flexbiz-server 12.6.19 → 12.6.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/server/auths/local.js +62 -56
- package/server/auths/local_old.js +60 -0
- package/server/libs/permission.js +3 -2
- package/server/models/app.js +2 -2
- package/server/models/log.js +4 -3
- package/server/modules/lists/ls-customer.js +10 -11
- package/server/modules/lists/ls-deal.js +2 -2
- package/server/modules/lists/ls-task.js +14 -20
- package/server/modules/reports/rp-referredusers.js +2 -2
- package/server/modules/systems/sys-app.js +20 -19
- package/server/modules/systems/sys-data_list_config.js +1 -3
- package/server/modules/systems/sys-domain.js +1 -4
- package/server/modules/systems/sys-exportexceltemplate.js +1 -4
- package/server/modules/systems/sys-fieldright.js +1 -3
- package/server/modules/systems/sys-importexceltemplate.js +1 -4
- package/server/modules/systems/sys-quanhuyen.js +1 -4
- package/server/modules/systems/sys-rptobject.js +1 -3
- package/server/modules/systems/sys-schedule.js +10 -11
- package/server/modules/systems/sys-sysconfig.js +1 -3
- package/server/modules/systems/sys-sysgroup.js +1 -3
- package/server/modules/systems/sys-tableinfo.js +1 -3
- package/server/modules/systems/sys-templatestore.js +4 -4
- package/server/modules/systems/sys-tinhthanh.js +1 -4
- package/server/modules/systems/sys-trangthai.js +3 -4
- package/server/modules/systems/sys-trialinfo.js +1 -3
- package/server/modules/systems/sys-versioninfo.js +1 -3
- package/server/modules/systems/sys-vietqrbanks.js +1 -4
- package/server/modules/systems/sys-xaphuong.js +1 -4
- package/server/models/department.js +0 -4
- package/server/models/service.js +0 -4
- package/server/models/so2.js +0 -10
- package/server/modules/lists/ls-department.js +0 -3
- package/server/modules/lists/ls-form.js +0 -1
- package/server/modules/lists/ls-kygui.js +0 -19
- package/server/modules/lists/ls-service.js +0 -3
- package/server/modules/reports/rp-bds_hoahongctv.js +0 -5
- package/server/modules/vouchers/vo-so2.js +0 -37
package/package.json
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
"name": "flexbiz-server",
|
|
3
3
|
"main": "./server/app.js",
|
|
4
4
|
"description": "Flexible Server",
|
|
5
|
-
"version": "12.6.
|
|
5
|
+
"version": "12.6.20",
|
|
6
6
|
"author": {
|
|
7
7
|
"name": "Van Truong Pham",
|
|
8
8
|
"email": "invncur@gmail.com"
|
|
@@ -61,8 +61,8 @@
|
|
|
61
61
|
"moment-timezone": "^0.5.33",
|
|
62
62
|
"mongodb-backup": "^1.6.9",
|
|
63
63
|
"mongodb-restore": "^1.6.2",
|
|
64
|
-
"mongoose": "^
|
|
65
|
-
"mongoose-storage-usage": "^1.
|
|
64
|
+
"mongoose": "^6.13.10",
|
|
65
|
+
"mongoose-storage-usage": "^1.4.0",
|
|
66
66
|
"morgan": "^1.10.0",
|
|
67
67
|
"multer": "^0.1.8",
|
|
68
68
|
"natives": "^1.1.6",
|
package/server/auths/local.js
CHANGED
|
@@ -1,60 +1,66 @@
|
|
|
1
1
|
const User=global.getModel("user"),Participant=global.getModel("participant"),UserGroup=global.getModel("usergroup"),Customer=global.getModel("customer"),axios=require("axios"),log=global.getModel("log"),App=global.getModel("app"),Wallet=global.getModel("wallet"),Token=global.getModel("token"),BasicStrategy=require("passport-http").BasicStrategy,_crypto=require("crypto"),validator=require("validator"),email=require("../libs/email"),loadTemplate=require("../libs/load-template"),permission=require("../libs/permission"),
|
|
2
|
-
OTP=global.getModel("otp"),DIGITS="0123456789",redisCache=require("../libs/redis-cache"),utils=require("../libs/utils"),Controler=require("../controllers/controller"),{isValidObjectId}=require("mongoose"),total_time_wait_login=36E5,total_time_try_login=3;function generateOTP(){let $OTP$$="";for(let $i$$=0;$i$$<6;$i$$++)$OTP$$+=DIGITS[Math.floor(Math.random()*10)];return $OTP$$}
|
|
2
|
+
OTP=global.getModel("otp"),DIGITS="0123456789",redisCache=require("../libs/redis-cache"),utils=require("../libs/utils"),Controler=require("../controllers/controller"),{executeInTransaction}=require("../libs/sessionContext"),{isValidObjectId}=require("mongoose"),total_time_wait_login=36E5,total_time_try_login=3;function generateOTP(){let $OTP$$="";for(let $i$$=0;$i$$<6;$i$$++)$OTP$$+=DIGITS[Math.floor(Math.random()*10)];return $OTP$$}
|
|
3
3
|
function generateToken($user$$){const $n$$=new Date;return _crypto.createHash("md5").update($user$$.email+$n$$.toISOString()).digest("hex")}function saveOTP($Phone$$,$otp_code$$,$expires$$=5){let $expire_time$$=new Date;$expire_time$$.setMinutes($expire_time$$.getMinutes()+$expires$$);return OTP.create({phone:$Phone$$,otp:$otp_code$$,expire_time:$expire_time$$})}
|
|
4
|
-
function findByUsername($username$$,$fn$$){if(!$username$$)return $fn$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");User.findOne({$or:[{email:$username$$},{"local.phone":$username$$}]},function($error$$,$result$$){return!$error$$&&$result$$&&$result$$.local?$fn$$(null,$result$$):$fn$$($error$$||`T\u00e0i kho\u1ea3n ${$username$$} kh\u00f4ng t\u1ed3n t\u1ea1i`)})}
|
|
5
|
-
async function addUserToApp($user$$,$body$$,$
|
|
6
|
-
|
|
7
|
-
$
|
|
8
|
-
$
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
if(
|
|
14
|
-
$
|
|
4
|
+
function findByUsername($username$$,$fn$$){if(!$username$$)return $fn$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");User.findOne({$or:[{email:$username$$},{"local.phone":$username$$}]},function($error$$,$result$$){return!$error$$&&$result$$&&$result$$.local?$fn$$(null,$result$$):$fn$$($error$$||`T\u00e0i kho\u1ea3n ${$username$$} kh\u00f4ng t\u1ed3n t\u1ea1i`)})}const INTRODUCER_CONTROLLER_KEY="INTRODUCER";
|
|
5
|
+
async function addUserToApp($user$$,$body$$,$session_created$$){if($body$$.id_app){if(!global.mongoose.Types.ObjectId.isValid($body$$.id_app))throw Logger.error("[addUserToApp] id_app kh\u00f4ng h\u1ee3p l\u1ec7",$body$$.id_app),Error("Kh\u00f4ng th\u1ec3 t\u00ecm th\u1ea5y th\u00f4ng tin c\u00f4ng ty n\u00e0y");return executeInTransaction(async()=>{if(!await App.findById($body$$.id_app))throw Logger.error("[addUserToApp] Can't find app",$body$$.id_app),Error("Kh\u00f4ng th\u1ec3 t\u00ecm th\u1ea5y th\u00f4ng tin c\u00f4ng ty n\u00e0y");
|
|
6
|
+
$user$$.current_id_app=$body$$.id_app;let $introducedBy$$;if($body$$.introduce_code){const $contrIntroducer$$=global.controllers[INTRODUCER_CONTROLLER_KEY];if(!$contrIntroducer$$)throw Logger.error("[addUserToApp] Introducer controller ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd"),Error("Kh\u00f4ng th\u1ec3 x\u1eed l\u00fd m\u00e3 gi\u1edbi thi\u1ec7u l\u00fac n\u00e0y");try{$introducedBy$$=await new Promise(($resolve$$,$reject$$)=>{Controler.create($user$$,$contrIntroducer$$,{introduce_code:$body$$.introduce_code},
