v1
This commit is contained in:
@@ -1,25 +1,46 @@
|
||||
const crypto = require('crypto')
|
||||
const express = require('express')
|
||||
const multer = require('multer')
|
||||
const db = require('../include/db')
|
||||
const bot = require('./bot')
|
||||
const fs = require('fs')
|
||||
const cookieParser = require('cookie-parser')
|
||||
|
||||
const app = express.Router()
|
||||
const upload = multer({
|
||||
storage: multer.memoryStorage(),
|
||||
limits: {
|
||||
fileSize: 1_000_000 // 1mb
|
||||
}
|
||||
})
|
||||
|
||||
const sessions = {}
|
||||
const cache = {
|
||||
// email -> code
|
||||
register: {},
|
||||
upgrade: {},
|
||||
recovery: {},
|
||||
'change-password': {},
|
||||
'change-email': {},
|
||||
'change-email2': {}
|
||||
}
|
||||
|
||||
function checkEmail(email){
|
||||
return String(email)
|
||||
.toLowerCase()
|
||||
.match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
|
||||
}
|
||||
|
||||
function sendEmail(email, subject, message) {
|
||||
console.log(`${email} --> ${subject}: ${message}`)
|
||||
}
|
||||
|
||||
function checkPassword(password) {
|
||||
return password.length >= 8
|
||||
}
|
||||
|
||||
app.use((req, res, next) => {
|
||||
if (req.path == '/customer/login' ||
|
||||
req.path == '/customer/register' ||
|
||||
req.path == '/customer/activate')
|
||||
const public = [
|
||||
'/auth/email',
|
||||
'/auth/telegram',
|
||||
'/auth/email/register',
|
||||
'/auth/email/recovery',
|
||||
'/auth/logout'
|
||||
]
|
||||
|
||||
if (public.includes(req.path))
|
||||
return next()
|
||||
|
||||
const asid = req.query.asid || req.cookies.asid
|
||||
@@ -31,105 +52,241 @@ app.use((req, res, next) => {
|
||||
next()
|
||||
})
|
||||
|
||||
// CUSTOMER
|
||||
app.post('/customer/login', (req, res, next) => {
|
||||
// AUTH
|
||||
function createSession(req, res, customer_id) {
|
||||
if (!customer_id)
|
||||
throw Error('AUTH_ERROR::500')
|
||||
|
||||
res.locals.customer_id = customer_id
|
||||
const asid = crypto.randomBytes(64).toString('hex')
|
||||
req.session = sessions[asid] = {asid, customer_id }
|
||||
res.setHeader('Set-Cookie', [`asid=${asid};httpOnly;path=/api/admin`])
|
||||
}
|
||||
|
||||
app.post('/auth/email', (req, res, next) => {
|
||||
res.locals.email = req.body?.email
|
||||
res.locals.password = req.body?.password
|
||||
|
||||
let customer_id = db
|
||||
.prepare(`
|
||||
select id
|
||||
from customers
|
||||
where is_active = 1 and (
|
||||
email is not null and email = :email and password is not null and password = :password or
|
||||
email is null and password is null and telegram_user_id = :telegram_id
|
||||
)
|
||||
`)
|
||||
const customer_id = db
|
||||
.prepare(`select id from customers where email = :email and password is not null and password = :password `)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
if (!customer_id && !res.locals.email && !res.locals.password) {
|
||||
customer_id = db
|
||||
.prepare(`insert into customers (telegram_user_id, is_active) values (:telegram_id, 1) returning id`)
|
||||
.safeIntegers(true)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
}
|
||||
|
||||
if (!customer_id)
|
||||
throw Error('AUTH_ERROR::401')
|
||||
|
||||
res.locals.customer_id = customer_id
|
||||
db
|
||||
.prepare(`update customers set telegram_user_id = :telegram_id where id = :customer_id and email is not null`)
|
||||
.run(res.locals)
|
||||
|
||||
const asid = crypto.randomBytes(64).toString('hex')
|
||||
req.session = sessions[asid] = {asid, customer_id }
|
||||
res.setHeader('Set-Cookie', [`asid=${asid};httpOnly;path=/api/admin`])
|
||||
createSession(req, res, customer_id)
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.post('/auth/telegram', (req, res, next) => {
|
||||
let customer_id = db
|
||||
.prepare(`select id from customers where telegram_id = :telegram_id`)
|
||||
.pluck(true)
|
||||
.get(res.locals) || db
|
||||
.prepare(`replace into customers (telegram_id) values (:telegram_id) returning id`)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
createSession(req, res, customer_id)
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
/*
|
||||
Регистрация нового клиента/Перевод авторизации с TG на email выполняется за ТРИ последовательных вызова
|
||||
1. Отравляется email. Если email корректный и уже неиспользуется, то сервер возвращает ОК и на указанный email отправляется код.
