 58 71 07 5b e7 8a 83 d1 f1 37 56 39 ab 4f ... 206 more bytes>,
_authKey: [AuthKey]
},
apiId: 26746106,
apiHash: '29e5f83c04e635fa583721473a6003b5',
testServers: false,
networkSocket: [class PromisedNetSockets],
useWSS: false
}
}

79687
backend/_old/v8/3.log Normal file
View File

File diff suppressed because it is too large Load Diff

2
backend/_old/v8/app.bat Normal file
View File

@@ -0,0 +1,2 @@
node --env-file .env app
pause

79
backend/_old/v8/app.js Normal file
View File

@@ -0,0 +1,79 @@
const express = require('express')
const bodyParser = require('body-parser')
const cookieParser = require('cookie-parser')
const crypto = require('crypto')
const fs = require('fs')
const util = require('util')
const bot = require('./apps/bot')
const app = express()
app.use(bodyParser.json({limit: '10mb'}))
app.use(cookieParser())
BigInt.prototype.toJSON = function () {
return Number(this)
}
app.use((req, res, next) => {
if(!(req.body instanceof Object))
return next()
const escapeHtml = str => str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;').replace(/'/g, '&#039;')
Object
.keys(req.body || {})
.filter(key => typeof(req.body[key]) == 'string' && key != 'password')
.map(key => req.body[key] = escapeHtml(req.body[key]))
next()
})
app.post('(/api/admin/auth/telegram|/api/miniapp/auth)', (req, res, next) => {
const data = Object.assign({}, req.query)
delete data.hash
const hash = req.query?.hash
const BOT_TOKEN = process.env.BOT_TOKEN || '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k'
const dataCheckString = Object.keys(data).sort().map((key) => `${key}=${data[key]}`).join('\n')
const secretKey = crypto.createHmac('sha256', 'WebAppData').update(BOT_TOKEN).digest()
const hmac = crypto.createHmac('sha256', secretKey).update(dataCheckString).digest('hex')
const timeDiff = Date.now() / 1000 - data.auth_date
if (hmac !== req.query.hash) // || timeDiff > 10)
throw Error('ACCESS_DENIED::401')
const user = JSON.parse(req.query.user)
res.locals.telegram_id = user.id
res.locals.start_param = req.query.start_param
if (!res.locals.telegram_id)
throw Error('ACCESS_DENIED::500')
next()
})
app.use('/api/admin', require('./apps/admin'))
app.use('/api/miniapp', require('./apps/miniapp'))
app.use((err, req, res, next) => {
console.error(`Error for ${req.path}: ${err}`)
console.trace()
console.log('\n\n')
let message, code
[message, code = 500] = err.message.split('::')
res.status(+code).json({success: false, error: { message, code}})
})
const PORT = process.env.PORT || 3000
app.listen(PORT, async () => {
console.log(`Listening at port ${PORT}`)
bot.start(
+(process.env.API_ID || 26746106),
process.env.API_HASH || '29e5f83c04e635fa583721473a6003b5',
process.env.BOT_TOKEN || '7236504417:AAGVaodw3cRwGlf-jAhwnYb51OHaXcgpW8k',
process.env.BOT_SID || ''
)
})