|
|
7
|
+
($e$$,$intr$$)=>{if($e$$)return $reject$$($e$$.message||$e$$.error||$e$$);$resolve$$($intr$$.be_introduced_by)})})}catch($e$$){throw Logger.error("[addUserToApp] X\u1eed l\u00fd introduce_code th\u1ea5t b\u1ea1i",$body$$.introduce_code,$e$$),$e$$ instanceof Error?$e$$:Error($e$$);}}const $participant$$=await Participant.asyncCreateParticipant({id_app:$body$$.id_app,name:$body$$.name||$user$$.email,email:$body$$.email,group_id:$body$$.group_id,active:!0,session_created:$session_created$$,password:$body$$.password});
|
|
8
|
+
var $cust_existingCustomer$$=await global.getModel("customer").findOne({id_app:$body$$.id_app,of_user:$user$$.email},{_id:1}).lean();if($cust_existingCustomer$$)$introducedBy$$&&await global.getModel("customer").updateOne({_id:$cust_existingCustomer$$._id},{$set:{phu_trach:$introducedBy$$,user_updated:$user$$.email}});else{$cust_existingCustomer$$={ten_kh:$body$$.name||$user$$.email,email:validator.isEmail($user$$.email)?$user$$.email:void 0};$body$$.customer_info&&($cust_existingCustomer$$={...$cust_existingCustomer$$,
|
|
9
|
+
...$body$$.customer_info});$cust_existingCustomer$$.ten_kh||($cust_existingCustomer$$.ten_kh=$body$$.name||$user$$.email);$cust_existingCustomer$$={...$cust_existingCustomer$$,id_app:$body$$.id_app,user_created:$user$$.email,user_updated:$user$$.email,kh_yn:!0,of_user:$user$$.email};if($participant$$&&$participant$$.group_id){const $ug$$=await global.getModel("usergroup").findOne({id_app:$body$$.id_app,_id:$participant$$.group_id},{nh_kh:1}).lean();$cust_existingCustomer$$.nh_kh=($ug$$||{}).nh_kh}$introducedBy$$&&
|
|
10
|
+
($cust_existingCustomer$$.phu_trach=$introducedBy$$);await Customer.asyncCreateCustomer($cust_existingCustomer$$)}return $participant$$},{useParent:!0})}}
|
|
11
|
+
module.exports=async function($app$$,$passport$$){async function $joinUserToApp$$($req$$,$user$$){return executeInTransaction(async()=>{var $customer_idApp$$=$req$$.query.id_app,$participant$$=$req$$.query.group_id&&global.mongoose.Types.ObjectId.isValid($req$$.query.group_id)?$req$$.query.group_id:void 0;const $groupQuery$$={id_app:$customer_idApp$$,$or:[{is_customer_group:!0},{is_partner_group:!0},{is_agent_group:!0},{is_pttt_group:!0}]};$participant$$?$groupQuery$$._id=$participant$$:$groupQuery$$.default_group=
|
|
12
|
+
!0;const [$app$$,$group$$]=await Promise.all([App.findById($customer_idApp$$),UserGroup.findOne($groupQuery$$).lean()]);if(!$app$$||!$group$$)return{blocked:!1};if(($participant$$=await Participant.asyncCreateParticipant({id_app:$customer_idApp$$,email:$user$$.email,name:$user$$.name,group_id:$group$$._id.toString(),active:$group$$.not_need_active}))&&!$participant$$.active)return{blocked:!0,message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t"};
|
|
13
|
+
if($participant$$&&$participant$$.group_id&&await UserGroup.findOne({id_app:$customer_idApp$$,_id:$participant$$.group_id,is_customer_group:!0}).lean()){$customer_idApp$$={ten_kh:$user$$.name||$user$$.email,email:$user$$.email,id_app:$customer_idApp$$,user_created:$user$$.email,user_updated:$user$$.email,kh_yn:!0,of_user:$user$$.email};utils.isMobilePhone($user$$.email,["vi-VN"])&&($customer_idApp$$.dien_thoai=$user$$.email);try{await Customer.asyncCreateCustomer($customer_idApp$$)}catch($e$$){Logger.error("[auth][local] Auto create new customer with error:",
|
|
14
|
+
$e$$.message)}}return{blocked:!1}},{useParent:!0})}const $rateLimiter$$=await global.createRateLimiterMiddleware(configs.limitRequest.auth||{},"auth");$passport$$.use(new BasicStrategy(function($username$$,$password$$,$done$$){if(!$username$$)return $done$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");$username$$=$username$$.trim();let $id_app$$;if($username$$.indexOf("@app=")>0){const $user_app$$=$username$$.split("@app=");$username$$=$user_app$$[0];$id_app$$=$user_app$$[1]}$username$$=$username$$.toLowerCase();
|
|
15
|
+
setImmediate(function(){findByUsername($username$$,async function($err$jscomp$1_pars_pars$$,$user$$){if($err$jscomp$1_pars_pars$$)return $done$$($err$jscomp$1_pars_pars$$);if(!$user$$)return $done$$('T\u00e0i kho\u1ea3n "'+$username$$+'" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd.');if($user$$.status==0)return $done$$("T\u00e0i kho\u1ea3n n\u00e0y kh\u00f4ng c\u00f2n hi\u1ec7u l\u1ef1c");if($user$$.local.rspassword)if($user$$.validRspassword($password$$))$user$$.local.password=$user$$.local.rspassword,
|
|
16
|
+
$user$$.local.rspassword=void 0,User.updateOne({email:$user$$.email},{local:$user$$.local},($e$$,$rs$$)=>{if($e$$)return Logger.error("Can't update password",$user$$.email,$e$$);Logger.info("updated new password",$user$$.email,$rs$$)});else{if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=
|
|
17
|
+
await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}else{if(!$user$$.local.password)return $done$$("M\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i. H\u00e3y s\u1eed d\u1ee5ng t\u00ednh n\u0103ng kh\u00f4i ph\u1ee5c m\u1eadt kh\u1ea9u \u0111\u1ec3 \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y");
|
|
18
|
+
if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}return $done$$(null,
|
|
19
|
+
$user$$)})})}));$app$$.get("/send-otp/:address_receive_otp",$rateLimiter$$,async($id_app$jscomp$2_req$$,$res$$)=>{let $address_receive_otp$$=$id_app$jscomp$2_req$$.params.address_receive_otp.trim().toLowerCase();if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){if(!$id_app$jscomp$2_req$$.query["g-recaptcha-response"])return $res$$.status(400).send("Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token");try{await permission.verifyReCaptcha($id_app$jscomp$2_req$$.query["g-recaptcha-response"])}catch($e$$){return Logger.error("Can't verify recaptcha when send otp",
|
|
15
20
|
$e$$),$res$$.status(400).send($e$$.messag||$e$$.error||$e$$)}}let $u$$=await User.findOne({$or:[{email:$address_receive_otp$$},{"local.phone":$address_receive_otp$$}]});if(!$u$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n ${$address_receive_otp$$} kh\u00f4ng t\u1ed3n t\u1ea1i`});const $username$$=$u$$.email;var $message$jscomp$9_otp_code$$=generateOTP();let $phone$$;$address_receive_otp$$!=$username$$&&utils.isMobilePhone($address_receive_otp$$)?$phone$$=$address_receive_otp$$:utils.isMobilePhone($username$$)?