|
||||
2. Отправляется email + код из письма. Если указан корректный код, то сервер отвечает ОК.
|
||||
3. Отправляется email + код из письма + желаемый пароль. Если все ОК, то сервер создает учетную запись и возвращает ОК.
|
||||
*/
|
||||
app.post('/auth/email/:action(register|upgrade)', (req, res, next) => {
|
||||
const email = String(req.body.email ?? '').trim()
|
||||
const code = String(req.body.code ?? '').trim()
|
||||
const password = String(req.body.password ?? '').trim()
|
||||
const action = req.params.action
|
||||
|
||||
const stepNo = email && !code ? 1 : email && code && !password ? 2 : email && code && password ? 3 : -1
|
||||
if (stepNo == -1)
|
||||
throw Error('BAD_STEP::400')
|
||||
|
||||
if (stepNo == 1) {
|
||||
if (!checkEmail(email))
|
||||
throw Error('INCORRECT_EMAIL::400')
|
||||
|
||||
const customer_id = db
|
||||
.prepare('select id from customers where email = :email')
|
||||
.pluck(true)
|
||||
.get({email})
|
||||
|
||||
if (customer_id)
|
||||
throw Error('USED_EMAIL::400')
|
||||
|
||||
const code = Math.random().toString().substr(2, 4)
|
||||
cache[action][email] = code
|
||||
sendEmail(email, action.toUpperCase(), `${email} => ${code}`)
|
||||
}
|
||||
|
||||
if (stepNo == 2) {
|
||||
if (cache[action][email] != code)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
}
|
||||
|
||||
if (stepNo == 3) {
|
||||
if (!checkPassword(password))
|
||||
throw Error('INCORRECT_PASSWORD::400')
|
||||
|
||||
const query = action == 'register' ? 'insert into customers (email, password) values (:email, :password)' :
|
||||
'update customers set email = :email, password = :password where id = :id'
|
||||
db.prepare(query).run({email, password, id: res.locals.customer_id})
|
||||
|
||||
delete cache[action][email]
|
||||
}
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
|
||||
/*
|
||||
Смена email выполняется за ЧЕТЫРЕ последовательных вызовов
|
||||
1. Отравляется пустой закпрос. Сервер на email пользователя из базы отправляет код.
|
||||
2. Отправляется код из письма. Если указан корректный код, то сервер отвечает ОК.
|
||||
3. Отправляется код из письма + новый email. Сервер отправляет код2 на новый email.
|
||||
4. Отправлются оба кода и новый email. Если они проходят проверку, то сервер меняет email пользователя на новый и возвращает ОК.
|
||||
*/
|
||||
app.post('/auth/email/change-email', (req, res, next) => {
|
||||
const email2 = String(req.body.email ?? '').trim()
|
||||
const code = String(req.body.code ?? '').trim()
|
||||
const code2 = String(req.body.code2 ?? '').trim()
|
||||
|
||||
const email = db
|
||||
.prepare('select email from customers where id = :customer_id')
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
const stepNo = !code ? 1 : code && !email ? 2 : code && email && !code2 ? 3 : code && email && code2 ? 4 : -1
|
||||
if (stepNo == -1)
|
||||
throw Error('BAD_STEP::400')
|
||||
|
||||
if (stepNo == 1) {
|
||||
const code = Math.random().toString().substr(2, 4)
|
||||
cache['change-email'][email] = code
|
||||
sendEmail(email, 'CHANGE-EMAIL', `${email} => ${code}`)
|
||||
}
|
||||
|
||||
if (stepNo == 2) {
|
||||
if (cache['change-email'][email] != code)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
}
|
||||
|
||||
if (stepNo == 3) {
|
||||
if (!checkEmail(email2))
|
||||
throw Error('INCORRECT_EMAIL::400')
|
||||
|
||||
const code2 = Math.random().toString().substr(2, 4)
|
||||
cache['change-email2'][email2] = code2
|
||||
sendEmail(email2, 'CHANGE-EMAIL2', `${email2} => ${code2}`)
|
||||
}
|
||||
|
||||
if (stepNo == 4) {
|
||||
if (cache['change-email'][email] != code || cache['change-email2'][email2] != code2)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
|
||||
const info = db
|
||||
.prepare('update customers set email = :email where id = :customer_id')
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('BAD_REQUEST::400')
|
||||
|
||||
delete cache['change-email'][email]
|
||||
delete cache['change-email2'][email2]
|
||||
}
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.get('/customer/logout', (req, res, next) => {
|
||||
delete sessions[req.session.asid]
|
||||
res.setHeader('Set-Cookie', [`asid=; expired; httpOnly`])
|
||||
/*
|
||||
Смена пароля/восстановление доступа выполняется за ТРИ последовательных вызова
|
||||
1. Отравляется пустой закпрос для смены запоса и email, в случае восстановления доступа. Сервер на email отправляет код.