861
backend/_old/v8/apps/admin.js Normal file
View File

@@ -0,0 +1,861 @@
const crypto = require('crypto')
const express = require('express')
const db = require('../include/db')
const bot = require('./bot')
const fs = require('fs')
const app = express.Router()
const sessions = {}
const cache = {
// email -> code
register: {},
upgrade: {},
recovery: {},
'change-password': {},
'change-email': {},
'change-email2': {}
}
function checkEmail(email){
return String(email)
.toLowerCase()
.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
}
function sendEmail(email, subject, message) {
console.log(`${email} --> ${subject}: ${message}`)
}
function checkPassword(password) {
return password.length >= 8
}
app.use((req, res, next) => {
const public = [
'/auth/email',
'/auth/telegram',
'/auth/email/register',
'/auth/email/recovery',
'/auth/logout'
]
if (public.includes(req.path))
return next()
const asid = req.query.asid || req.cookies.asid
req.session = sessions[asid]
if (!req.session)
throw Error('ACCESS_DENIED::401')
res.locals.customer_id = req.session.customer_id
next()
})
// AUTH
function createSession(req, res, customer_id) {
if (!customer_id)
throw Error('AUTH_ERROR::500')
res.locals.customer_id = customer_id
const asid = crypto.randomBytes(64).toString('hex')
req.session = sessions[asid] = {asid, customer_id }
res.setHeader('Set-Cookie', [`asid=${asid};httpOnly;path=/api/admin`])
}
app.post('/auth/email', (req, res, next) => {
res.locals.email = req.body?.email
res.locals.password = req.body?.password
const customer_id = db
.prepare(`select id from customers where email = :email and password is not null and password = :password `)
.pluck(true)
.get(res.locals)
if (!customer_id)
throw Error('AUTH_ERROR::401')
createSession(req, res, customer_id)
res.status(200).json({success: true})
})
app.post('/auth/telegram', (req, res, next) => {
let customer_id = db
.prepare(`select id from customers where telegram_id = :telegram_id`)
.pluck(true)
.get(res.locals) || db
.prepare(`insert into customers (telegram_id) values (:telegram_id) returning id`)
.pluck(true)
.get(res.locals)
createSession(req, res, customer_id)
res.status(200).json({success: true})
})
/*
Регистрация нового клиента/Перевод авторизации с TG на email выполняется за ТРИ последовательных вызова
1. Отравляется email. Если email корректный и уже неиспользуется, то сервер возвращает ОК и на указанный email отправляется код.
2. Отправляется email + код из письма. Если указан корректный код, то сервер отвечает ОК.
3. Отправляется email + код из письма + желаемый пароль. Если все ОК, то сервер создает учетную запись и возвращает ОК.
*/
app.post('/auth/email/:action(register|upgrade)', (req, res, next) => {
const email = String(req.body.email ?? '').trim()
const code = String(req.body.code ?? '').trim()
const password = String(req.body.password ?? '').trim()
const action = req.params.action
const stepNo = email && !code ? 1 : email && code && !password ? 2 : email && code && password ? 3 : -1
if (stepNo == -1)
throw Error('BAD_STEP::400')
if (stepNo == 1) {
if (!checkEmail(email))
throw Error('INCORRECT_EMAIL::400')
const customer_id = db
.prepare('select id from customers where email = :email')
.pluck(true)
.get({email})
if (customer_id)
throw Error('USED_EMAIL::400')
const code = Math.random().toString().substr(2, 4)
cache[action][email] = code
sendEmail(email, action.toUpperCase(), `${email} => ${code}`)
}
if (stepNo == 2) {
if (cache[action][email] != code)
throw Error('INCORRECT_CODE::400')
}
if (stepNo == 3) {
if (!checkPassword(password))
throw Error('INCORRECT_PASSWORD::400')
const query = action == 'register' ? 'insert into customers (email, password) values (:email, :password)' :
'update customers set email = :email, password = :password, telegram_id = null where id = :id'
db.prepare(query).run({email, password, id: res.locals.customer_id})
delete cache[action][email]
}
res.status(200).json({success: true})
})
/*
Смена email выполняется за ПЯТЬ последовательных вызовов
1. Отравляется пустой закпрос. Сервер на email пользователя из базы отправляет код.
2. Отправляется код из письма. Если указан корректный код, то сервер отвечает ОК.
3. Отправляется код из письма + новый email. Сервер отправляет код2 на новый email.
4. Отправлются оба кода и новый email. Если коды проходят проверку, то сервер отвечает ОК.
5. Отправлются оба кода, новые email и password. Если они проходят проверку, то сервер меняет email и пароль пользователя на новый и возвращает ОК.
*/
app.post('/auth/email/change-email', (req, res, next) => {
const email2 = String(req.body.email ?? '').trim()
const code = String(req.body.code ?? '').trim()
const code2 = String(req.body.code2 ?? '').trim()
const password = String(req.body.password ?? '').trim()
const email = db
.prepare('select email from customers where id = :customer_id')
.pluck(true)
.get(res.locals)
const stepNo = !code ? 1 : code && !email2 ? 2 : code && email2 && !code2 ? 3 : code && email2 && code2 && !password ? 4 : code && email2 && code2 && password ? 5 : -1
if (stepNo == -1)
throw Error('BAD_STEP::400')
if (stepNo == 1) {
const code = Math.random().toString().substr(2, 4)
cache['change-email'][email] = code
sendEmail(email, 'CHANGE-EMAIL', `${email} => ${code}`)
}
if (stepNo == 2) {
if (cache['change-email'][email] != code)
throw Error('INCORRECT_CODE::400')
}
if (stepNo == 3) {
if (!checkEmail(email2))
throw Error('INCORRECT_EMAIL::400')
const code2 = Math.random().toString().substr(2, 4)
cache['change-email2'][email2] = code2
sendEmail(email2, 'CHANGE-EMAIL2', `${email2} => ${code2}`)
}
if (stepNo == 4) {
if (cache['change-email'][email] != code || cache['change-email2'][email2] != code2)
throw Error('INCORRECT_CODE::400')
}
if (stepNo == 5) {
if (!checkPassword(password))
throw Error('INCORRECT_PASSWORD::400')
res.locals.email = email2
res.locals.password = password
const info = db
.prepare('update customers set email = :email, password = :password where id = :customer_id')
.run(res.locals)
if (info.changes == 0)
throw Error('BAD_REQUEST::400')
delete cache['change-email'][email]
delete cache['change-email2'][email2]
}
res.status(200).json({success: true})
})
/*
Смена пароля/восстановление доступа выполняется за ТРИ последовательных вызова
1. Отравляется пустой закпрос для смены запоса и email, в случае восстановления доступа. Сервер на email отправляет код.
2. Отправляется email + код из письма. Если указан корректный код, то сервер отвечает ОК.
3. Отправляется email + код из письма + новый пароль. Сервер изменяет пароль и возвращает ОК.
*/
app.post('/auth/email/:action(change-password|recovery)', (req, res, next) => {
const code = String(req.body.code ?? '').trim()
const password = String(req.body.password ?? '').trim()
const action = req.params.action
const email = action == 'change-password' ? db
.prepare('select email from customers where id = :customer_id')
.pluck(true)
.get(res.locals) :
String(req.body.email ?? '').trim()
const stepNo = action == 'change-password' ?
(!code && !password ? 1 : code && !password ? 2 : code && password ? 3 : -1) :
(!email && !code && !password ? 1 : email && code && !password ? 2 : email && code && password ? 3 : -1)
if (stepNo == -1)
throw Error('BAD_STEP::400')
if (stepNo == 1) {
if (!checkEmail(email))
throw Error('INCORRECT_EMAIL::400')
const code = Math.random().toString().substr(2, 4)
cache[action][email] = code
sendEmail(email, action.toUpperCase(), `${email} => ${code}`)
}
if (stepNo == 2) {
if (cache[action][email] != code)
throw Error('INCORRECT_CODE::400')
}
if (stepNo == 3) {
if (cache[action][email] != code)
throw Error('INCORRECT_CODE::400')
if (!checkPassword(password))
throw Error('INCORRECT_PASSWORD::400')
const info = db
.prepare('update customers set password = :password where email = :email')
.run({ email, password })
if (info.changes == 0)
throw Error('BAD_REQUEST::400')
delete cache[action][email]
}
res.status(200).json({success: true})
})
app.get('/auth/logout', (req, res, next) => {
if (req.session?.asid)
delete sessions[req.session.asid]
res.setHeader('Set-Cookie', [`asid=; expired; httpOnly;path=/api/admin`])
res.status(200).json({success: true})
})
// CUSTOMER
app.get('/customer/profile', (req, res, next) => {
res.locals.time = Math.floor(Date.now() / 1000)
const row = db
.prepare(`
select id, name, email, plan,
coalesce(json_balance, '{}') json_balance, coalesce(json_company, '{}') json_company,
upload_chat_id, generate_key(-id, :time) upload_token
from customers
where id = :customer_id
`)
.get(res.locals)
if (row?.upload_chat_id) {
row.upload_chat = db
.prepare(`select id, name, telegram_id from chats where id = :chat_id and project_id is null`)
.safeIntegers(true)
.get({ chat_id: row.upload_chat_id})
delete row.upload_chat_id
}
for (const key in row) {
if (key.startsWith('json_')) {
row[key.substr(5)] = JSON.parse(row[key])
delete row[key]
}
}
res.status(200).json({success: true, data: row})
})
app.put('/customer/profile', (req, res, next) => {
if (req.body.company instanceof Object)
req.body.json_company = JSON.stringify(req.body.company)
else
delete req.body?.json_company
const info = db
.prepareUpdate(
'customers',
['name', 'password', 'json_company'],
req.body,
['id'])
.run(Object.assign({}, req.body, {id: req.session.customer_id}))
if (info.changes == 0)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true})
})
app.get('/customer/settings', (req, res, next) => {
const row = db
.prepare(`select coalesce(json_settings, '{}') from customers where id = :customer_id`)
.pluck(true)
.get(res.locals)
res.status(200).json({success: true, data: JSON.parse(row)})
})
app.put('/customer/settings', (req, res, next) => {
res.locals.json_settings = JSON.stringify(req.body || {})
db
.prepare(`update customers set json_settings = :json_settings where id = :customer_id`)
.run(res.locals)
res.status(200).json({success: true})
})
// PROJECT
function getProject(id, customer_id) {
const row = db
.prepare(`
select id, name, description, logo, is_logo_bg, company_id, is_archived,
(select count(*) from chats where project_id = p.id) chat_count,
(select count(distinct user_id) from chat_users where chat_id in (select id from chats where project_id = p.id)) user_count
from projects p
where customer_id = :customer_id and p.id = :id
order by name
`)
.get({id, customer_id})
if (!row)
throw Error('NOT_FOUND::404')
row.is_archived = Boolean(row.is_archived)
row.is_logo_bg = Boolean(row.is_logo_bg)
return row
}
app.get('/project', (req, res, next) => {
const data = db
.prepare(`
select id, name, description, logo, is_logo_bg, company_id, is_archived,
(select count(*) from chats where project_id = p.id) chat_count,
(select count(distinct user_id) from chat_users where chat_id in (select id from chats where project_id = p.id)) user_count
from projects p
where customer_id = :customer_id
order by name
`)
.all(res.locals)
data.forEach(row => {
row.is_archived = Boolean(row.is_archived)
row.is_logo_bg = Boolean(row.is_logo_bg)
})
res.status(200).json({success: true, data})
})
app.post('/project', (req, res, next) => {
res.locals.name = req.body?.name
res.locals.description = req.body?.description
res.locals.logo = req.body?.logo
res.locals.is_logo_bg = 'is_logo_bg' in req.body ? +req.body.is_logo_bg : undefined
res.locals.project_id = db
.prepare(`
insert into projects (customer_id, name, description, logo, is_logo_bg)
values (:customer_id, :name, :description, :logo, :is_logo_bg)
returning id
`)
.pluck(true)
.get(res.locals)
const json_company = db
.prepare(`select coalesce(json_company, '{}') from customers where id = :customer_id`)
.pluck(true)
.get(res.locals)
res.locals.company_id = addCompany(Object.assign({
name: 'My Company',
address: null,
email: null,
phone: null,
site: null,