|
|
16
|
-
$phone$$=$username$$:utils.isMobilePhone(($u$$.local||{}).phone||"")&&($phone$$=($u$$.local||{}).phone);let $optObject$$;try{$optObject$$=await saveOTP($username$$,$message$jscomp$9_otp_code$$)}catch($e$$){return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 OTP"})}if($phone$$){var $email_address_id_app$$=$id_app$$.query.id_app;if($email_address_id_app$$&&isValidObjectId($email_address_id_app$$)){var $app$$=await global.getModel("app").findOne({_id:$email_address_id_app$$});
|
|
21
|
+
$phone$$=$username$$:utils.isMobilePhone(($u$$.local||{}).phone||"")&&($phone$$=($u$$.local||{}).phone);let $optObject$$;try{$optObject$$=await saveOTP($username$$,$message$jscomp$9_otp_code$$)}catch($e$$){return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 OTP"})}if($phone$$){var $email_address_id_app$$=$id_app$jscomp$2_req$$.query.id_app;if($email_address_id_app$$&&isValidObjectId($email_address_id_app$$)){var $app$$=await global.getModel("app").findOne({_id:$email_address_id_app$$});
|
|
17
22
|
const {zalo_otp_template_id:$zalo_otp_template_id$$,zalo_app_id:$zalo_app_id$$,zalo_secret_key:$zalo_secret_key$$,zalo_refresh_token:$zalo_refresh_token$$}=$app$$||{};if($zalo_otp_template_id$$&&$zalo_app_id$$&&$zalo_secret_key$$&&$zalo_refresh_token$$)try{return await utils.sendMessageZalo($email_address_id_app$$,$phone$$,$zalo_otp_template_id$$,{otp:$message$jscomp$9_otp_code$$}),$res$$.send($optObject$$.toObject())}catch($e$$){return $message$jscomp$9_otp_code$$=$e$$.message||$e$$.error||$e$$,
|
|
18
|
-
Logger.error("[local] [send otp via zalo] Can't send message from zalo",$message$jscomp$9_otp_code$$),$res$$.status(400).send({error:$message$jscomp$9_otp_code$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi zalo "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}}if(configs.sms&&(configs.sms.send||configs.sms.genUrlSendOTP))if(configs.sms.send)configs.sms.send($phone$$,$message$jscomp$9_otp_code$$,$id_app$$.query.id_app).then($rs$$=>{$rs$$.error_message
|
|
19
|
-
$rs$$.error||$rs$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`}):$res$$.send($optObject$$.toObject())}).catch($e$$=>{$e$$||={message:"Kh\u00f4ng th\u1ec3 g\u1eedi m\u00e3 OTP"};Logger.error("[local] [send otp via sms] Error send sms",$e$$);$res$$.status(400).send({error:$e$$.ErrorMessage||$e$$.message||$e$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});
|
|
20
|
-
else if($message$jscomp$9_otp_code$$=configs.sms.genUrlSendOTP($phone$$,$message$jscomp$9_otp_code$$,$id_app$$.query.id_app))try{await axios.get($message$jscomp$9_otp_code$$),$res$$.send($optObject$$.toObject())}catch($e$$){Logger.error($e$$),$res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`});
|
|
21
|
-
else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else validator.isEmail($address_receive_otp$$)&&$address_receive_otp$$!=$username$$?$email_address_id_app$$=$address_receive_otp$$:validator.isEmail($username$$)?$email_address_id_app$$=$username$$:$u$$.email2&&validator.isEmail($u$$.email2)&&($email_address_id_app$$=$u$$.email2),($id_app$$=$id_app$$.query.id_app)&&
|
|
22
|
-
isValidObjectId($id_app$$)&&($app$$=await global.getModel("app").findOne({_id:$id_app$$}).lean()),$email_address_id_app$$?email.sendHtml({to:{address:$email_address_id_app$$},subject:"M\u00e3 x\u00e1c th\u1ef1c",html:`Xin vui l\u00f2ng g\u1eedi qu\u00fd kh\u00e1ch m\u00e3 x\u00e1c th\u1ef1c: ${$message$jscomp$9_otp_code$$}. M\u00e3 n\u00e0y s\u1ebd h\u1ebft h\u1ea1n s\u1eed d\u1ee5ng sau 5 ph\u00fat.`,app_info:$app$$},function($error$$){$error$$?(Logger.error("Error send otp to email"
|
|
23
|
-
$res$$.send($optObject$$.toObject())},configs.sender_otp):$res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});$app$$.get("/verify-otp/:id/:otp",$rateLimiter$$,async function($req$$,$res$$){try{const $id
|
|
24
|
-
code:4001});const $otp_code$$=$req$$.params.otp,$otp$$=await OTP.findById($id$$);if(!$otp$$)return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});$otp$$.tried_number=($otp$$.tried_number||0)+1;await $otp$$.save();if($otp$$.otp!=$otp_code$$||$otp$$.verified
|
|
25
|
-
code:4001});await OTP.updateOne({_id:$id$$},{verified:!0});let $user$$=await User.findOne({email:$otp$$.phone});if(!$user$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});if(!$user$$.local||!$user$$.local.active){$user$$.local
|
|
26
|
-
$e$$),$res$$.status(500).send($e$$)}}const $accessToken$$=generateToken($user$$);(new Token({email:$user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1
|
|
27
|
-
$app$$.post("/auth/sign",$rateLimiter$$,($req$$,$res$$,$next$$)=>{$passport$$.authenticate("basic",{session:!1},function($err$$,$user$$){if($err$$||!$user$$)return $res$$.status(401).send({message:$err$$||"Unauthorized"});$req$$.user
|
|
28
|
-
try{let $signature$$=await Wallet.sign($data$$.id_app,$req$jscomp$
|
|
29
|
-
$
|
|
30
|
-
$
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
$
|
|
35
|
-
$req$$.
|
|
36
|
-
$
|
|
37
|
-
if($
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
User.updateOne({email:$
|
|
41
|
-
$
|
|
42
|
-
$
|
|
43
|
-
|
|
44
|
-
$
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
$
|
|
52
|
-
|
|
53
|
-
$
|
|
54
|
-
$
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
email
|
|
60
|
-
|
|
23
|
+
Logger.error("[local] [send otp via zalo] Can't send message from zalo",$message$jscomp$9_otp_code$$),$res$$.status(400).send({error:$message$jscomp$9_otp_code$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi zalo "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}}if(configs.sms&&(configs.sms.send||configs.sms.genUrlSendOTP))if(configs.sms.send)configs.sms.send($phone$$,$message$jscomp$9_otp_code$$,$id_app$jscomp$2_req$$.query.id_app).then($rs$$=>{$rs$$.error_message?