|
||||
2. Отправляется email + код из письма. Если указан корректный код, то сервер отвечает ОК.
|
||||
3. Отправляется email + код из письма + новый пароль. Сервер изменяет пароль и возвращает ОК.
|
||||
*/
|
||||
app.post('/auth/email/:action(change-password|recovery)', (req, res, next) => {
|
||||
const code = String(req.body.code ?? '').trim()
|
||||
const password = String(req.body.password)
|
||||
const action = req.params.action
|
||||
|
||||
const email = action == 'change-password' ? db
|
||||
.prepare('select email from customers where id = :customer_id')
|
||||
.pluck(true)
|
||||
.get(res.locals) :
|
||||
String(req.body.email ?? '').trim()
|
||||
|
||||
const stepNo = action == 'change-password' ?
|
||||
(!code && !password ? 1 : code && !password ? 2 : code && password ? 3 : -1) :
|
||||
(!email && !code && !password ? 1 : email && code && !password ? 2 : email && code && password ? 3 : -1)
|
||||
if (stepNo == -1)
|
||||
throw Error('BAD_STEP::400')
|
||||
|
||||
if (stepNo == 1) {
|
||||
if (!checkEmail(email))
|
||||
throw Error('INCORRECT_EMAIL::400')
|
||||
|
||||
const code = Math.random().toString().substr(2, 4)
|
||||
cache[action][email] = code
|
||||
sendEmail(email, action.toUpperCase(), `${email} => ${code}`)
|
||||
}
|
||||
|
||||
if (stepNo == 2) {
|
||||
if (cache[action][email] != code)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
}
|
||||
|
||||
if (stepNo == 3) {
|
||||
if (cache[action][email] != code)
|
||||
throw Error('INCORRECT_CODE::400')
|
||||
|
||||
if (!checkPassword(password))
|
||||
throw Error('INCORRECT_PASSWORD::400')
|
||||
|
||||
const info = db
|
||||
.prepare('update customers set password = :password where email = :email')
|
||||
.run({ email, password })
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('BAD_REQUEST::400')
|
||||
|
||||
delete cache[action][email]
|
||||
}
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.post('/customer/register', (req, res, next) => {
|
||||
const email = String(req.body.email).trim()
|
||||
const password = String(req.body.password).trim()
|
||||
app.get('/auth/logout', (req, res, next) => {
|
||||
if (req.session?.asid)
|
||||
delete sessions[req.session.asid]
|
||||
|
||||
const validateEmail = email => String(email).toLowerCase().match(/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/)
|
||||
if (!validateEmail(email))
|
||||
throw Error('INCORRECT_EMAIL::400')
|
||||
|
||||
if (!password)
|
||||
throw Error('EMPTY_PASSWORD::400')
|
||||
|
||||
const row = db
|
||||
.prepare('select id from customers where email = :email')
|
||||
.run({email})
|
||||
if (row)
|
||||
throw Error('DUPLICATE_EMAIL::400')
|
||||
|
||||
const key = crypto.randomBytes(32).toString('hex')
|
||||
const info = db
|
||||
.prepare('insert into customers (email, password, activation_key) values (:email, :password, :key)')
|
||||
.run({email, password, key})
|
||||
|
||||
// To-Do: SEND MAIL
|
||||
console.log(`http://127.0.0.1:3000/api/customer/activate?key=${key}`)
|
||||
res.status(200).json({success: true, data: key})
|
||||
})
|
||||
|
||||
app.get('/customer/activate', (req, res, next) => {
|
||||
const row = db
|
||||
.prepare('update customers set is_active = 1 where activation_key = :key returning id')
|
||||
.get({key: req.query.key})
|
||||
|
||||
if (!row || !row.id)
|
||||
throw Error('BAD_ACTIVATION_KEY::400')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
res.setHeader('Set-Cookie', [`asid=; expired; httpOnly;path=/api/admin`])
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
// CUSTOMER
|
||||
app.get('/customer/profile', (req, res, next) => {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select id, name, email, plan, coalesce(json_balance, '{}') json_balance, coalesce(json_company, '{}') json_company, upload_group_id
|
||||
select id, name, email, plan,
|
||||
coalesce(json_balance, '{}') json_balance, coalesce(json_company, '{}') json_company,
|
||||
upload_chat_id, generate_key(-id, :time) upload_token
|
||||
from customers
|
||||
where id = :customer_id and is_active = 1
|
||||
where id = :customer_id