description: null,
logo: null
}, JSON.parse(json_company), {project_id: res.locals.project_id}))
db
.prepare(`update projects set company_id = :company_id where id = :project_id`)
.run(res.locals)
const data = getProject(res.locals.project_id, res.locals.customer_id)
res.status(200).json({success: true, data})
})
app.use ('(/project/:pid(\\d+)/*|/project/:pid(\\d+))', (req, res, next) => {
res.locals.project_id = parseInt(req.params.pid)
const row = db
.prepare('select 1 from projects where id = :project_id and customer_id = :customer_id and is_archived <> 1')
.get(res.locals)
if (!row)
throw Error('ACCESS_DENIED::401')
next()
})
app.get('/project/:pid(\\d+)', (req, res, next) => {
const data = getProject(req.params.pid, res.locals.customer_id)
res.status(200).json({success: true, data})
})
app.put('/project/:pid(\\d+)', (req, res, next) => {
res.locals.id = req.params.pid
res.locals.name = req.body?.name
res.locals.description = req.body?.description
res.locals.logo = req.body?.logo
res.locals.is_logo_bg = 'is_logo_bg' in req.body ? +req.body.is_logo_bg : undefined
const info = db
.prepareUpdate(
'projects',
['name', 'description', 'logo', 'is_logo_bg'],
res.locals,
['id', 'customer_id'])
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
const data = getProject(req.params.pid, res.locals.customer_id)
res.status(200).json({success: true, data})
})
app.put('/project/:pid(\\d+)/:action(archive|restore)', async (req, res, next) => {
res.locals.id = req.params.pid
res.locals.is_archived = +(req.params.action == 'archive')
const info = db
.prepare(`
update projects
set is_archived = :is_archived
where id = :id and customer_id = :customer_id and coalesce(is_archived, 0) = not :is_archived
`)
.run(res.locals)
if (info.changes == 0)
throw Error('BAD_REQUEST::400')
const chatIds = db
.prepare(`select id from chats where project_id = :id`)
.pluck(true)
.all(res.locals)
for (const chatId of chatIds) {
await bot.sendMessage(chatId, res.locals.is_archived ? 'Проект помещен в архив. Отслеживание сообщений прекращено.' : 'Проект восстановлен из архива.')
}
const data = getProject(req.params.pid, res.locals.customer_id)
res.status(200).json({success: true, data})
})
// USER
function getUser(id, project_id) {
const row = db
.prepare(`
select u.id, u.telegram_id, u.firstname, u.lastname, u.username, u.photo,
ud.fullname, ud.email, ud.phone, ud.role, ud.department, ud.is_blocked,
(select company_id from company_users where user_id = :id) company_id,
(select json_group_array(chat_id) from chat_users where user_id = :id and chat_id in (select id from chats where project_id = :project_id)) chats
from users u
left join user_details ud on u.id = ud.user_id and ud.project_id = :project_id
where id = :id
`)
.safeIntegers(true)
.get({id, project_id})
if (!row)
throw Error('NOT_FOUND::404')
row.chats = JSON.parse(row.chats || '[]')
row.is_blocked = Boolean(row.is_blocked)
return row
}
app.get('/project/:pid(\\d+)/user', (req, res, next) => {
const data = db
.prepare(`
select u.id, u.telegram_id, u.firstname, u.lastname, u.username, u.photo,
ud.fullname, ud.email, ud.phone, ud.role, ud.department, ud.is_blocked,
(select company_id from company_users where user_id = u.id) company_id
from users u
left join user_details ud on u.id = ud.user_id and ud.project_id = :project_id
where id in (
select user_id
from chat_users
where chat_id in (select id from chats where project_id = :project_id)
)
`)
.safeIntegers(true)
.all(res.locals)
data.forEach(row => {
row.is_blocked = Boolean(row.is_blocked)
})
res.status(200).json({success: true, data})
})
app.get('/project/:pid(\\d+)/user/:uid(\\d+)', (req, res, next) => {
const data = getUser(req.params.uid, req.params.pid)
res.status(200).json({success: true, data})
})
app.put('/project/:pid(\\d+)/user/:uid(\\d+)', (req, res, next) => {
res.locals.user_id = parseInt(req.params.uid)
res.locals.fullname = req.body?.fullname
res.locals.email = req.body?.email
res.locals.phone = req.body?.phone
res.locals.role = req.body?.role
res.locals.department = req.body?.department
res.locals.is_blocked = 'is_blocked' in req.body ? +req.body.is_blocked : undefined
const info = db
.prepareUpsert('user_details',
['fullname', 'email', 'phone', 'role', 'department', 'is_blocked'],
res.locals,
['user_id', 'project_id']
)
.run(res.locals)
const data = getUser(req.params.uid, req.params.pid)
res.status(200).json({success: true, data})
})
app.get('/project/:pid(\\d+)/token', (req, res, next) => {
res.locals.time = Math.floor(Date.now() / 1000)
const key = db
.prepare('select generate_key(id, :time) from projects where id = :project_id and customer_id = :customer_id')
.pluck(true)
.get(res.locals)
if (!key)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true, data: key})
})
// COMPANY
function addCompany(data) {
return db
.prepare(`
insert into companies (project_id, name, address, email, phone, site, description, logo)
values (:project_id, :name, :address, :email, :phone, :site, :description, :logo)
returning id
`)
.pluck(true)
.get(data)
}
function getCompany(id, project_id) {
const row = db
.prepare(`
select id, name, address, email, phone, site, description, logo,
(select json_group_array(user_id) from company_users where company_id = c.id) users
from companies c
where c.id = :id and project_id = :project_id
order by name
`)
.get({id, project_id})
if (!row)
throw Error('NOT_FOUND::404')
row.users = JSON.parse(row.users || '[]')
return row
}
app.get('/project/:pid(\\d+)/company', (req, res, next) => {
const data = db
.prepare(`
select id, name, address, email, phone, site, description, logo,
(select company_id = c.id from projects where id = :project_id) is_own,
(select json_group_array(user_id) from company_users where company_id = c.id) users
from companies c
where project_id = :project_id
order by name
`)
.all(res.locals)
data.forEach(row => {
row.users = JSON.parse(row.users || '[]')
})
res.status(200).json({success: true, data})
})
app.get('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
const data = getCompany(req.params.cid, req.params.pid)
res.status(200).json({success: true, data})
})
app.post('/project/:pid(\\d+)/company', (req, res, next) => {
res.locals.name = req.body?.name
res.locals.address = req.body?.address
res.locals.email = req.body?.email
res.locals.phone = req.body?.phone
res.locals.site = req.body?.site
res.locals.description = req.body?.description
res.locals.logo = req.body?.logo
const id = addCompany(res.locals)
const data = getCompany(id, req.params.pid)
res.status(200).json({success: true, data})
})
app.put('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
res.locals.id = parseInt(req.params.cid)
res.locals.name = req.body?.name
res.locals.address = req.body?.address
res.locals.email = req.body?.email
res.locals.phone = req.body?.phone
res.locals.site = req.body?.site
res.locals.description = req.body?.description
res.locals.logo = req.body?.logo
const info = db
.prepareUpdate(
'companies',
['name', 'address', 'email', 'phone', 'site', 'description', 'logo'],
res.locals,
['id', 'project_id'])
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
const data = getCompany(req.params.cid, req.params.pid)
res.status(200).json({success: true, data})
})
app.delete('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
res.locals.company_id = req.params.cid
const info = db
.prepare(`
delete from companies
where id = :company_id and project_id = :project_id and
not exists(select company_id from projects where id = :project_id)`)
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true, data: {id: req.params.cid}})
})
app.put('/project/:pid(\\d+)/company/:cid(\\d+)/user', (req, res, next) => {
res.locals.company_id = parseInt(req.params.cid)
// Проверка, что есть доступ к компании
const row = db
.prepare('select 1 from companies where id = :company_id and project_id = :project_id')
.get(res.locals)
if (!row)
throw Error('NOT_FOUND::404')
const user_ids = req.body instanceof Array ? [...new Set(req.body.map(e => parseInt(e)))] : []
// Проверка, что пользователи имеют доступ к проекту
let rows = db
.prepare(`
select user_id
from chat_users
where chat_id in (select id from chats where project_id = :project_id)
`)
.pluck(true) // .raw?
.get(res.locals)
if (user_ids.some(user_id => !rows.contains(user_id)))
throw Error('INACCESSABLE_MEMBER::400')
// Проверка, что пользователи не участвуют в других компаниях на проекте
rows = db
.prepare(`
select user_id
from company_users
where company_id in (select id from companies where id <> :company_id and project_id = :project_id)
`)
.pluck(true) // .raw?
.get(res.locals)
if (user_ids.some(user_id => !rows.contains(user_id)))
throw Error('USED_MEMBER::400')
db
.prepare(`delete from company_users where company_id = :company_id`)
.run(res.locals)
db
.prepare(`
insert into company_users (company_id, user_id)
select :company_id, value from json_each(:json_ids)
`)
.run(res.locals, {json_ids: JSON.stringify(user_ids)})
res.status(200).json({success: true})
})
app.get('/project/:pid(\\d+)/company/mapping', (req, res, next) => {
const data = db
.prepare(`
select company_id, json_group_array(show_to_id) show_to_ids
from company_mappings
where project_id = :project_id and company_id <> show_to_id
`)
.all(res.locals)
data.forEach(row => {
row.show_to_ids = JSON.parse(row.show_to_ids || '[]')
})
res.status(200).json({success: true, data})
})
app.put('/project/:pid(\\d+)/company/mapping', (req, res, next) => {
if(!(req.body instanceof Array))
throw Error('ARRAY_REQUIRED::500')
db
.prepare(`delete from company_mappings where project_id = :project_id`)
.run(res.locals)
req.body
.filter(row => Number.isInteger(row.company_id) && row.show_to_ids instanceof Array && row.show_to_ids.every(id => Number.isInteger(id)))
.forEach(row => {
row.show_to_ids.push(row.company_id)
const json_ids = row.show_to_ids.join(', ')
const check = db
.prepare(`select count(1) from companies where project_id = :project_id and id in (${json_ids}) `)
.get(res.locals)
if (check.count)
return console.error ('IGNORE: ', row)
const locals = {
project_ids: res.locals.project_id,
company_id: row.company_id,
json_ids
}
db
.prepare(`
insert into company_mappings (project_id, company_id, show_to_id) values
select :project_ids, :company_id, value from json_each(:json_ids)
`)
.run(locals)
})
res.status(200).json({success: true})
})
// CHATS
function getChat(id, project_id) {
const row = db
.prepare(`
select id, name, telegram_id, is_channel, invite_link, description, logo, user_count, bot_can_ban
from chats c
where c.id = :id and project_id = :project_id
`)
.all({id, project_id})
if (!row)
throw Error('NOT_FOUND::404')
row.is_channel = Boolean(row.is_channel)
row.bot_can_ban = Boolean(row.bot_can_ban)
return row
}
app.get('/project/:pid(\\d+)/chat', (req, res, next) => {
const data = db
.prepare(`
select id, name, telegram_id, is_channel, invite_link, description, logo, user_count, bot_can_ban
from chats
where project_id = :project_id
`)
.all(res.locals)
data.forEach(row => {
row.is_channel = Boolean(row.is_channel)
row.bot_can_ban = Boolean(row.bot_can_ban)
})
res.status(200).json({success: true, data})
})
app.get('/project/:pid(\\d+)/chat/:gid(\\d+)', (req, res, next) => {
const data = getChat(req.params.gid, req.params.pid)
res.status(200).json({success: true, data})
})
app.delete('/project/:pid(\\d+)/chat/:gid(\\d+)', async (req, res, next) => {
res.locals.chat_id = req.params.gid
const info = db
.prepare(`update chats set project_id = null where id = :chat_id and project_id = :project_id`)
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
await bot.sendMessage(res.locals.chat_id, 'Чат удален из проекта')
res.status(200).json({success: true, data: {id: req.params.gid}})
})
module.exports = app