|
|
24
|
+
$res$$.status(400).send({error:$rs$$.message||$rs$$.error||$rs$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`}):$res$$.send($optObject$$.toObject())}).catch($e$$=>{$e$$||={message:"Kh\u00f4ng th\u1ec3 g\u1eedi m\u00e3 OTP"};Logger.error("[local] [send otp via sms] Error send sms",$e$$);$res$$.status(400).send({error:$e$$.ErrorMessage||$e$$.message||$e$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});
|
|
25
|
+
else if($message$jscomp$9_otp_code$$=configs.sms.genUrlSendOTP($phone$$,$message$jscomp$9_otp_code$$,$id_app$jscomp$2_req$$.query.id_app))try{await axios.get($message$jscomp$9_otp_code$$),$res$$.send($optObject$$.toObject())}catch($e$$){Logger.error($e$$),$res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`});
|
|
26
|
+
else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else validator.isEmail($address_receive_otp$$)&&$address_receive_otp$$!=$username$$?$email_address_id_app$$=$address_receive_otp$$:validator.isEmail($username$$)?$email_address_id_app$$=$username$$:$u$$.email2&&validator.isEmail($u$$.email2)&&($email_address_id_app$$=$u$$.email2),($id_app$jscomp$2_req$$=$id_app$jscomp$2_req$$.query.id_app)&&
|
|
27
|
+
isValidObjectId($id_app$jscomp$2_req$$)&&($app$$=await global.getModel("app").findOne({_id:$id_app$jscomp$2_req$$}).lean()),$email_address_id_app$$?email.sendHtml({to:{address:$email_address_id_app$$},subject:"M\u00e3 x\u00e1c th\u1ef1c",html:`Xin vui l\u00f2ng g\u1eedi qu\u00fd kh\u00e1ch m\u00e3 x\u00e1c th\u1ef1c: ${$message$jscomp$9_otp_code$$}. M\u00e3 n\u00e0y s\u1ebd h\u1ebft h\u1ea1n s\u1eed d\u1ee5ng sau 5 ph\u00fat.`,app_info:$app$$},function($error$$){$error$$?(Logger.error("Error send otp to email",
|
|
28
|
+
$error$$),$res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi email "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})):$res$$.send($optObject$$.toObject())},configs.sender_otp):$res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});$app$$.get("/verify-otp/:id/:otp",$rateLimiter$$,async function($req$$,$res$$){try{const $id$$=
|
|
29
|
+
$req$$.params.id;if(!global.mongoose.Types.ObjectId.isValid($id$$))return $res$$.status(400).send({error:"ID c\u1ee7a m\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng h\u1ee3p l\u1ec7",code:4001});const $otp_code$$=$req$$.params.otp,$otp$$=await OTP.findById($id$$);if(!$otp$$)return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});$otp$$.tried_number=($otp$$.tried_number||0)+1;await $otp$$.save();if($otp$$.otp!=$otp_code$$||$otp$$.verified||
|
|
30
|
+
$otp$$.tried_number>(configs.MAX_TRY_OTP||3)||$otp$$.expire_time.getTime()<(new Date).getTime())return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i ho\u1eb7c \u0111\u00e3 h\u1ebft hi\u1ec7u l\u1ef1c",code:4001});await OTP.updateOne({_id:$id$$},{verified:!0});let $user$$=await User.findOne({email:$otp$$.phone});if(!$user$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});if(!$user$$.local||!$user$$.local.active){$user$$.local=
|
|
31
|
+
$user$$.local||{};$user$$.local.active=!0;try{await $user$$.save(),redisCache.set("user",$user$$.toObject(),function($e$$){$e$$?Logger.error($e$$):Logger.info("cache user infomation to redis")})}catch($e$$){return Logger.info("error verify otp, create user",$e$$),$res$$.status(500).send($e$$)}}const $accessToken$$=generateToken($user$$);(new Token({email:$user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||
|
|
32
|
+
$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save(function($e$$,$rs$$){return $e$$?$res$$.status(500).send($e$$):$res$$.send({token:$accessToken$$,once:$rs$$.once})})}catch($e$$){Logger.error("error verify otp",$e$$),$res$$.status(400).send($e$$.message)}});$app$$.post("/auth/sign",$rateLimiter$$,($req$$,$res$$,$next$$)=>{$passport$$.authenticate("basic",{session:!1},function($err$$,$user$$){if($err$$||!$user$$)return $res$$.status(401).send({message:$err$$||"Unauthorized"});$req$$.user=
|
|
33
|
+
$user$$;$next$$()})($req$$,$res$$,$next$$)},async($req$jscomp$8_user$$,$res$$)=>{let $data$$=$req$jscomp$8_user$$.body;$req$jscomp$8_user$$=$req$jscomp$8_user$$.user;if(!$data$$)return $res$$.status(400).send("Not have data to sign");if(!$data$$.id_app)return $res$$.status(400).send("Data miss id_app property");try{let $signature$$=await Wallet.sign($data$$.id_app,$req$jscomp$8_user$$.email,$data$$);$res$$.send($signature$$)}catch($e$$){return $res$$.status(400).send($e$$.message||$e$$)}});const $asyncHandler$$=
|
|
34
|
+
$fn$$=>($req$$,$res$$,$next$$)=>Promise.resolve($fn$$($req$$,$res$$,$next$$)).catch($next$$),$redisIncrAsync$$=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.incr($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisExpireAsync$$=($key$$,$ttlSeconds$$)=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.expire($key$$,$ttlSeconds$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisPttlAsync$$=$key$$=>new Promise(($resolve$$,
|
|
35
|
+
$reject$$)=>{global.clientRedis.pttl($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisDelAsync$$=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.del($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});$app$$.get("/auth/local",$rateLimiter$$,$asyncHandler$$(async function($req$$,$res$$,$next$$){var $JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$req$$.headers.authorization;if(!$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$)return $res$$.status(400).send({message:"Authorization is required"});
|
|
36
|
+
try{var $JSCompiler_inline_result$jscomp$0_password_raw_xff$$=Buffer.from($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.replace(/^Basic\s+/i,""),"base64").toString("utf-8")}catch($e$$){return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"})}var $idApp_sepIndex$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.indexOf(":");if($idApp_sepIndex$$<0)return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"});
|
|
37
|
+
$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice(0,$idApp_sepIndex$$).trim().toLowerCase();$JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice($idApp_sepIndex$$+1).trim();($idApp_sepIndex$$=$req$$.query.id_app)&&global.mongoose.Types.ObjectId.isValid($idApp_sepIndex$$)&&$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.indexOf("@app=")<
|
|
38
|
+
0&&(Logger.info("[signin] add id_app into username",$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,$idApp_sepIndex$$),$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=`${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}@app=${$idApp_sepIndex$$}`,$req$$.headers.authorization=`Basic ${Buffer.from(`${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}:${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}`).toString("base64")}`);
|
|
39
|
+