|
||||
`)
|
||||
.get(res.locals)
|
||||
|
||||
if (row?.upload_group_id) {
|
||||
row.upload_group = db
|
||||
.prepare(`select id, name, telegram_id from groups where id = :group_id and project_id is null`)
|
||||
if (row?.upload_chat_id) {
|
||||
row.upload_chat = db
|
||||
.prepare(`select id, name, telegram_id from chats where id = :chat_id and project_id is null`)
|
||||
.safeIntegers(true)
|
||||
.get({ group_id: row.upload_group_id})
|
||||
delete row.upload_group_id
|
||||
.get({ chat_id: row.upload_chat_id})
|
||||
delete row.upload_chat_id
|
||||
}
|
||||
|
||||
for (const key in row) {
|
||||
@@ -145,6 +302,8 @@ app.get('/customer/profile', (req, res, next) => {
|
||||
app.put('/customer/profile', (req, res, next) => {
|
||||
if (req.body.company instanceof Object)
|
||||
req.body.json_company = JSON.stringify(req.body.company)
|
||||
else
|
||||
delete req.body?.json_company
|
||||
|
||||
const info = db
|
||||
.prepareUpdate(
|
||||
@@ -160,96 +319,91 @@ app.put('/customer/profile', (req, res, next) => {
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
// PROJECT
|
||||
app.get('/project', (req, res, next) => {
|
||||
const where = req.query.id ? ' and id = ' + parseInt(req.query.id) : ''
|
||||
app.get('/customer/settings', (req, res, next) => {
|
||||
const row = db
|
||||
.prepare(`select coalesce(json_settings, '{}') from customers where id = :customer_id`)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
res.status(200).json({success: true, data: JSON.parse(row)})
|
||||
})
|
||||
|
||||
const rows = db
|
||||
app.put('/customer/settings', (req, res, next) => {
|
||||
res.locals.json_settings = JSON.stringify(req.body || {})
|
||||
|
||||
db
|
||||
.prepare(`update customers set json_settings = :json_settings where id = :customer_id`)
|
||||
.run(res.locals)
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
// PROJECT
|
||||
function getProject(id, customer_id) {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select id, name, description, logo
|
||||
from projects
|
||||
where customer_id = :customer_id ${where} and is_deleted <> 1
|
||||
select id, name, description, logo, is_logo_bg, is_archived,
|
||||
(select count(*) from chats where project_id = p.id) chat_count,
|
||||
(select count(distinct user_id) from chat_users where chat_id in (select id from chats where project_id = p.id)) user_count
|
||||
from projects p
|
||||
where customer_id = :customer_id and p.id = :id
|
||||
order by name
|
||||
`)
|
||||
.get({id, customer_id})
|
||||
|
||||
if (!row)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
row.is_archived = Boolean(row.is_archived)
|
||||
row.is_logo_bg = Boolean(row.is_logo_bg)
|
||||
|
||||
return row
|
||||
}
|
||||
|
||||
app.get('/project', (req, res, next) => {
|
||||
const data = db
|
||||
.prepare(`
|
||||
select id, name, description, logo, is_logo_bg, is_archived,
|
||||
(select count(*) from chats where project_id = p.id) chat_count,
|
||||
(select count(distinct user_id) from chat_users where chat_id in (select id from chats where project_id = p.id)) user_count
|
||||
from projects p
|
||||
where customer_id = :customer_id
|
||||
order by name
|
||||
`)
|
||||
.all(res.locals)
|
||||
|
||||
if (where && rows.length == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
data.forEach(row => {
|
||||
row.is_archived = Boolean(row.is_archived)
|
||||
row.is_logo_bg = Boolean(row.is_logo_bg)
|
||||
})
|
||||
|
||||
res.status(200).json({success: true, data: where ? rows[0] : rows})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)', (req, res, next) => {
|
||||
res.redirect(req.baseUrl + `/project?id=${req.params.pid}`)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.post('/project', (req, res, next) => {
|
||||
res.locals.name = req.body?.name
|
||||
res.locals.description = req.body?.description
|
||||
res.locals.logo = req.body?.logo
|
||||
res.locals.is_logo_bg = 'is_logo_bg' in req.body ? +req.body.is_logo_bg : undefined
|
||||
|
||||
const id = db
|
||||
.prepare(`
|
||||
insert into projects (customer_id, name, description, logo)