684
backend/_old/v8/apps/bot.js Normal file
View File

@@ -0,0 +1,684 @@
const fs = require('fs')
const util = require('util')
const db = require('../include/db')
const { Api, TelegramClient } = require('telegram')
const { StringSession } = require('telegram/sessions')
const { Button } = require('telegram/tl/custom/button')
const { CustomFile } = require('telegram/client/uploads')
let session
let client
let BOT_ID
const BOT_NAME = 'ready_or_not_2025_bot'
function debug (msg) {
//console.log ('DEBUG: ', msg)
fs.appendFileSync('./debug.log', msg instanceof Object ? util.inspect(msg) : msg)
}
function registerUser (telegramId) {
db
.prepare(`insert or ignore into users (telegram_id) values (:telegram_id)`)
.safeIntegers(true)
.run({ telegram_id: telegramId })
return db
.prepare(`select id from users where telegram_id = :telegram_id`)
.safeIntegers(true)
.pluck(true)
.get({ telegram_id: telegramId })
}
function updateUser (userId, data) {
const info = db
.prepare(`
update users set firstname = :firstname, lastname = :lastname, username = :username,
access_hash = :access_hash, language_code = :language_code where id = :user_id
`)
.safeIntegers(true)
.run({
user_id: userId,
firstname: data.firstName,
lastname: data.lastName,
username: data.username,
access_hash: data.accessHash.value,
language_code: data.langCode
})
return info.changes == 1
}
async function updateUserPhoto (userId, data) {
const photoId = data.photo?.photoId?.value
if (!photoId)
return
const tgUserId = db
.prepare(`select telegram_id from users where id = :user_id and coalesce(photo_id, 0) <> :photo_id`)
.safeIntegers(true)
.pluck(true)
.get({user_id: userId, photo_id: photoId })
if (!tgUserId)
return
const photo = await client.invoke(new Api.photos.GetUserPhotos({
userId: new Api.PeerUser({ userId: tgUserId }),
maxId: photoId,
offset: -1,
limit: 1,
}));
const file = await client.downloadFile(new Api.InputPhotoFileLocation({
id: photoId,
accessHash: photo.photos[0]?.accessHash,
fileReference: Buffer.from('random'),
thumbSize: 'a',
}, {}))
db
.prepare(`update users set photo_id = :photo_id, photo = :photo where id = :user_id`)
.safeIntegers(true)
.run({ user_id: userId, photo_id: photoId, photo: 'data:image/jpg;base64,' + file.toString('base64') })
}
async function registerChat (telegramId, isChannel) {
const chat = db
.prepare(`select id, name, is_channel, access_hash from chats where telegram_id = :telegram_id`)
.safeIntegers(true)
.get({telegram_id: telegramId})
if (chat && chat.access_hash && chat.is_channel == isChannel && chat.name)
return chat.id
const entity = isChannel ? { channelId: telegramId } : { chatId: telegramId }
const tgChat = await client.getEntity( isChannel ?
new Api.InputPeerChannel(entity) :
new Api.InputPeerChat(entity)
)
db
.prepare(`insert or ignore into chats (telegram_id) values (:telegram_id)`)
.safeIntegers(true)
.run({ telegram_id: telegramId })
const chatId = db
.prepare(`update chats set is_channel = :is_channel, access_hash = :access_hash, name = :name where telegram_id = :telegram_id returning id`)
.safeIntegers(true)
.pluck(true)
.get({
telegram_id: telegramId,
is_channel: +isChannel,
access_hash: tgChat.accessHash.value,
name: tgChat.title
})
await updateChat(chatId)
return chatId
}
async function updateChat (chat_id) {
const chat = db
.prepare(`select id, telegram_id, access_hash, is_channel from chats where id = :chat_id`)
.safeIntegers(true)
.get({ chat_id })
const peer = chat.is_channel ?
new Api.InputPeerChannel({ channelId: chat.telegram_id, accessHash: chat.access_hash }) :
new Api.InputPeerChat({ chatId: chat.telegram_id, accessHash: chat.access_hash })
const data = chat.is_channel ?
await client.invoke(new Api.channels.GetFullChannel({ channel: peer })) :
await client.invoke(new Api.messages.GetFullChat({ chatId: chat.telegram_id, accessHash: chat.access_hash }))
const file = data?.fullChat?.chatPhoto ? await client.downloadFile(new Api.InputPeerPhotoFileLocation({ peer, photoId: data.fullChat.chatPhoto?.id }, {})) : null
logo = file ? 'data:image/jpg;base64,' + file.toString('base64') : null
db
.prepare(`
update chats
set invite_link = :invite_link, description = :description, logo = :logo, user_count = :user_count, last_update_time = :last_update_time
where id = :chat_id
`)
.safeIntegers(true)
.run({
chat_id,
invite_link: data.fullChat?.exportedInvite?.link,
description: data.fullChat.about,
logo,
user_count: data.fullChat.participantsCount - (data.users || []).filter(user => user.bot).length,
last_update_time: Math.floor(Date.now() / 1000)
})
}
async function attachChat(chat_id, project_id) {
console.log('attachChat: ', chat_id, project_id)
const chat = db
.prepare(`update chats set project_id = :project_id where id = :chat_id returning telegram_id, access_hash, is_channel`)
.safeIntegers(true)
.get({ chat_id, project_id })
if (!chat.telegram_id)
return console.error('Can\'t attach chat: ' + chat_id + ' to project: ' + project_id)
console.log('attachChat: build peer')
const peer = chat.is_channel ?
new Api.InputPeerChannel({ channelId: chat.telegram_id, accessHash: chat.access_hash }) :
new Api.InputPeerChat({ chatId: chat.telegram_id, accessHash: chat.access_hash })
const message = db
.prepare(`select p.name from projects p where id = :project_id`)
.pluck(true)
.get({ project_id })
console.log('attachChat: send message')
const resultBtn = await client.sendMessage(peer, {
message,
buttons: client.buildReplyMarkup([[Button.url('Открыть проект', `https://t.me/${BOT_NAME}/userapp?startapp=` + project_id)]])
})
console.log('attachChat: pin message')
await client.invoke(new Api.messages.UpdatePinnedMessage({
peer,
id: resultBtn.id,
unpin: false
}))
}
async function reloadChatUsers(chat_id, onlyReset) {
console.log('reloadChatUsers: ', chat_id, onlyReset)
db
.prepare(`delete from chat_users where chat_id = :chat_id`)
.run({ chat_id })
if (onlyReset)
return
const chat = db
.prepare(`select telegram_id, is_channel, access_hash from chats where id = :chat_id`)
.get({ chat_id })
if (!chat)
return
console.log('reloadChatUsers: get user')
const result = chat.is_channel ?
await client.invoke(new Api.channels.GetParticipants({
channel: new Api.PeerChannel({ channelId: chat.telegram_id, accessHash: chat.access_hash }),
filter: new Api.ChannelParticipantsRecent(),
limit: 999999,
offset: 0
})) : await client.invoke(new Api.messages.GetFullChat({ chatId: chat.telegram_id, accessHash: chat.access_hash }))
console.log('reloadChatUsers: process users')
const users = result.users.filter(user => !user.bot)
for (const user of users) {
const user_id = registerUser(user.id.value, user)
if (updateUser(user_id, user)) {
await updateUserPhoto (user_id, user)
db
.prepare(`insert or ignore into chat_users (chat_id, user_id) values (:chat_id, :user_id)`)
.run({ chat_id, user_id })
}
}
console.log('reloadChatUsers: end of user processing')
db
.prepare(`update chats set user_count = (select count(1) from chat_users where chat_id = :chat_id) where id = :chat_id`)
.run({ chat_id })
}
async function onNewServiceMessage (msg, is_channel) {
const action = msg.action || {}
const tg_chat_id = is_channel ? msg.peerId?.channelId?.value : msg.peerId?.chatId?.value
const chat_id = await registerChat(tg_chat_id, is_channel)
// Сhat rename
if (action.className == 'MessageActionChatEditTitle') {
const info = db
.prepare(`
update chats
set name = :name, is_channel = :is_channel, last_update_time = :last_update_time
where telegram_id = :telegram_id
`)
.safeIntegers(true)
.run({
name: action.title,
is_channel,
last_update_time: Math.floor (Date.now() / 1000),
telegram_id: tg_chat_id
})
if (info.changes == 0)
console.error('onNewServiceMessage: Can\'t update a chat title: ' + tg_chat_id)
}
// Chat to Channel
if (action.className == 'MessageActionChatMigrateTo') {
const info = db
.prepare(`
update chats
set telegram_id = :new_telegram_id, name = :name, is_channel = 1, last_update_time = :last_update_time
where telegram_id = :old_telegram_id
`)
.safeIntegers(true)
.run({
name: action.title,
last_update_time: Date.now() / 1000,
old_telegram_id: tg_chat_id,
new_telegram_id: action.channelId.value
})
if (info.changes == 0)
console.error('onNewServiceMessage: Can\'t apply a chat migration to channel: ' + tg_chat_id)
}
// User/s un/register
if (action.className == 'MessageActionChatAddUser' || action.className == 'MessageActionChatDeleteUser' ||
action.className == 'MessageActionChannelAddUser' || action.className == 'MessageActionChannelDeleteUser'
) {
const tgUserIds = [action.user, action.users, action.userId].flat().filter(Boolean).map(e => BigInt(e.value))
const isAdd = action.className == 'MessageActionChatAddUser' || action.className == 'MessageActionChannelAddUser'
if (tgUserIds.indexOf(BOT_ID) == -1) {
// Add/remove non-bot users
for (const tgUserId of tgUserIds) {
const user_id = registerUser(tgUserId)
if (isAdd) {
try {
const user = await client.getEntity(new Api.PeerUser({ userId: tgUserId }))
updateUser(user_id, user)
await updateUserPhoto (user_id, user)
} catch (err) {
console.error(msg.className + ', ' + user_id + ': ' + err.message)
}
}
const query = isAdd ?
`insert or ignore into chat_users (chat_id, user_id) values (:chat_id, :user_id)` :
`delete from chat_users where chat_id = :chat_id and user_id = :user_id`
db
.prepare(query)
.run({ chat_id, user_id })
}
}
}
}
async function onNewMessage (msg, is_сhannel) {
const telegram_id = is_сhannel ? msg.peerId?.channelId?.value : msg.peerId?.chatId?.value
const chat_id = await registerChat(telegram_id, is_сhannel)
console.log(msg)
const file = msg.media?.document || msg.media?.photo
if (file) {
const is_photo = file.className == 'Photo'
const tg_user_id = msg.senderId?.value
const filedata = {
chat_id,
message_id: msg.id,
caption: msg.message,
published_by: registerUser(tg_user_id),
published: msg.date,
parent_type: 0,
parent_id: null
}
if (is_photo) {
function formatTime(time) {