$JSCompiler_inline_result$jscomp$0_password_raw_xff$$=($JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$req$$.headers["x-forwarded-for"])?$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.split(",")[0].trim():$req$$.ip||$req$$.socket&&$req$$.socket.remoteAddress||"unknown";$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=`bruteforce:login:${_crypto.createHash("sha256").update(`${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}:${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}`).digest("hex")}`;
|
|
40
|
+
$req$$.bruteForceKey=$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$;try{const $times$$=await $redisIncrAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);$times$$===1&&await $redisExpireAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,Math.ceil(total_time_wait_login/1E3));if($times$$>total_time_try_login){const $ttlMs$$=await $redisPttlAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);
|
|
41
|
+
if($ttlMs$$>0){var $JSCompiler_inline_result$$=Math.round($ttlMs$$/6E4*100)/100;return $res$$.status(400).send({message:`B\u1ea1n \u0111\u0103ng nh\u1eadp sai ${total_time_try_login} l\u1ea7n li\u00ean ti\u1ebfp. H\u00e3y th\u1eed l\u1ea1i sau ${$JSCompiler_inline_result$$} ph\u00fat`})}}return $next$$()}catch($e$$){return Logger.error("[auth][local] brute-force check failed, fail-open",$e$$),$next$$()}}),function($req$$,$res$$,$next$$){$passport$$.authenticate("basic",{session:!1},async($err$$,$user$$)=>
|
|
42
|
+
{if($err$$||!$user$$)return Logger.warn("[auth][local] authentication failed",$err$$?$err$$.message||$err$$:"no user"),$res$$.status(401).send({message:$err$$&&$err$$.message||"Unauthorized"});if(configs.require_verify&&!$user$$.local.active)return Logger.warn("[local] H\u1ec7 th\u1ed1ng y\u00eau c\u1ea7u x\u00e1c th\u1ef1c:",$user$$.email),$res$$.status(401).send({require_verify:!0});try{const $idApp$$=$req$$.query.id_app;if($idApp$$&&global.mongoose.Types.ObjectId.isValid($idApp$$)){const $participant$$=
|
|
43
|
+
await global.getModel("participant").findOne({id_app:$idApp$$,email:$user$$.email}).lean();if($participant$$&&!$participant$$.active&&!$participant$$.admin)return $res$$.status(401).send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t",active:!1})}}catch($e$$){return Logger.error("[auth][local] error checking participant status",$e$$),$res$$.status(500).send({message:"\u0110\u00e3 c\u00f3 l\u1ed7i x\u1ea3y ra, vui l\u00f2ng th\u1eed l\u1ea1i sau"})}$req$$.user=
|
|
44
|
+
$user$$;return $next$$()})($req$$,$res$$,$next$$)},$asyncHandler$$(async function($req$$,$res$$){const $user$$=$req$$.user,$agent$$=$req$$.headers["user-agent"],$sessionCreated$$=($req$$.cookies||{}).uid,$isOnce$$=$req$$.query.once==="true"||$req$$.query.once==="1";let $joinResult$$={blocked:!1};try{await executeInTransaction(async()=>{$req$$.query.id_app&&global.mongoose.Types.ObjectId.isValid($req$$.query.id_app)&&($joinResult$$=await $joinUserToApp$$($req$$,$user$$));$joinResult$$.blocked||$sessionCreated$$&&
|
|
45
|
+
await User.updateOne({email:$user$$.email,session_created:null},{session_created:$sessionCreated$$})},{useParent:!0})}catch($e$$){return Logger.error("[auth][local] login transaction failed, rolled back",$user$$.email,$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 ho\u00e0n t\u1ea5t \u0111\u0103ng nh\u1eadp, vui l\u00f2ng th\u1eed l\u1ea1i"})}if($joinResult$$.blocked)return $res$$.status(401).send({message:$joinResult$$.message,active:!1});const $accessToken$$=generateToken($user$$);
|
|
46
|
+
let $savedToken$$;try{$savedToken$$=await (new Token({email:$user$$.email,session_created:$sessionCreated$$,id_apps:$user$$.token_id_apps,only_id_app:$user$$.token_id_app,token:$accessToken$$,agent:$agent$$,ip:"",once:$isOnce$$})).save()}catch($e$$){return Logger.error("[auth][local] failed to save token",$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 t\u1ea1o phi\u00ean \u0111\u0103ng nh\u1eadp"})}log.create({id_app:"LOGIN",id_func:"LOGIN",action:"LOCALLOGIN"},$user$$.email,$agent$$,
|
|
47
|
+
$req$$);try{$req$$.bruteForceKey&&await $redisDelAsync$$($req$$.bruteForceKey)}catch($e$$){Logger.error("[auth][local] failed to reset brute-force counter",$e$$)}return $res$$.send({token:$accessToken$$,once:$savedToken$$.once})}));$app$$.get("/check-user/:email",$rateLimiter$$,function($req$$,$res$$){const $email$$=$req$$.params.email;User.findOne({$or:[{email:$email$$},{"local.phone":$email$$}]},{email:1,name:1,picture:1}).lean().then(function($user$$){if(!$user$$)return $res$$.status(400).send(`T\u00e0i kho\u1ea3n ${$email$$} kh\u00f4ng t\u1ed3n t\u1ea1i`);
|
|
48
|
+
$res$$.send($user$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.post("/signup",$rateLimiter$$,async($req$$,$res$$)=>{let $body$$=$req$$.body;$body$$.json&&($body$$=JSON.parse($body$$.json));if(!$body$$)return $res$$.status(400).send({error:"Kh\u00f4ng c\u00f3 n\u1ed9i dung"});if($body$$.id_app&&!global.mongoose.Types.ObjectId.isValid($body$$.id_app))return $res$$.status(400).send({error:"id_app kh\u00f4ng h\u1ee3p l\u1ec7"});if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){var $app$$=$body$$["g-recaptcha-response"]||
|
|
49
|
+
$req$$.query["g-recaptcha-response"];if(!$app$$)return $res$$.status(400).send({error:"Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token"});try{await permission.verifyReCaptcha($app$$)}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}}let $session_created$$=($req$$.cookies||{}).uid;if($session_created$$&&$body$$.id_app){$app$$=await App.findById($body$$.id_app);if(!$app$$)return $res$$.status(400).send({error:"C\u00f4ng ty kh\u00f4ng t\u1ed3n t\u1ea1i"});
|
|
50
|
+
if($app$$.options&&$app$$.options.one_account_per_device&&await Participant.findOne({session_created:$session_created$$,id_app:$body$$.id_app}).lean())return $res$$.status(400).send({error:"M\u1ed7i thi\u1ebft b\u1ecb ch\u1ec9 \u0111\u01b0\u1ee3c t\u1ea1o m\u1ed9t t\u00e0i kho\u1ea3n"})}if(!$body$$.email)return $res$$.status(400).send({error:"B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n"});$body$$.email=$body$$.email.trim().toLowerCase();if(!validator.isEmail($body$$.email)&&!utils.isMobilePhone($body$$.email,
|
|
51
|
+
["vi-VN"]))return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp ph\u1ea3i l\u00e0 1 \u0111\u1ecba ch\u1ec9 email ho\u1eb7c 1 s\u1ed1 \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng"});if(!$body$$.name)return $res$$.status(400).send({error:"H\u1ecd v\u00e0 t\u00ean ch\u01b0a nh\u1eadp"});if($body$$.introduce_code&&$body$$.id_app&&!await global.getModel("introducecode").findOne({id_app:$body$$.id_app,status:!0,introduce_code:$body$$.introduce_code}).lean())return $res$$.status(400).send({error:"M\u00e3 gi\u1edbi thi\u1ec7u kh\u00f4ng h\u1ee3p l\u1ec7"});
|
|
52
|
+