|
||||
values (:customer_id, :name, :description, :logo)
|
||||
insert into projects (customer_id, name, description, logo, is_logo_bg)
|
||||
values (:customer_id, :name, :description, :logo, :is_logo_bg)
|
||||
returning id
|
||||
`)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
res.status(200).json({success: true, data: id})
|
||||
const data = getProject(id, res.locals.customer_id)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.put('/project/:pid(\\d+)', (req, res, next) => {
|
||||
res.locals.id = req.params.pid
|
||||
res.locals.name = req.body?.name
|
||||
res.locals.description = req.body?.description
|
||||
res.locals.logo = req.body?.logo
|
||||
|
||||
const info = db
|
||||
.prepareUpdate(
|
||||
'projects',
|
||||
['name', 'description', 'logo'],
|
||||
res.locals,
|
||||
['id', 'customer_id'])
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.delete('/project/:pid(\\d+)', async (req, res, next) => {
|
||||
res.locals.id = req.params.pid
|
||||
|
||||
const info = db
|
||||
.prepare('update projects set id_deleted = 1 where id = :id and customer_id = :customer_id')
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
const groupIds = db
|
||||
.prepare(`select id from groups where project_id = :id`)
|
||||
.pluck(true)
|
||||
.all(res.locals)
|
||||
|
||||
for (const groupId of groupIds) {
|
||||
await bot.sendMessage(groupId, 'Проект удален')
|
||||
await bot.leaveGroup(groupId)
|
||||
}
|
||||
|
||||
db.prepare(`updates groups set project_id = null where id in (${ groupIds.join(', ')})`).run()
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.use ('/project/:pid(\\d+)/*', (req, res, next) => {
|
||||
app.use ('(/project/:pid(\\d+)/*|/project/:pid(\\d+))', (req, res, next) => {
|
||||
res.locals.project_id = parseInt(req.params.pid)
|
||||
|
||||
const row = db
|
||||
.prepare('select 1 from projects where id = :project_id and customer_id = :customer_id and is_deleted <> 1')
|
||||
.prepare('select 1 from projects where id = :project_id and customer_id = :customer_id and is_archived <> 1')
|
||||
.get(res.locals)
|
||||
|
||||
if (!row)
|
||||
@@ -258,55 +412,134 @@ app.use ('/project/:pid(\\d+)/*', (req, res, next) => {
|
||||
next()
|
||||
})
|
||||
|
||||
// USER
|
||||
app.get('/project/:pid(\\d+)/user', (req, res, next) => {
|
||||
const where = req.query.id ? ' and id = ' + parseInt(req.query.id) : ''
|
||||
app.get('/project/:pid(\\d+)', (req, res, next) => {
|
||||
const data = getProject(req.params.pid, res.locals.customer_id)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
const rows = db
|
||||
app.put('/project/:pid(\\d+)', (req, res, next) => {
|
||||
res.locals.id = req.params.pid
|
||||
res.locals.name = req.body?.name
|
||||
res.locals.description = req.body?.description
|
||||
res.locals.logo = req.body?.logo
|
||||
res.locals.is_logo_bg = 'is_logo_bg' in req.body ? +req.body.is_logo_bg : undefined
|
||||
|
||||
const info = db
|
||||
.prepareUpdate(
|
||||
'projects',
|
||||
['name', 'description', 'logo', 'is_logo_bg'],
|
||||
res.locals,
|
||||
['id', 'customer_id'])
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
const data = getProject(req.params.pid, res.locals.customer_id)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.put('/project/:pid(\\d+)/:action(archive|restore)', async (req, res, next) => {
|
||||
res.locals.id = req.params.pid
|
||||
res.locals.is_archived = +(req.params.action == 'archive')
|
||||
|
||||
const info = db
|
||||
.prepare(`
|
||||
update projects
|
||||
set is_archived = :is_archived
|
||||
where id = :id and customer_id = :customer_id and coalesce(is_archived, 0) = not :is_archived
|
||||
`)
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('BAD_REQUEST::400')
|
||||
|
||||
const chatIds = db
|
||||
.prepare(`select id from chats where project_id = :id`)
|
||||
.pluck(true)
|
||||
.all(res.locals)
|
||||
|
||||
for (const chatId of chatIds) {
|
||||
await bot.sendMessage(chatId, res.locals.is_archived ? 'Проект помещен в архив. Отслеживание сообщений прекращено.' : 'Проект восстановлен из архива.')