const date = new Date(time * 1000)
const isoString = date.toISOString()
const [datePart, timePart] = isoString.split('T')
const [year, month, day] = datePart.split('-')
const [hours, minutes] = timePart.split(':')
return `${year}-${month}-${day}_${hours}-${minutes}`
}
filedata.filename = 'photo_' + formatTime(msg.date) + '.jpg'
filedata.mime = 'image/jpeg'
console.log(file.sizes)
const s = file.sizes.reduce((prev, e) => (prev.w > e.w) ? prev : e)
filedata.size = s.size || s.sizes?.reduce((a, b) => Math.max(a, b))
} else {
filedata.filename = file.attributes?.find(attr => attr.className == 'DocumentAttributeFilename')?.fileName
filedata.mime = file.mimeType
filedata.size = doc.size?.value
}
function updateFileAccess(file_id, telegram_file_id, access_hash) {
return db
.prepare(`update files set file_id = :telegram_file_id, access_hash = :access_hash where id = :file_id returning id`)
.safeIntegers(true)
.pluck(true)
.get({ file_id, telegram_file_id, access_hash })
}
if (tg_user_id != BOT_ID) {
const project_id = db
.prepare(`select project_id from chats where telegram_id = :telegram_id`)
.safeIntegers(true)
.pluck(true)
.get({ telegram_id })
const customer_id = db
.prepare(`select customer_id from projects where id = :project_id`)
.get({ project_id })
if (!project_id || !customer_id)
return console.error ('Register document: project/customer is not found: ', file, project_id, customer_id)
filedata.project_id = project_id
filedata.id = registerFile (filedata)
} else {
filedata = db
.prepare(`select * from files where chat_id = :chat_id and filename = :filename`)
.safeIntegers(true)
.get({ chat_id, filename })
if (!filedata)
return
}
updateFileAccess(filedata.id, file.id?.value, file.accessHash?.value)
const upload_id = db
.prepare(`select upload_chat_id from customers where id = (select customer_id from projects where id = :project_id)`)
.safeIntegers(true)
.pluck(true)
.get(filedata)
if (!upload_id)
return console.error ('Upload chat is not set. Backup skipped for ', filedata.id)
if (upload_id == chat_id)
return
let data = file.buffer
if (is_photo) {
try {
const res = await downloadFile(filedata.project_id, filedata.id)
data = res.data
} catch (err) { }
}
if (!data)
return console.error ('No data for ', filedata.id)
const uploaddata = Object.assign({}, filedata, {
chat_id: upload_id,
data,
published_by: null,
parent_type: 3,
parent_id: filedata.id
})
sendFile(uploaddata)
}
if (msg.message?.startsWith(`/start@${BOT_NAME} KEY-`) || msg.message?.startsWith('KEY-')) {
const rows = db
.prepare(`
select 1 from chats where id = :chat_id and project_id is not null
union all
select 1 from customers where upload_chat_id = :chat_id
`)
.all({ chat_id })
if (rows.length)
return await sendMessage(chat_id, 'Чат уже используется')
const rawkey = msg.message.substr(msg.message?.indexOf('KEY-'))
const [_, time64, key] = rawkey.split('-')
const now = Math.floor(Date.now() / 1000)
const time = Buffer.from(time64, 'base64')
if (now - 3600 >= time && time >= now)
return await sendMessage(chat_id, 'Время действия ключа для привязки истекло')
const row = db
.prepare(`
select (select id from projects where generate_key(id, :time) = :rawkey) project_id,
(select id from customers where generate_key(-id, :time) = :rawkey) customer_id
`)
.get({ rawkey, time })
console.log ('PROJECT_ID: ', row.project_id)
if (row.project_id) {
await attachChat(chat_id, row.project_id)
await reloadChatUsers(chat_id)
}
if (row.customer_id) {
const info = db
.prepare(`update customers set upload_chat_id = :chat_id where id = :customer_id`)
.safeIntegers(true)
.run({ customer_id: row.customer_id, chat_id })
if (info.changes == 0)
console.error('Can\'t set upload chat: ' + chat_id + ' to customer: ' + row.customer_id)
}
}
}
async function onNewUserMessage (msg) {
if (msg.message == '/start' && msg.peerId?.className == 'PeerUser') {
const tg_user_id = msg.peerId?.userId?.value
const user_id = registerUser(tg_user_id)
try {
const user = await client.getEntity(new Api.PeerUser({ userId: tg_user_id }))
updateUser(user_id, user)
await updateUserPhoto (user_id, user)
const appButton = new Api.KeyboardButtonWebView({
text: "Open Mini-App", // Текст на кнопке
url: "https://h5sj0gpz-3000.euw.devtunnels.ms/", // URL вашего Mini-App (HTTPS!)
});
const inputPeer = new Api.InputPeerUser({userId: tg_user_id, accessHash: user.accessHash.value})
await client.sendMessage(inputPeer, {
message: 'Сообщение от бота',
buttons: client.buildReplyMarkup([
[Button.url('Админка', `https://t.me/${BOT_NAME}/userapp?startapp=admin`)],
[Button.url('Пользователь', `https://t.me/${BOT_NAME}/userapp?startapp=user`)],
[appButton]
])
})
} catch (err) {
console.error(msg.className + ', ' + user_id + ': ' + err.message)
}
}
}
async function onUpdatePaticipant (update, is_channel) {
const tg_chat_id = is_channel ? update.channelId?.value : update.chatId?.value
if (!tg_chat_id || update.userId?.value != BOT_ID)
return
const chat_id = await registerChat (tg_chat_id, is_channel)
const is_ban = update.prevParticipant && !update.newParticipant
const is_add = (!update.prevParticipant || update.prevParticipant?.className == 'ChannelParticipantBanned') && update.newParticipant
if (is_ban || is_add)
await reloadChatUsers(chat_id, is_ban)
if (is_ban) {
//db
// .prepare(`update chats set project_id = null where id = :chat_id`)
// .run({chat_id: chatId})
}
const bot_can_ban = +update.newParticipant?.adminRights?.banUsers || 0
db
.prepare(`update chats set bot_can_ban = :bot_can_ban where id = :chat_id`)
.run({ chat_id, bot_can_ban })
}
async function downloadFile(project_id, file_id) {
const file = db
.prepare(`
select file_id, access_hash, '' thumbSize, filename, mime
from files where id = :file_id and project_id = :project_id
`)
.safeIntegers(true)
.get({ project_id, file_id })
if (!file)
return false
const result = await client.downloadFile(new Api.InputDocumentFileLocation({
id: file.file_id,
accessHash: file.access_hash,
fileReference: Buffer.from(file.filename),
thumbSize: ''
}, {}))
return {
filename: file.filename,
mime: file.mime,
size: result.length,
data: result
}
}
async function sendMessage (chat_id, message) {
const chat = db
.prepare(`select telegram_id, access_hash, is_channel from chats where id = :chat_id`)
.get({ chat_id })
if (!chat)
return
const entity = chat.is_channel ? { channelId: chat.telegram_id, accessHash: chat.access_hash } : { chatId: chat.telegram_id, accessHash: chat.access_hash }
const peer = await client.getEntity( chat.is_channel ?
new Api.InputPeerChannel(entity) :
new Api.InputPeerChat(entity)
)
await client.sendMessage(peer, {message})
const delay = ms => new Promise(resolve => setTimeout(resolve, ms))
await delay(1000)
}
function registerFile(filedata) {
const file_id = db
.prepare(`
insert into files (project_id, chat_id, message_id, filename, mime, size, caption, published_by, published, parent_type, parent_id) values
(:project_id, :chat_id, :message_id, :filename, :mime, :size, :caption, :published_by, :published, :parent_type, :parent_id)
returning id
`)
.pluck(true)
.get(filedata)
return file_id
}
async function sendFile(filedata) {
const file_id = registerFile(filedata)
try {
const chat = db
.prepare(`select id, telegram_id, project_id, is_channel, access_hash from chats where id = :chat_id`)
.safeIntegers(true)
.get({ chat_id: filedata.chat_id })
if (!chat)
throw Error('CHAT_NOT_FOUND::404')
if (!chat.telegram_id || !chat.access_hash)
throw Error('CHAT_INACCESSABLE::404')
const peer = chat.is_channel ?
new Api.PeerChannel({ channelId: chat.telegram_id, accessHash: chat.access_hash }) :
new Api.PeerChat({ chatId: chat.telegram_id, accessHash: chat.access_hash })
const file = await client.uploadFile({ file: new CustomFile(filedata.filename, filedata.data.length, '', filedata.data), workers: 1 })
const media = new Api.InputMediaUploadedDocument({
file,
mimeType: filedata.mime,
attributes: [new Api.DocumentAttributeFilename({ fileName: filedata.filename })]
})
await client.invoke(new Api.messages.SendMedia({
peer,
media,
message: filedata.caption,
background: true,
silent: true
}))
} catch (err) {
db.prepare(`delete from files where id = :file_id`).get({ file_id })
console.error('SendFile', err)
}
return file_id
}
async function leaveChat (chat_id) {
const chat = db
.prepare(`select telegram_id, access_hash, is_channel from chats where id = :chat_id`)
.get({ chat_id })
if (!chat)
return
if (chat.is_channel) {
const inputPeer = await client.getEntity(new Api.InputPeerChannel({ channelId: chat.telegram_id, accessHash: chat.access_hash }))
await client.invoke(new Api.channels.LeaveChannel({ channel: inputPeer }))
} else {
await client.invoke(new Api.messages.DeleteChatUser({ chatId: chat.telegram_id, userId: this.id, accessHash: chat.access_hash }))
}
}
async function start (apiId, apiHash, botAuthToken, sid) {
BOT_ID = BigInt(botAuthToken.split(':')[0])
session= new StringSession(sid || '')
client = new TelegramClient(session, apiId, apiHash, {})
if (fs.existsSync('./debug.log'))
fs.unlinkSync('./debug.log')
client.addEventHandler(async (update) => {
if (update.className == 'UpdateConnectionState')
return
try {
debug(update)
if (update.className == 'UpdateNewMessage' || update.className == 'UpdateNewChannelMessage') {
const msg = update?.message
const is_channel = update.className == 'UpdateNewChannelMessage' ? 1 : 0
if (!msg)
return
const result = msg.peerId?.className == 'PeerUser' ? await onNewUserMessage(msg) :
msg.className == 'MessageService' ? await onNewServiceMessage(msg, is_channel) :
await onNewMessage(msg, is_channel)
}
if (update.className == 'UpdateChatParticipant' || update.className == 'UpdateChannelParticipant')
await onUpdatePaticipant(update, update.className == 'UpdateChannelParticipant')
} catch (err) {
console.error(err)
}
})
await client.start({botAuthToken})
}
module.exports = { start, downloadFile, reloadChatUsers, sendMessage, sendFile }