Logger.info("[signup] \u0111ang \u0111\u0103ng k\u00fd t\u00e0i kho\u1ea3n",$body$$.email,"...");User.findOne({$or:[{email:$body$$.email},{"local.phone":$body$$.email}]},async function($error$$,$new_user$$){if($error$$)return $res$$.status(400).send($error$$);if($new_user$$)if(!$new_user$$.local||configs.require_verify&&!$new_user$$.local.active||$new_user$$.local.email!=$body$$.email)$new_user$$.local||($new_user$$.local={});else if($body$$.id_app){Logger.info(`[signup] t\u00e0i kho\u1ea3n ${$body$$.email}. \u0110ang th\u00eam v\u00e0o c\u00f4ng ty "${$body$$.id_app}"...`);
|
|
53
|
+
try{let $p$$=await global.getModel("participant").findOne({id_app:$body$$.id_app,email:$body$$.email});if($p$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n n\u00e0y \u0111\u00e3 t\u1ed3n t\u1ea1i"});$p$$=await addUserToApp($new_user$$,$body$$,$session_created$$);let $accessToken$$;if($new_user$$.local.active)try{$accessToken$$=generateToken($new_user$$),await (new Token({email:$new_user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],
|
|
54
|
+
ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$new_user$$.email,$e$$)}return $res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd th\u00e0nh c\u00f4ng',token:$accessToken$$,active:$new_user$$.local.active})}catch($e$$){return await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),
|
|
55
|
+
$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}}else return $res$$.status(400).send({error:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd'});else $new_user$$=new User,$new_user$$.email=$body$$.email,$new_user$$.local={};$new_user$$.local.email=$body$$.email;$new_user$$.local.name=$body$$.name;$new_user$$.local.active=!configs.require_verify;$new_user$$.partner=$body$$.partner;$new_user$$.session_created=$session_created$$;$body$$.email2&&
|
|
56
|
+
validator.isEmail($body$$.email2)&&($new_user$$.email2=$body$$.email2);$new_user$$.name=$new_user$$.local.name;$body$$.picture?$new_user$$.local.picture=$body$$.picture:$new_user$$.local.picture||($new_user$$.local.picture="/images/avatar.jpg");let $password$$;if($body$$.password){if($body$$.rePassword!==$body$$.password)return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u x\u00e1c nh\u1eadn kh\u00f4ng ch\u00ednh x\u00e1c"});if(!User.teststrengthPassword($body$$.password))return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u ph\u1ea3i c\u00f3 \u00edt nh\u1ea5t 6 k\u00fd t\u1ef1 v\u00e0 bao g\u1ed3m \u00edt nh\u1ea5t m\u1ed9t ch\u1eef s\u1ed1, m\u1ed9t ch\u1eef hoa v\u00e0 m\u1ed9t ch\u1eef th\u01b0\u1eddng"});
|
|
57
|
+
$password$$=$body$$.password}else $password$$=_crypto.createHash("md5").update($new_user$$.email+(new Date).toISOString()).digest("hex");$new_user$$.local.password=$new_user$$.generateHash($new_user$$.email+$password$$);$new_user$$.save(async function($app$jscomp$5_error$$,$newUser$$){if($app$jscomp$5_error$$)return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 \u0111\u0103ng k\u00fd"});log.create({id_app:"SIGNUP",id_func:"SIGNUP",action:"SIGNUP"},$new_user$$.email,$req$$.header("user-agent"),
|
|
58
|
+
$req$$);if($body$$.cty_name){$app$jscomp$5_error$$=new App;$app$jscomp$5_error$$.user_created=$new_user$$.email;$app$jscomp$5_error$$.user_updated=$new_user$$.email;$app$jscomp$5_error$$.name=$body$$.cty_name;var $d_now$$=new Date;$app$jscomp$5_error$$.ngay_dn=new Date($d_now$$.getFullYear(),0,1);$app$jscomp$5_error$$.ngay_ks=new Date($d_now$$.getFullYear()-1,12,0);$app$jscomp$5_error$$.nam_bd=$d_now$$.getFullYear();$app$jscomp$5_error$$.ngay_ky1=new Date($d_now$$.getFullYear(),0,1);$d_now$$=new Date;
|
|
59
|
+
$d_now$$.setMonth($d_now$$.getMonth()+3);$app$jscomp$5_error$$.expire_date=new Date($d_now$$);$app$jscomp$5_error$$.save(function($error$$,$obj$$){if($error$$)return Logger.error("[signup] Khong tao duoc new app: "+$error$$);require("../libs/initDatabase").init($obj$$._id,function($error$$){$error$$&&Logger.error("[signup] Can't init database \n"+$error$$)})})}try{await addUserToApp($newUser$$,$body$$,$session_created$$)}catch($e$$){return Logger.error("[signup] add user to app",$e$$.message||$e$$.error||
|
|
60
|
+
$e$$),await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),await User.deleteOne({email:$body$$.email}),$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}let $accessToken$$;if($newUser$$.local.active)try{$accessToken$$=generateToken($newUser$$),await (new Token({email:$newUser$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once===
|
|
61
|
+
"1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$newUser$$.email,$e$$)}validator.isEmail($body$$.email)&&!$body$$.password?(loadTemplate("thong tin dang nhap.html",{email:$new_user$$.email,password:$password$$,receiver_name:$body$$.name},function($error$$,$html$$){if($error$$)return Logger.info($error$$);email.sendHtml({to:{name:$new_user$$.name,address:$new_user$$.email},subject:"Th\u00f4ng tin t\u00e0i kho\u1ea3n",html:$html$$},function($error$$){$error$$&&
|
|
62
|
+
Logger.error("Khong the gui email thon tin tai khoan cho nguoi dung\n"+$error$$)})}),$res$$.send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y th\u00f4ng tin \u0111\u0103ng nh\u1eadp",token:$accessToken$$,active:$newUser$$.local.active})):$res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o',token:$accessToken$$,active:$newUser$$.local.active})})})});$app$$.get("/resetpassword",
|
|
63
|
+
$rateLimiter$$,async($req$$,$res$$)=>{if(configs.GOOGLE_RECAPTCHA_SECRET_KEY)try{await permission.verifyReCaptcha($req$$.query["g-recaptcha-response"])}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}let $address$$=$req$$.query.email;if(!$address$$)return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u m\u1ed9t \u0111\u1ecba ch\u1ec9 email ho\u1eb7c s\u1ed1 \u0111i\u1ec7n tho\u1ea1i"});$address$$=$address$$.toLowerCase();User.findOne({$or:[{"local.email":$address$$},
|
|
64
|
+
{email:$address$$},{email2:$address$$}]},function($error$$,$result$$){if($error$$)return $res$$.status(400).send($error$$);if(!$result$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n "${$address$$}" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd`});let $newpassword$$=_crypto.createHash("md5").update((new Date).toISOString()).digest("hex");$result$$.local.rspassword=$result$$.generateHash($result$$.email+$newpassword$$);$result$$.save(function($error$$){if($error$$)return $res$$.status(400).send($error$$);
|
|
65
|
+
loadTemplate("reset mat khau.html",{receiver_name:$result$$.name,email:$result$$.email,password:$newpassword$$},function($error$$,$html$$){if($error$$)return $res$$.status(400).send($error$$);$result$$.email&&validator.isEmail($result$$.email)&&email.sendHtml({to:{name:$result$$.name,address:$result$$.email},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+$error$$):Logger.info("send new password to",
|
|
66
|
+