|
||||
}
|
||||
|
||||
const data = getProject(req.params.pid, res.locals.customer_id)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
// USER
|
||||
function getUser(id, project_id) {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select u.id, u.telegram_id, u.firstname, u.lastname, u.username, u.photo,
|
||||
ud.fullname, ud.role, ud.department, ud.is_blocked
|
||||
ud.fullname, ud.email, ud.phone, ud.role, ud.department, ud.is_blocked,
|
||||
cu.company_id
|
||||
from users u
|
||||
left join user_details ud on u.id = ud.user_id and ud.project_id = :project_id
|
||||
left join company_users cu on u.id = cu.user_id
|
||||
where id = :id
|
||||
`)
|
||||
.safeIntegers(true)
|
||||
.all({id, project_id})
|
||||
|
||||
if (!row)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
row.is_blocked = Boolean(row.is_blocked)
|
||||
|
||||
return row
|
||||
}
|
||||
|
||||
app.get('/project/:pid(\\d+)/user', (req, res, next) => {
|
||||
const data = db
|
||||
.prepare(`
|
||||
select u.id, u.telegram_id, u.firstname, u.lastname, u.username, u.photo,
|
||||
ud.fullname, ud.email, ud.phone, ud.role, ud.department, ud.is_blocked,
|
||||
cu.company_id
|
||||
from users u
|
||||
left join user_details ud on u.id = ud.user_id and ud.project_id = :project_id
|
||||
left join company_users cu on u.id = cu.user_id
|
||||
where id in (
|
||||
select user_id
|
||||
from group_users
|
||||
where group_id in (select id from groups where project_id = :project_id)
|
||||
) ${where}
|
||||
from chat_users
|
||||
where chat_id in (select id from chats where project_id = :project_id)
|
||||
)
|
||||
`)
|
||||
.safeIntegers(true)
|
||||
.all(res.locals)
|
||||
|
||||
if (where && rows.length == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
data.forEach(row => {
|
||||
row.is_blocked = Boolean(row.is_blocked)
|
||||
})
|
||||
|
||||
res.status(200).json({success: true, data: where ? rows[0] : rows})
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/user/:uid(\\d+)', (req, res, next) => {
|
||||
res.redirect(req.baseUrl + `/project/${req.params.pid}/user?id=${req.params.uid}`)
|
||||
const data = getUser(req.params.uid, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.put('/project/:pid(\\d+)/user/:uid(\\d+)', (req, res, next) => {
|
||||
res.locals.user_id = parseInt(req.params.uid)
|
||||
|
||||
res.locals.fullname = req.body?.fullname
|
||||
res.locals.email = req.body?.email
|
||||
res.locals.phone = req.body?.phone
|
||||
res.locals.role = req.body?.role
|
||||
res.locals.department = req.body?.department
|
||||
res.locals.is_blocked = req.body?.is_blocked
|
||||
res.locals.is_blocked = 'is_blocked' in req.body ? +req.body.is_blocked : undefined
|
||||
|
||||
const info = db
|
||||
.prepareUpdate('user_details',
|
||||
['fullname', 'role', 'department', 'is_blocked'],
|
||||
.prepareUpsert('user_details',
|
||||
['fullname', 'email', 'phone', 'role', 'department', 'is_blocked'],
|
||||
res.locals,
|
||||
['user_id', 'project_id']
|
||||
)
|
||||
.all(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
.run(res.locals)
|
||||
|
||||
res.status(200).json({success: true})
|
||||
const data = getUser(req.params.uid, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/token', (req, res, next) => {
|
||||
@@ -324,33 +557,47 @@ app.get('/project/:pid(\\d+)/token', (req, res, next) => {
|
||||
})
|
||||
|
||||
// COMPANY
|
||||
app.get('/project/:pid(\\d+)/company', (req, res, next) => {
|
||||
const where = req.query.id ? ' and id = ' + parseInt(req.query.id) : ''
|
||||
|
||||
const rows = db
|
||||
function getCompany(id, project_id) {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select id, name, email, phone, description, logo,
|
||||
select id, name, address, email, phone, site, description, logo,
|
||||