751
backend/_old/v8/apps/miniapp.js Normal file
View File

@@ -0,0 +1,751 @@
const express = require('express')
const multer = require('multer')
const crypto = require('crypto')
const fs = require('fs')
const contentDisposition = require('content-disposition')
const bot = require('./bot')
const db = require('../include/db')
const app = express.Router()
const upload = multer({
storage: multer.memoryStorage(),
limits: {
fileSize: 10_000_000 // 10mb
}
})
function hasAccess(project_id, user_id) {
return !!db
.prepare(`select 1 from projects where id = :project_id and is_archived <> 1`)
.pluck(true)
.get({project_id}) &&
!!db
.prepare(`
select 1
from chat_users
where user_id = :user_id and
chat_id in (select id from chats where project_id = :project_id) and
not exists(select 1 from user_details where user_id = :user_id and project_id = :project_id and is_blocked = 1)
`)
.pluck(true)
.get({project_id, user_id})
}
const sessions = {}
app.use((req, res, next) => {
if (req.path == '/auth')
return next()
const sid = req.query.sid || req.cookies.sid
req.session = sessions[sid]
if (!req.session)
throw Error('ACCESS_DENIED::401')
res.locals.user_id = req.session.user_id
next()
})
app.post('/auth', (req, res, next) => {
db
.prepare(`insert or ignore into users (telegram_id) values (:telegram_id)`)
.safeIntegers(true)
.run(res.locals)
const user_id = db
.prepare(`select id from users where telegram_id = :telegram_id`)
.safeIntegers(true)
.pluck(true)
.get(res.locals)
const sid = crypto.randomBytes(64).toString('hex')
req.session = sessions[sid] = {sid, user_id}
res.setHeader('Set-Cookie', [`sid=${sid};httpOnly;path=/api/miniapp`])
res.locals.user_id = user_id
res.status(200).json({success: true})
})
app.get('/project', (req, res, next) => {
const rows = db
.prepare(`
select p.id, p.name, p.description, p.logo, p.is_logo_bg, company_id,
c.name customer_name, c.upload_chat_id <> 0 has_upload
from projects p
inner join customers c on p.customer_id = c.id
where p.id in (
select project_id
from chats
where id in (select chat_id from chat_users where user_id = :user_id)
) and not exists(select 1 from user_details where user_id = :user_id and project_id = p.id and is_blocked = 1)
and p.is_archived <> 1
`)
.all(res.locals)
rows.forEach(row => {
row.is_logo_bg = Boolean(row.is_logo_bg)
})
res.status(200).json({success: true, data: rows})
})
app.use('/project/:pid(\\d+)/*', (req, res, next) => {
res.locals.project_id = parseInt(req.params.pid)
if (!hasAccess(res.locals.project_id, res.locals.user_id))
throw Error('ACCESS_DENIED::401')
const row = db
.prepare('select customer_id, company_id from projects where id = :project_id')
.get(res.locals)
res.locals.customer_id = row.customer_id
res.locals.customer_company_id = row.company_id
next()
})
function getUserCompanyId(user_id, project_id) {
return db
.prepare(`
select company_id
from company_users
where user_id = :user_id and company_id in (select id from companies where project_id = :project_id)
`)
.pluck(true)
.get({ user_id, project_id })
}
app.get('/project/:pid(\\d+)/user', (req, res, next) => {
const users = db
.prepare(`
with actuals (user_id) as (
select distinct user_id
from chat_users
where chat_id in (select id from chats where project_id = :project_id)
and chat_id in (select chat_id from chat_users where user_id = :user_id)
),
contributors (user_id) as (
select created_by from tasks where project_id = :project_id
union
select assigned_to from tasks where project_id = :project_id
union
select created_by from meetings where project_id = :project_id
union
select published_by from files where project_id = :project_id
),
members (user_id, is_leave) as (
select user_id, 0 is_leave from actuals
union all
select user_id, 1 is_leave from contributors where user_id not in (select user_id from actuals)
)
select u.id,
u.telegram_id,
u.username,
u.firstname,
u.lastname,
u.photo,
ud.fullname,
ud.email,
ud.phone,
ud.role,
ud.department,
ud.is_blocked,
(select company_id
from company_users
where user_id = u.id and
company_id in (select id from companies where project_id = :project_id)) company_id,
m.is_leave
from users u
inner join members m on u.id = m.user_id
left join user_details ud on ud.user_id = u.id and ud.project_id = :project_id
`)
.safeIntegers(true)
.all(res.locals)
res.locals.company_id = getUserCompanyId(res.locals.user_id, res.locals.project_id)
// Список компаний, которые НЕ ВИДНЫ компании пользователя на проекте
const hidden = db
.prepare(`
select company_id from company_mappings where project_id = :project_id
except
select company_id from company_mappings where project_id = :project_id and show_to_id = :company_id`)
.pluck(true)
.all(res.locals)
users
.filter(user => user.company_id)
.filter(user => hidden.indexOf(user.company_id) != -1)
.forEach(user => user.company_id = res.locals.customer_company_id)
res.status(200).json({success: true, data: users})
})
app.get('/project/:pid(\\d+)/user/reload', async (req, res, next) => {
const chatIds = db
.prepare(`select id from chats where project_id = :project_id`)
.all(res.locals)
.map(e => e.id)
const sleep = ms => new Promise(resolve => setTimeout(resolve, ms))
for (const chatId of chatIds) {
await bot.reloadChatUsers(chatId)
await sleep(1000)
}
res.status(200).json({success: true})
})
app.get('/project/:pid(\\d+)/company', (req, res, next) => {
res.locals.company_id = getUserCompanyId(res.locals.user_id, res.locals.project_id)
const rows = db
.prepare(`
select id, name, address, email, phone, site, description
from companies
where project_id = :project_id and (
id = :company_id or
id in (select company_id from company_mappings where project_id = :project_id and show_to_id = :company_id) or
id not in (select company_id from company_mappings where project_id = :project_id) or
(select :customer_company_id)
)
`)
.all(res.locals)
res.status(200).json({success: true, data: rows})
})
// CHAT
app.get('/project/:pid(\\d+)/chat', (req, res, next) => {
const rows = db
.prepare(`
select id, name, invite_link, description, telegram_id, owner_id, user_count, logo,
(select json_group_array(user_id) from chat_users where chat_id = c.id) users,
(select count(1) from tasks where project_id = :project_id and chat_id = c.id) task_count
from chats c
where project_id = :project_id and id in (select chat_id from chat_users where user_id = :user_id)
`)
.safeIntegers(true)
.all(res.locals)
rows.forEach(row => {
row.users = JSON.parse(row.users)
})
res.status(200).json({success: true, data: rows})
})
// TASK
function getTask(id, user_id) {
const row = db
.prepare(`
select id, name, created_by, assigned_to, priority, status, time_spent, create_date, plan_date,
close_date, close_comment, coalesce(json_close_file_ids, '[]') close_file_ids, chat_id,
(select json_group_array(user_id) from task_users where task_id = t.id) observers,
(select json_group_array(id) from files where parent_type = 1 and parent_id = t.id) files
from tasks t
where t.id = :id
`)
.get({id})
if (!row)
throw Error('NOT_FOUND::404')
row.close_file_ids = JSON.parse(row.close_file_ids)
row.observers = JSON.parse(row.observers)
row.files = JSON.parse(row.files)
row.is_editable = row.created_by == user_id || row.assigned_to == user_id
return row
}
app.get('/project/:pid(\\d+)/task', (req, res, next) => {
const rows = db
.prepare(`
select id, name, created_by, assigned_to, priority, status, time_spent, create_date, plan_date,
close_date, close_comment, coalesce(json_close_file_ids, '[]') close_file_ids, chat_id,
(select json_group_array(user_id) from task_users where task_id = t.id) observers,
(select json_group_array(id) from files where parent_type = 1 and parent_id = t.id) files
from tasks t
where project_id = :project_id and (created_by = :user_id or
assigned_to = :user_id or
exists(select 1 from task_users where task_id = t.id and user_id = :user_id) or
exists(select 1 from chat_users where chat_id = t.chat_id))
`)
.all(res.locals)
rows.forEach(row => {
row.close_file_ids = JSON.parse(row.close_file_ids)
row.observers = JSON.parse(row.observers)
row.files = JSON.parse(row.files)
})
res.status(200).json({success: true, data: rows})
})
app.post('/project/:pid(\\d+)/task', (req, res, next) => {
res.locals.name = req.body?.name
res.locals.status = parseInt(req.body?.status)
res.locals.priority = parseInt(req.body?.priority)
res.locals.assigned_to = req.body?.assigned_to ? parseInt(req.body?.assigned_to) : undefined
res.locals.create_date = Math.floor(Date.now() / 1000)
res.locals.plan_date = req.body?.plan_date ? parseInt(req.body?.plan_date) : undefined
res.locals.chat_id = req.body?.chat_id ? parseInt(req.body?.chat_id) : undefined
if (res.locals.assigned_to && !hasAccess(res.locals.project_id, res.locals.assigned_to))
throw Error('INCORRECT_ASSIGNED_TO::400')
if (res.locals.chat_id && !db.prepare(`select id from chats where project_id = :project_id and id = :chat_id`).pluck(true).get(res.locals))
throw Error('INCORRECT_CHAT_ID::400')
const id = db
.prepare(`
insert into tasks (project_id, name, created_by, assigned_to, priority, status, create_date, plan_date)
values (:project_id, :name, :user_id, :assigned_to, :priority, :status, :create_date, :plan_date)
returning id
`)
.pluck(true)
.get(res.locals)
const task = getTask(id, res.locals.user_id)
res.status(200).json({success: true, data: task})
})
app.use('/project/:pid(\\d+)/task/:tid(\\d+)*', (req, res, next) => {
res.locals.task_id = req.params.tid
const task = db
.prepare(`
select created_by, assigned_to
from tasks t
where id = :task_id and project_id = :project_id and (
created_by = :user_id or
assigned_to = :user_id or
exists(select 1 from task_users where task_id = :task_id and user_id = :user_id) or
exists(select 1 from chat_users where chat_id = t.chat_id))
`)
.get(res.locals)
if (!task)
throw Error('NOT_FOUND::404')
res.locals.is_author = task.created_by == res.locals.user_id
res.locals.is_assigned = task.assigned_to == res.locals.user_id
next()
})
app.get('/project/:pid(\\d+)/task/:tid(\\d+)', (req, res, next) => {
const task = getTask(req.params.tid, res.locals.user_id)
res.status(200).json({success: true, data: task})
})
app.put('/project/:pid(\\d+)/task/:tid(\\d+)', (req, res, next) => {
if (!res.locals.is_author && !res.locals.is_assigned)
throw Error('ACCESS_DENIED::401')
res.locals.id = res.locals.task_id
res.locals.name = req.body?.name
res.locals.status = parseInt(req.body?.status)
res.locals.priority = parseInt(req.body?.priority)
res.locals.assigned_to = req.body?.assigned_to ? parseInt(req.body?.assigned_to) : undefined
res.locals.plan_date = req.body?.plan_date ? parseInt(req.body?.plan_date) : undefined
res.locals.chat_id = req.body?.chat_id ? parseInt(req.body?.chat_id) : undefined
if (res.locals.chat_id && !db.prepare(`select id from chats where project_id = :project_id and id = :chat_id`).pluck(true).get(res.locals))
throw Error('INCORRECT_CHAT_ID::400')
const columns = res.locals.is_author ? ['name', 'assigned_to', 'priority', 'status', 'plan_date', 'time_spent', 'close_comment', 'json_close_file_ids', 'chat_id'] : ['status', 'time_spent', 'close_comment', 'json_close_file_ids']
const info = db
.prepareUpdate('tasks', columns, res.locals, ['id', 'project_id'])