$result$$.email)});$result$$.email2&&validator.isEmail($result$$.email2)&&email.sendHtml({to:{name:$result$$.name,address:$result$$.email2},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+$error$$):Logger.info("send new password to",$result$$.email)});log.create({id_app:"RESETPASSWORD",id_func:"RESETPASSWORD",action:"RESETPASSWORD"},$result$$.email,$req$$.header("user-agent"),$req$$);$res$$.send({message:"M\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ed5i th\u00e0nh c\u00f4ng. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y m\u1eadt kh\u1ea9u m\u1edbi, sau \u0111\u00f3 b\u1ea1n n\u00ean \u0111\u1ed5i m\u1eadt kh\u1ea9u n\u00e0y"})})})})})};
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
const User=global.getModel("user"),Participant=global.getModel("participant"),UserGroup=global.getModel("usergroup"),Customer=global.getModel("customer"),axios=require("axios"),log=global.getModel("log"),App=global.getModel("app"),Wallet=global.getModel("wallet"),Token=global.getModel("token"),BasicStrategy=require("passport-http").BasicStrategy,_crypto=require("crypto"),validator=require("validator"),email=require("../libs/email"),loadTemplate=require("../libs/load-template"),permission=require("../libs/permission"),
|
|
2
|
+
OTP=global.getModel("otp"),DIGITS="0123456789",redisCache=require("../libs/redis-cache"),utils=require("../libs/utils"),Controler=require("../controllers/controller"),{isValidObjectId}=require("mongoose"),total_time_wait_login=36E5,total_time_try_login=3;function generateOTP(){let $OTP$$="";for(let $i$$=0;$i$$<6;$i$$++)$OTP$$+=DIGITS[Math.floor(Math.random()*10)];return $OTP$$}
|
|
3
|
+
function generateToken($user$$){const $n$$=new Date;return _crypto.createHash("md5").update($user$$.email+$n$$.toISOString()).digest("hex")}function saveOTP($Phone$$,$otp_code$$,$expires$$=5){let $expire_time$$=new Date;$expire_time$$.setMinutes($expire_time$$.getMinutes()+$expires$$);return OTP.create({phone:$Phone$$,otp:$otp_code$$,expire_time:$expire_time$$})}
|
|
4
|
+
function findByUsername($username$$,$fn$$){if(!$username$$)return $fn$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");User.findOne({$or:[{email:$username$$},{"local.phone":$username$$}]},function($error$$,$result$$){return!$error$$&&$result$$&&$result$$.local?$fn$$(null,$result$$):$fn$$($error$$||`T\u00e0i kho\u1ea3n ${$username$$} kh\u00f4ng t\u1ed3n t\u1ea1i`)})}
|
|
5
|
+
async function addUserToApp($user$$,$body$$,$par_session_created$$){if($body$$.id_app){if(!await App.findById($body$$.id_app))throw Logger.error("[addUserToApp] Can't find app",$body$$.id_app),"Kh\u00f4ng th\u1ec3 t\u00ecm th\u1ea5y th\u00f4ng tin c\u00f4ng ty n\u00e0y";$user$$.current_id_app=$body$$.id_app;$par_session_created$$=await Participant.asyncCreateParticipant({id_app:$body$$.id_app,name:$body$$.name||$user$$.email,email:$body$$.email,group_id:$body$$.group_id,active:!0,session_created:$par_session_created$$,
|
|
6
|
+
password:$body$$.password});let $cust$$;if(!await global.getModel("customer").findOne({id_app:$body$$.id_app,of_user:$user$$.email},{_id:1}).lean()&&($cust$$={ten_kh:$body$$.name||$user$$.email,email:validator.isEmail($user$$.email)?$user$$.email:void 0},$body$$.customer_info&&($cust$$={...$cust$$,...$body$$.customer_info}),$cust$$.ten_kh||($cust$$.ten_kh=$body$$.name||$user$$.email),$cust$$={...$cust$$,id_app:$body$$.id_app,user_created:$user$$.email,user_updated:$user$$.email,kh_yn:!0,of_user:$user$$.email},
|
|
7
|
+
$par_session_created$$&&$par_session_created$$.group_id)){let $ug$$=await global.getModel("usergroup").findOne({id_app:$body$$.id_app,_id:$par_session_created$$.group_id},{nh_kh:1});$cust$$.nh_kh=($ug$$||{}).nh_kh}if($body$$.introduce_code){let $contrIntroducer$$=global.controllers.INTRODUCER;await new Promise(($rs$$,$rj$$)=>{Controler.create($user$$,$contrIntroducer$$,{introduce_code:$body$$.introduce_code},($e$$,$intr$$)=>{if($e$$)return $rj$$($e$$.message||$e$$.error||$e$$);$cust$$&&($cust$$.phu_trach=
|
|
8
|
+
$intr$$.be_introduced_by);$rs$$()})})}$cust$$&&await Customer.asyncCreateCustomer($cust$$);return $par_session_created$$}}
|
|
9
|
+
module.exports=async function($app$$,$passport$$){const $rateLimiter$$=await global.createRateLimiterMiddleware(configs.limitRequest.auth||{},"auth");$passport$$.use(new BasicStrategy(function($username$$,$password$$,$done$$){if(!$username$$)return $done$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");$username$$=$username$$.trim();let $id_app$$;if($username$$.indexOf("@app=")>0){const $user_app$$=$username$$.split("@app=");$username$$=$user_app$$[0];$id_app$$=$user_app$$[1]}$username$$=$username$$.toLowerCase();
|
|
10
|
+
setImmediate(function(){findByUsername($username$$,async function($err_pars_pars$$,$user$$){if($err_pars_pars$$)return $done$$($err_pars_pars$$);if(!$user$$)return $done$$('T\u00e0i kho\u1ea3n "'+$username$$+'" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd.');if($user$$.status==0)return $done$$("T\u00e0i kho\u1ea3n n\u00e0y kh\u00f4ng c\u00f2n hi\u1ec7u l\u1ef1c");if($user$$.local.rspassword)if($user$$.validRspassword($password$$))$user$$.local.password=$user$$.local.rspassword,$user$$.local.rspassword=
|
|
11
|
+
void 0,User.updateOne({email:$user$$.email},{local:$user$$.local},($e$$,$rs$$)=>{if($e$$)return Logger.error("Can't update password",$user$$.email,$e$$);Logger.info("updated new password",$user$$.email,$rs$$)});else{if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err_pars_pars$$=await $user$$.getAppOfPassword($password$$),
|
|
12
|
+
$err_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}else{if(!$user$$.local.password)return $done$$("M\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i. H\u00e3y s\u1eed d\u1ee5ng t\u00ednh n\u0103ng kh\u00f4i ph\u1ee5c m\u1eadt kh\u1ea9u \u0111\u1ec3 \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y");
|
|
13
|
+
if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err_pars_pars$$=await $user$$.getAppOfPassword($password$$),$err_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}return $done$$(null,
|
|
14
|
+
$user$$)})})}));$app$$.get("/send-otp/:address_receive_otp",$rateLimiter$$,async($id_app$$,$res$$)=>{let $address_receive_otp$$=$id_app$$.params.address_receive_otp.trim().toLowerCase();if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){if(!$id_app$$.query["g-recaptcha-response"])return $res$$.status(400).send("Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token");try{await permission.verifyReCaptcha($id_app$$.query["g-recaptcha-response"])}catch($e$$){return Logger.error("Can't verify recaptcha when send otp",
|
|
15
|
+
$e$$),$res$$.status(400).send($e$$.messag||$e$$.error||$e$$)}}let $u$$=await User.findOne({$or:[{email:$address_receive_otp$$},{"local.phone":$address_receive_otp$$}]});if(!$u$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n ${$address_receive_otp$$} kh\u00f4ng t\u1ed3n t\u1ea1i`});const $username$$=$u$$.email;var $message$jscomp$9_otp_code$$=generateOTP();let $phone$$;$address_receive_otp$$!=$username$$&&utils.isMobilePhone($address_receive_otp$$)?$phone$$=$address_receive_otp$$:utils.isMobilePhone($username$$)?