(select json_group_array(user_id) from company_users where company_id = c.id) users
|
||||
from companies c
|
||||
where project_id = :project_id ${where}
|
||||
where c.id = :id and project_id = :project_id
|
||||
order by name
|
||||
`)
|
||||
.get({id, project_id})
|
||||
|
||||
if (!row)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
return row
|
||||
}
|
||||
|
||||
app.get('/project/:pid(\\d+)/company', (req, res, next) => {
|
||||
const data = db
|
||||
.prepare(`
|
||||
select id, name, address, email, phone, site, description, logo,
|
||||
(select json_group_array(user_id) from company_users where company_id = c.id) users
|
||||
from companies c
|
||||
where project_id = :project_id
|
||||
order by name
|
||||
`)
|
||||
.all(res.locals)
|
||||
|
||||
rows.forEach(row => row.users = JSON.parse(row.users || '[]'))
|
||||
data.forEach(row => row.users = JSON.parse(row.users || '[]'))
|
||||
|
||||
if (where && rows.length == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
res.status(200).json({success: true, data: where ? rows[0] : rows})
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
|
||||
res.redirect(req.baseUrl + `/project/${req.params.pid}/company?id=${req.params.cid}`)
|
||||
const data = getCompany(req.params.cid, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.post('/project/:pid(\\d+)/company', (req, res, next) => {
|
||||
res.locals.name = req.body?.name
|
||||
res.locals.address = req.body?.address
|
||||
res.locals.email = req.body?.email
|
||||
res.locals.phone = req.body?.phone
|
||||
res.locals.site = req.body?.site
|
||||
@@ -359,28 +606,31 @@ app.post('/project/:pid(\\d+)/company', (req, res, next) => {
|
||||
|
||||
const id = db
|
||||
.prepare(`
|
||||
insert into companies (project_id, name, email, phone, site, description, logo)
|
||||
values (:project_id, :name, :email, :phone, :site, :description, :logo)
|
||||
insert into companies (project_id, name, address, email, phone, site, description, logo)
|
||||
values (:project_id, :name, :address, :email, :phone, :site, :description, :logo)
|
||||
returning id
|
||||
`)
|
||||
.pluck(res.locals)
|
||||
.pluck(true)
|
||||
.get(res.locals)
|
||||
|
||||
res.status(200).json({success: true, data: id})
|
||||
const data = getCompany(id, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.put('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
|
||||
res.locals.id = parseInt(req.params.cid)
|
||||
res.locals.name = req.body?.name
|
||||
res.locals.address = req.body?.address
|
||||
res.locals.email = req.body?.email
|
||||
res.locals.phone = req.body?.phone
|
||||
res.locals.site = req.body?.site
|
||||
res.locals.description = req.body?.description
|
||||
res.locals.logo = req.body?.logo
|
||||
|
||||
const info = db
|
||||
.prepareUpdate(
|
||||
'companies',
|
||||
['name', 'email', 'phone', 'site', 'description'],
|
||||
['name', 'address', 'email', 'phone', 'site', 'description', 'logo'],
|
||||
res.locals,
|
||||
['id', 'project_id'])
|
||||
.run(res.locals)
|
||||
@@ -388,11 +638,12 @@ app.put('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
const data = getCompany(req.params.cid, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.delete('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
|
||||
res.locals.company_id = parseInt(req.params.cid)
|
||||
res.locals.company_id = req.params.cid
|
||||
|
||||
const info = db
|
||||
.prepare(`delete from companies where id = :company_id and project_id = :project_id`)
|
||||
@@ -401,42 +652,7 @@ app.delete('/project/:pid(\\d+)/company/:cid(\\d+)', (req, res, next) => {
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/group', (req, res, next) => {
|
||||
const where = req.query.id ? ' and id = ' + parseInt(req.query.id) : ''
|
||||
|
||||
const rows = db
|
||||
.prepare(`
|
||||
select id, name, telegram_id, is_channel, user_count, bot_can_ban