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
const task = getTask(res.locals.task_id, res.locals.user_id)
res.status(200).json({success: true, data: task})
})
app.delete('/project/:pid(\\d+)/task/:tid(\\d+)', (req, res, next) => {
if (!res.locals.is_author)
throw Error('ACCESS_DENIED::401')
const info = db
.prepare(`delete from tasks where id = :task_id and project_id = :project_id and created_by = :user_id`)
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true, data: {id: res.locals.task_id}})
})
app.put('/project/:pid(\\d+)/task/:tid(\\d+)/observer', (req, res, next) => {
if (!res.locals.is_author && !res.locals.is_assigned)
throw Error('ACCESS_DENIED::401')
const user_ids = req.body instanceof Array ? [...new Set(req.body.map(e => parseInt(e)))] : []
// Проверка, что выбранные пользователи имеют доступ к проекту
let rows = db
.prepare(`
select user_id
from chat_users
where chat_id in (select id from chats where project_id = :project_id)
`)
.pluck(true)
.all(res.locals)
if (user_ids.some(user_id => !rows.contains(user_id)))
throw Error('INACCESSABLE_USER::400')
res.locals.json_ids = JSON.stringify(user_ids)
db
.prepare(`
delete from task_users where task_id = :task_id;
insert into task_users (task_id, user_id) select :task_id, value from json_each(:json_ids)
`)
.run(res.locals)
res.status(200).json({success: true})
})
// MEETINGS
function getMeeting(id, user_id) {
const row = db
.prepare(`
select id, name, description, place, created_by, meet_date, chat_id, is_cancel,
(select json_group_array(user_id) from meeting_users where meeting_id = m.id) participants,
(select json_group_array(id) from files where parent_type = 2 and parent_id = m.id) files
from meetings m
where m.id = :id
`)
.get({id})
if (!row)
throw Error('NOT_FOUND::404')
row.participants = JSON.parse(row.participants)
row.files = JSON.parse(row.files)
row.is_editable = row.created_by == user_id
return row
}
app.get('/project/:pid(\\d+)/meeting', (req, res, next) => {
const rows = db
.prepare(`
select id, name, description, place, created_by, meet_date, duration, chat_id, is_cancel,
(select json_group_array(user_id) from meeting_users where meeting_id = m.id) participants,
(select json_group_array(id) from files where parent_type = 2 and parent_id = m.id) files,
created_by = :user_id is_editable
from meetings m
where project_id = :project_id and
(created_by = :user_id or exists(select 1 from meeting_users where meeting_id = m.id and user_id = :user_id))
`)
.all(res.locals)
rows.forEach(row => {
row.participants = JSON.parse(row.participants)
row.files = JSON.parse(row.files)
row.is_editable = Boolean(row.is_editable)
})
res.status(200).json({success: true, data: rows})
})
app.post('/project/:pid(\\d+)/meeting', (req, res, next) => {
res.locals.name = req.body?.name
res.locals.description = req.body?.description
res.locals.place = req.body?.place
res.locals.meet_date = req.body?.meet_date ? parseInt(req.body?.meet_date) : undefined
res.locals.duration = req.body?.duration ? parseInt(req.body?.duration) : undefined
res.locals.chat_id = req.body?.chat_id ? parseInt(req.body?.chat_id) : undefined
if (res.locals.chat_id && !db.prepare(`select id from chats where project_id = :project_id and id = :chat_id`).pluck(true).get(res.locals))
throw Error('INCORRECT_CHAT_ID::400')
const id = db
.prepare(`
insert into meetings (project_id, name, description, place, created_by, meet_date, duration)
values (:project_id, :name, :description, :place, :user_id, :meet_date, :duration)
returning id
`)
.pluck(true)
.get(res.locals)
const meeting = getMeeting(id, res.locals.user_id)
res.status(200).json({success: true, data: meeting})
})
app.use('/project/:pid(\\d+)/meeting/:mid(\\d+)*', (req, res, next) => {
res.locals.meeting_id = req.params.mid
const meeting = db
.prepare(`
select created_by
from meetings
where id = :meeting_id and project_id = :project_id
and (created_by = :user_id or exists(select 1 from meeting_users where meeting_id = :meeting_id and user_id = :user_id))
`)
.get(res.locals)
if (!meeting)
throw Error('NOT_FOUND::404')
res.locals.is_author = meeting.created_by == res.locals.user_id
next()
})
app.get('/project/:pid(\\d+)/meeting/:mid(\\d+)', (req, res, next) => {
const meeting = getMeeting(req.params.mid, res.locals.user_id)
res.status(200).json({success: true, data: meeting})
})
app.put('/project/:pid(\\d+)/meeting/:mid(\\d+)', (req, res, next) => {
if (!res.locals.is_author)
throw Error('ACCESS_DENIED::401')
res.locals.id = res.locals.meeting_id
res.locals.name = req.body?.name
res.locals.description = req.body?.description
res.locals.place = req.body?.place
res.locals.meet_date = req.body?.meet_date ? parseInt(req.body?.meet_date) : undefined
res.locals.chat_id = req.body?.chat_id ? parseInt(req.body?.chat_id) : undefined
res.locals.is_cancel = +!!req.body?.is_cancel
if (res.locals.chat_id && !db.prepare(`select id from chats where project_id = :project_id and id = :chat_id`).pluck(true).get(res.locals))
throw Error('INCORRECT_CHAT_ID::400')
const info = db
.prepareUpdate('meetings', ['name', 'description', 'place', 'meet_date', 'chat_id', 'is_cancel'], res.locals, ['id', 'project_id'])
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
const meeting = getMeeting(res.locals.meeting_id, res.locals.user_id)
res.status(200).json({success: true, data: meeting})
})
app.delete('/project/:pid(\\d+)/meeting/:mid(\\d+)', (req, res, next) => {
if (!res.locals.is_author)
throw Error('ACCESS_DENIED::401')
const info = db
.prepare(`delete from meetings where id = :meeting_id and project_id = :project_id and created_by = :user_id`)
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true, data: {id: res.locals.meeting_id}})
})
app.put('/project/:pid(\\d+)/meeting/:mid(\\d+)/participant', (req, res, next) => {
if (!res.locals.is_author)
throw Error('ACCESS_DENIED::401')
const user_ids = req.body instanceof Array ? [...new Set(req.body.map(e => parseInt(e)))] : []
// Проверка, что выбранные пользователи имеют доступ к проекту
let rows = db
.prepare(`
select user_id
from chat_users
where chat_id in (select id from chats where project_id = :project_id)
`)
.pluck(true)
.all(res.locals)
if (user_ids.some(user_id => rows.indexOf(user_id)) == -1)
throw Error('INACCESSABLE_USER::400')
db
.prepare(`delete from meeting_users where meeting_id = :meeting_id`)
.run(res.locals)
res.locals.json_ids = JSON.stringify(user_ids)
db
.prepare(`insert into meeting_users (meeting_id, user_id) select :meeting_id, value from json_each(:json_ids)`)
.run(res.locals)
res.status(200).json({ success: true, data: user_ids })
})
// FILES
app.get('/project/:pid(\\d+)/file', (req, res, next) => {
// 1. Из групп, которые есть в проекте и в которых участвует пользователь
// 2. Из задач проекта, где пользователь автор, ответсвенный или наблюдатель
// 3. Из встреч на проекте, где пользователь создатель или участник
const rows = db
.prepare(`
select f.id, f.chat_id, c.telegram_id telegram_chat_id, f.message_id, f.filename, f.mime, f.caption, f.size, f.published_by, f.published, f.parent_id, f.parent_type
from files f
left join chats c on f.chat_id = c.id and f.parent_type = 0
where f.project_id = :project_id and (
chat_id in (select chat_id from chat_users where user_id = :user_id)
or
parent_type = 1 and parent_id in (
select id
from tasks t
where project_id = :project_id and (created_by = :user_id or assigned_to = :user_id or exists(select 1 from task_users where task_id = t.id and user_id = :user_id))
)
or
parent_type = 2 and parent_id in (
select id
from meetings m
where project_id = :project_id and (created_by = :user_id or exists(select 1 from meeting_users where meeting_id = m.id and user_id = :user_id))
)
)
`)
.safeIntegers(true)
.all(res.locals)
res.status(200).json({success: true, data: rows})
})
app.post('/project/:pid(\\d+)/:type(task|meeting)/:id(\\d+)/attach', upload.any(), async (req, res, next) => {
res.locals.parent_id = req.params.id
res.locals.parent_type = req.params.type == 'task' ? 1 : 2
const chat_id = db
.prepare(`
select coalesce(chat_id, (select upload_chat_id from customers where id = :customer_id))
from ${req.params.type}s
where id = :parent_id and project_id = :project_id`)
.pluck(true)
.get(res.locals)
if (!chat_id)
throw Error('EMPTY_DESTINATION::500')
const file_ids = []
for (const file of req.files) {
if (file.size == 0)
continue
const filedata = {
project_id: req.params.pid,
chat_id,
filename: file.originalname,
mime: file.mimetype,
data: file.buffer,
size: file.size,
published_by: res.locals.user_id,
pablished: Math.floor(Date.now() / 1000),
parent_type: res.locals.parent_type,
parent_id: req.params.id
}
const file_id = await bot.sendFile(filedata)
if (file_id)
file_ids.push(file_id)
}
if (file_ids.length == 0)
throw Error('EMPTY_UPLOAD::500')
const files = db
.prepare(`select id, chat_id, message_id, filename, mime, size, published_by, published from files where id in (` + file_ids.join(',') + `)`)
.all()
res.status(200).json({success: true, data: files})
})
app.use('/project/:pid(\\d+)/file/:fid(\\d+)', (req, res, next) => {
res.locals.file_id = req.params.fid
const file = db
.prepare(`select * from files where id = :file_id and project_id = :project_id`)
.get(res.locals)
if (!file)
throw Error('NOT_FOUND::404')
if (file.parent_type == 0) {
res.locals.chat_id = file.chat_id
const row = db
.prepare(`select 1 from chat_users where chat_id = :chat_id and user_id = :user_id`)
.get(res.locals)
if (row) {
res.locals.can_download = true
}
} else {
res.locals.parent_id = file.parent_id
const parent = file.parent_type == 1 ? 'task' : 'meeting'
const row = db
.prepare(`
select 1
from ${parent}s
where id = :parent_id and project_id = :project_id or
exists(select 1 from ${parent}_users where ${parent}_id = :parent_id and user_id = :user_id)
`)
.get(res.locals)
if (row) {
res.locals.can_download = true
res.locals.can_delete = file.published_by == res.locals.user_id
}
}
next()
})
app.get('/project/:pid(\\d+)/file/:fid(\\d+)', async (req, res, next) => {
if (!res.locals.can_download)
throw Error('NOT_FOUND::404')
const file = await bot.downloadFile(res.locals.project_id, res.locals.file_id)
res.writeHead(200, {
'Content-Length': file.size,
'Content-Type': file.mime,
'Content-Disposition': contentDisposition(file.filename)
})
res.end(file.data)
})
app.delete('/project/:pid(\\d+)/file/:fid(\\d+)', (req, res, next) => {
if (!res.locals.can_delete)
throw Error('NOT_FOUND::404')
const info = db
.prepare(`delete from files where id = :id and project_id = :project_id`)
.run(res.locals)
if (info.changes == 0)
throw Error('NOT_FOUND::404')
res.status(200).json({success: true, data: {id: res.locals.file_id}})
})
app.get('/settings', (req, res, next) => {
const row = db
.prepare(`select coalesce(json_settings, '{}') from users where id = :user_id`)
.pluck(true)
.get(res.locals)
res.status(200).json({success: true, data: JSON.parse(row)})
})
app.put('/settings', (req, res, next) => {
res.locals.json_settings = JSON.stringify(req.body || {})
const row = db
.prepare(`update users set json_settings = :json_settings where id = :user_id`)
.run(res.locals)
res.status(200).json({success: true})
})
module.exports = app