|
||||
from groups
|
||||
where project_id = :project_id ${where}
|
||||
`)
|
||||
.all(res.locals)
|
||||
|
||||
if (where && rows.length == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
res.status(200).json({success: true, data: where ? rows[0] : rows})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/group/:gid(\\d+)', (req, res, next) => {
|
||||
res.redirect(req.baseUrl + `/project/${req.params.pid}/group?id=${req.params.uid}`)
|
||||
})
|
||||
|
||||
app.delete('/project/:pid(\\d+)/group/:gid(\\d+)', async (req, res, next) => {
|
||||
res.locals.group_id = parseInt(req.params.gid)
|
||||
const info = db
|
||||
.prepare(`update groups set project_id = null where id = :group_id and project_id = :project_id`)
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
await bot.sendMessage(res.locals.group_id, 'Группа удалена из проекта')
|
||||
|
||||
res.status(200).json({success: true})
|
||||
res.status(200).json({success: true, data: {id: req.params.cid}})
|
||||
})
|
||||
|
||||
app.put('/project/:pid(\\d+)/company/:cid(\\d+)/user', (req, res, next) => {
|
||||
@@ -456,8 +672,8 @@ app.put('/project/:pid(\\d+)/company/:cid(\\d+)/user', (req, res, next) => {
|
||||
let rows = db
|
||||
.prepare(`
|
||||
select user_id
|
||||
from group_users
|
||||
where group_id in (select id from groups where project_id = :project_id)
|
||||
from chat_users
|
||||
where chat_id in (select id from chats where project_id = :project_id)
|
||||
`)
|
||||
.pluck(true) // .raw?
|
||||
.get(res.locals)
|
||||
@@ -478,7 +694,6 @@ app.put('/project/:pid(\\d+)/company/:cid(\\d+)/user', (req, res, next) => {
|
||||
if (user_ids.some(user_id => !rows.contains(user_id)))
|
||||
throw Error('USED_MEMBER::400')
|
||||
|
||||
|
||||
db
|
||||
.prepare(`delete from company_users where company_id = :company_id`)
|
||||
.run(res.locals)
|
||||
@@ -493,4 +708,59 @@ app.put('/project/:pid(\\d+)/company/:cid(\\d+)/user', (req, res, next) => {
|
||||
res.status(200).json({success: true})
|
||||
})
|
||||
|
||||
// CHATS
|
||||
function getChat(id, project_id) {
|
||||
const row = db
|
||||
.prepare(`
|
||||
select id, name, telegram_id, is_channel, description, logo, user_count, bot_can_ban
|
||||
from chats c
|
||||
where c.id = :id and project_id = :project_id
|
||||
`)
|
||||
.all({id, project_id})
|
||||
|
||||
if (!row)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
row.is_channel = Boolean(row.is_channel)
|
||||
row.bot_can_ban = Boolean(row.bot_can_ban)
|
||||
|
||||
return row
|
||||
}
|
||||
|
||||
app.get('/project/:pid(\\d+)/chat', (req, res, next) => {
|
||||
const data = db
|
||||
.prepare(`
|
||||
select id, name, telegram_id, is_channel, description, logo, user_count, bot_can_ban
|
||||
from chats
|
||||
where project_id = :project_id
|
||||
`)
|
||||
.all(res.locals)
|
||||
|
||||
data.forEach(row => {
|
||||
row.is_channel = Boolean(row.is_channel)
|
||||
row.bot_can_ban = Boolean(row.bot_can_ban)
|
||||
})
|
||||
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.get('/project/:pid(\\d+)/chat/:gid(\\d+)', (req, res, next) => {
|
||||
const data = getChat(req.params.gid, req.params.pid)
|
||||
res.status(200).json({success: true, data})
|
||||
})
|
||||
|
||||
app.delete('/project/:pid(\\d+)/chat/:gid(\\d+)', async (req, res, next) => {
|
||||
res.locals.chat_id = req.params.gid
|
||||
const info = db
|
||||
.prepare(`update chats set project_id = null where id = :chat_id and project_id = :project_id`)
|
||||
.run(res.locals)
|
||||
|
||||
if (info.changes == 0)
|
||||
throw Error('NOT_FOUND::404')
|
||||
|
||||
await bot.sendMessage(res.locals.chat_id, 'Чат удален из проекта')
|
||||
|
||||
res.status(200).json({success: true, data: {id: req.params.gid}})
|
||||
})
|
||||
|
||||
module.exports = app
|
||||
Reference in New Issue
Block a user