22
backend/_old/v8/changes.txt Normal file
View File

@@ -0,0 +1,22 @@
СТРУКТУРА БАЗЫ
1. Переименована таблица documents в files
2. В таблицу files добавлено поле published, содержащее дату публикации файла
3. В таблице chats
* Добавлена колонка owner_id (ссылка на users.id; пусто)
* Добавлена колонка description
* Переименована колонка logo_url в logo
МИНИАПП
1. Операции POST/PUT возвращают объект
2. Операция DELETE возвращает data: {id: id-удаленого объекта}
3. Роут /project/:id/meeting/:id/participants заменен на /project/:id/meeting/:id/participant
4. В роут /project/:pid(\\d+)/file добавлен вывод origin_tg_chat_id для возможности сформировать ссылку на чат/сообщение на клиенте
5. Роут /project/:id/task или meeting/:id/attach возвращает описания файлов, а не просто их id
АДМИНКА
Общее
1. Файл /docs/api.xls обновлен, удалены ненужные листы
2. В коде document заменен на file

BIN
backend/_old/v8/data/db.sqlite Normal file
View File

Binary file not shown.

182
backend/_old/v8/data/init.sql Normal file
View File

@@ -0,0 +1,182 @@
pragma foreign_keys = off;
create table if not exists customers (
id integer primary key autoincrement,
name text check(name is null or trim(name) <> '' and length(name) < 256),
email text check(email is null or trim(email) <> '' and length(email) < 128),
password text check(password is null or length(password) > 7 and length(password) < 64),
telegram_id integer,
plan integer,
json_balance text default '{}',
is_blocked integer default 0,
json_company text default '{}',
upload_chat_id integer,
json_backup_server text default '{}',
json_backup_params text default '{}',
json_settings text default '{}'
) strict;
create table if not exists projects (
id integer primary key autoincrement,
customer_id integer references customers(id) on delete cascade,
name text not null check(trim(name) <> '' and length(name) < 256),
description text check(description is null or length(description) < 4096),
logo text,
is_logo_bg integer default 0,
company_id integer references companies(id) on delete cascade,
is_archived integer default 0
) strict;
create table if not exists chats (
id integer primary key autoincrement,
project_id integer references projects(id) on delete cascade,
name text,
telegram_id integer,
description text,
logo text,
access_hash integer,
is_channel integer check(is_channel in (0, 1)) default 0,
invite_link text,
bot_can_ban integer default 0,
owner_id integer references users(id) on delete set null,
user_count integer,
last_update_time integer
);
create unique index if not exists idx_chats_telegram_id on chats (telegram_id);
create table if not exists users (
id integer primary key autoincrement,
telegram_id integer,
access_hash integer,
firstname text check(firstname is null or length(firstname) < 256),
lastname text check(lastname is null or length(lastname) < 256),
username text check(username is null or length(username) < 256),
photo_id integer,
photo text,
language_code text,
json_settings text default '{}'
) strict;
create unique index if not exists idx_users_telegram_id on users (telegram_id);
create table if not exists user_details (
user_id integer references users(id) on delete cascade,
project_id integer references projects(id) on delete cascade,
fullname text check(fullname is null or length(fullname) < 256),
email text check(email is null or length(email) < 256),
phone text check(phone is null or length(phone) < 256),
role text check(role is null or length(role) < 256),
department text check(department is null or length(department) < 256),
is_blocked integer check(is_blocked in (0, 1)) default 0,
primary key (user_id, project_id)
) strict;
create table if not exists tasks (
id integer primary key autoincrement,
project_id integer references projects(id) on delete cascade,
name text not null check(trim(name) <> '' and length(name) < 256),
created_by integer references users(id) on delete set null,
assigned_to integer references users(id) on delete set null,
closed_by integer references users(id) on delete set null,
priority integer check(priority in (0, 1, 2, 3, 4, 5)) default 0,
status integer check(status >= 1 and status <= 10) default 1,
time_spent integer check(time_spent is null or time_spent > 0 and time_spent < 3 * 44640), -- one month
create_date integer,
plan_date integer,
close_date integer,
close_comment text check(close_comment is null or length(close_comment) < 1024),
json_close_file_ids text,
chat_id integer references chats(id) on delete set null
) strict;
create index if not exists idx_tasks_project_id on tasks (project_id);
create table if not exists meetings (
id integer primary key autoincrement,
project_id integer references projects(id) on delete cascade,
name text not null check(trim(name) <> '' and length(name) < 256),
description text check(description is null or length(description) < 1024),
place text check(place is null or length(place) < 4096),
created_by integer references users(id) on delete set null,
meet_date integer,
duration integer,
chat_id integer references chats(id) on delete set null,
is_cancel integer default 0
) strict;
create index if not exists idx_meetings_project_id on meetings (project_id);
create table if not exists files (
id integer primary key autoincrement,
project_id integer references projects(id) on delete cascade,
chat_id integer references chats(id) on delete set null,
message_id integer,
file_id integer,
access_hash integer,
filename text not null check(length(filename) < 256),
mime text check(mime is null or length(mime) < 128),
size integer,
caption text check(caption is null or length(caption) < 2048),
published_by integer references users(id) on delete set null,
published integer,
parent_type integer check(parent_type in (0, 1, 2, 3)) default 0,
parent_id integer
) strict;
create index if not exists idx_files_project_id on files (project_id);
create table if not exists companies (
id integer primary key autoincrement,
project_id integer references projects(id) on delete cascade,
name text not null check(length(name) < 4096),
address text check(address is null or length(address) < 512),
email text check(email is null or length(email) < 128),
phone text check(phone is null or length(phone) < 128),
site text check(site is null or length(site) < 128),
description text check(description is null or length(description) < 4096),
logo text
) strict;
create index if not exists idx_companies_project_id on companies (project_id);
create table if not exists company_mappings (
project_id integer references projects(id) on delete cascade,
company_id integer references companies(id) on delete cascade,
--show_as_id integer references companies(id) on delete cascade,
show_to_id integer references companies(id) on delete cascade
) strict;
create index if not exists idx_company_mappings_project_id on company_mappings (project_id);
create table if not exists task_users (
task_id integer references tasks(id) on delete cascade,
user_id integer references users(id) on delete cascade,
primary key (task_id, user_id)
) without rowid;
create table if not exists meeting_users (
meeting_id integer references meetings(id) on delete cascade,
user_id integer references users(id) on delete cascade,
primary key (meeting_id, user_id)
) without rowid;
create table if not exists company_users (
company_id integer references companies(id) on delete cascade,
user_id integer references users(id) on delete cascade,
primary key (company_id, user_id)
) without rowid;
create table if not exists chat_users (
chat_id integer references chats(id) on delete cascade,
user_id integer references users(id) on delete cascade,
primary key (chat_id, user_id)
) without rowid;
pragma foreign_keys = on;
create trigger if not exists trg_chats_update after update on chats
when NEW.project_id is null
begin
delete from chat_users where chat_id = NEW.id;
end;

167050
backend/_old/v8/debug.log Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
backend/_old/v8/docs/api.xls Normal file
View File

Binary file not shown.

46
backend/_old/v8/include/db.js Normal file
View File

@@ -0,0 +1,46 @@
const fs = require('fs')
const crypto = require('crypto')
const sqlite3 = require('better-sqlite3')
const db = sqlite3(`./data/db.sqlite`)
db.pragma('journal_mode = WAL')
db.pragma('foreign_keys = on')
db.exec(fs.readFileSync('./data/init.sql', 'utf8'))
db.function('generate_key', (id, time) => {
return [
'KEY',
Buffer.from(time + '').toString('base64'),
crypto.createHash('md5').update(`sa${time}-${id}lt`).digest('hex')
].join('-')
})
process.on('exit', () => db.close())
process.on('SIGHUP', () => process.exit(128 + 1))
process.on('SIGINT', () => process.exit(128 + 2))
process.on('SIGTERM', () => process.exit(128 + 15))
db.prepareUpdate = function (table, columns, data, where) {
const dataColumns = columns.filter(col => col in data)
if (dataColumns.length == 0)
throw Error('SQLite Error: No data to update')
return db.prepare(`update "${table}" ` +
`set ` + dataColumns.map(col => `"${col}" = :${col}`).join(', ') +
` where ` + where.map(col => `"${col}" = :${col}`).join(' and '))
}
db.prepareUpsert = function (table, columns, data, where) {
const dataColumns = columns.filter(col => col in data)
if (dataColumns.length == 0)
throw Error('SQLite Error: No data to update')
return db.prepare(
`insert into "${table}" (` + [...dataColumns, ...where].join(', ') + `) values (:` + [...dataColumns, ...where].join(', :') +
`) on conflict (` + where.join(',') + `) do update ` +
`set ` + dataColumns.map(col => `"${col}" = :${col}`).join(', ') +
` where ` + where.map(col => `"${col}" = :${col}`).join(' and '))
}
module.exports = db

1991
backend/_old/v8/package-lock.json generated Normal file
View File

File diff suppressed because it is too large Load Diff

25
backend/_old/v8/package.json Normal file
View File

@@ -0,0 +1,25 @@
{
"name": "telegram-bot",
"version": "1.0.0",
"main": "app.js",
"directories": {
"doc": "docs"
},
"scripts": {
"test": "echo \"Error: no test specified\" && exit 1"
},
"author": "",
"license": "ISC",
"description": "",
"dependencies": {
"better-sqlite3": "^11.8.0",
"body-parser": "^1.20.3",
"content-disposition": "^0.5.4",
"cookie-parser": "^1.4.7",
"express": "^4.21.2",
"express-session": "^1.18.1",
"multer": "^1.4.5-lts.1",
"nodemailer": "^6.9.16",
"telegram": "^2.26.16"
}
}