|
|
16
|
+
$phone$$=$username$$:utils.isMobilePhone(($u$$.local||{}).phone||"")&&($phone$$=($u$$.local||{}).phone);let $optObject$$;try{$optObject$$=await saveOTP($username$$,$message$jscomp$9_otp_code$$)}catch($e$$){return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 OTP"})}if($phone$$){var $email_address_id_app$$=$id_app$$.query.id_app;if($email_address_id_app$$&&isValidObjectId($email_address_id_app$$)){var $app$$=await global.getModel("app").findOne({_id:$email_address_id_app$$});
|
|
17
|
+
const {zalo_otp_template_id:$zalo_otp_template_id$$,zalo_app_id:$zalo_app_id$$,zalo_secret_key:$zalo_secret_key$$,zalo_refresh_token:$zalo_refresh_token$$}=$app$$||{};if($zalo_otp_template_id$$&&$zalo_app_id$$&&$zalo_secret_key$$&&$zalo_refresh_token$$)try{return await utils.sendMessageZalo($email_address_id_app$$,$phone$$,$zalo_otp_template_id$$,{otp:$message$jscomp$9_otp_code$$}),$res$$.send($optObject$$.toObject())}catch($e$$){return $message$jscomp$9_otp_code$$=$e$$.message||$e$$.error||$e$$,
|
|
18
|
+
Logger.error("[local] [send otp via zalo] Can't send message from zalo",$message$jscomp$9_otp_code$$),$res$$.status(400).send({error:$message$jscomp$9_otp_code$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi zalo "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}}if(configs.sms&&(configs.sms.send||configs.sms.genUrlSendOTP))if(configs.sms.send)configs.sms.send($phone$$,$message$jscomp$9_otp_code$$,$id_app$$.query.id_app).then($rs$$=>{$rs$$.error_message?$res$$.status(400).send({error:$rs$$.message||
|
|
19
|
+
$rs$$.error||$rs$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`}):$res$$.send($optObject$$.toObject())}).catch($e$$=>{$e$$||={message:"Kh\u00f4ng th\u1ec3 g\u1eedi m\u00e3 OTP"};Logger.error("[local] [send otp via sms] Error send sms",$e$$);$res$$.status(400).send({error:$e$$.ErrorMessage||$e$$.message||$e$$.error_message||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});
|
|
20
|
+
else if($message$jscomp$9_otp_code$$=configs.sms.genUrlSendOTP($phone$$,$message$jscomp$9_otp_code$$,$id_app$$.query.id_app))try{await axios.get($message$jscomp$9_otp_code$$),$res$$.send($optObject$$.toObject())}catch($e$$){Logger.error($e$$),$res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$||`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`});
|
|
21
|
+
else $res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})}else validator.isEmail($address_receive_otp$$)&&$address_receive_otp$$!=$username$$?$email_address_id_app$$=$address_receive_otp$$:validator.isEmail($username$$)?$email_address_id_app$$=$username$$:$u$$.email2&&validator.isEmail($u$$.email2)&&($email_address_id_app$$=$u$$.email2),($id_app$$=$id_app$$.query.id_app)&&
|
|
22
|
+
isValidObjectId($id_app$$)&&($app$$=await global.getModel("app").findOne({_id:$id_app$$}).lean()),$email_address_id_app$$?email.sendHtml({to:{address:$email_address_id_app$$},subject:"M\u00e3 x\u00e1c th\u1ef1c",html:`Xin vui l\u00f2ng g\u1eedi qu\u00fd kh\u00e1ch m\u00e3 x\u00e1c th\u1ef1c: ${$message$jscomp$9_otp_code$$}. M\u00e3 n\u00e0y s\u1ebd h\u1ebft h\u1ea1n s\u1eed d\u1ee5ng sau 5 ph\u00fat.`,app_info:$app$$},function($error$$){$error$$?(Logger.error("Error send otp to email",$error$$),$res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi email "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})):
|
|
23
|
+
$res$$.send($optObject$$.toObject())},configs.sender_otp):$res$$.status(400).send({error:`Kh\u00f4ng th\u1ec3 g\u1eedi \u0111\u01b0\u1ee3c m\u00e3 OTP t\u1edbi t\u00e0i kho\u1ea3n "${$username$$}". Vui l\u00f2ng th\u1eed l\u1ea1i sau.`})});$app$$.get("/verify-otp/:id/:otp",$rateLimiter$$,async function($req$$,$res$$){try{const $id$$=$req$$.params.id;if(!global.mongoose.Types.ObjectId.isValid($id$$))return $res$$.status(400).send({error:"ID c\u1ee7a m\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng h\u1ee3p l\u1ec7",
|
|
24
|
+
code:4001});const $otp_code$$=$req$$.params.otp,$otp$$=await OTP.findById($id$$);if(!$otp$$)return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});$otp$$.tried_number=($otp$$.tried_number||0)+1;await $otp$$.save();if($otp$$.otp!=$otp_code$$||$otp$$.verified||$otp$$.tried_number>(configs.MAX_TRY_OTP||3)||$otp$$.expire_time.getTime()<(new Date).getTime())return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i ho\u1eb7c \u0111\u00e3 h\u1ebft hi\u1ec7u l\u1ef1c",
|
|
25
|
+
code:4001});await OTP.updateOne({_id:$id$$},{verified:!0});let $user$$=await User.findOne({email:$otp$$.phone});if(!$user$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});if(!$user$$.local||!$user$$.local.active){$user$$.local=$user$$.local||{};$user$$.local.active=!0;try{await $user$$.save(),redisCache.set("user",$user$$.toObject(),function($e$$){$e$$?Logger.error($e$$):Logger.info("cache user infomation to redis")})}catch($e$$){return Logger.info("error verify otp, create user",
|
|
26
|
+
$e$$),$res$$.status(500).send($e$$)}}const $accessToken$$=generateToken($user$$);(new Token({email:$user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save(function($e$$,$rs$$){return $e$$?$res$$.status(500).send($e$$):$res$$.send({token:$accessToken$$,once:$rs$$.once})})}catch($e$$){Logger.error("error verify otp",$e$$),$res$$.status(400).send($e$$.message)}});
|
|
27
|
+
$app$$.post("/auth/sign",$rateLimiter$$,($req$$,$res$$,$next$$)=>{$passport$$.authenticate("basic",{session:!1},function($err$$,$user$$){if($err$$||!$user$$)return $res$$.status(401).send({message:$err$$||"Unauthorized"});$req$$.user=$user$$;$next$$()})($req$$,$res$$,$next$$)},async($req$jscomp$3_user$$,$res$$)=>{let $data$$=$req$jscomp$3_user$$.body;$req$jscomp$3_user$$=$req$jscomp$3_user$$.user;if(!$data$$)return $res$$.status(400).send("Not have data to sign");if(!$data$$.id_app)return $res$$.status(400).send("Data miss id_app property");
|
|
28
|
+
try{let $signature$$=await Wallet.sign($data$$.id_app,$req$jscomp$3_user$$.email,$data$$);$res$$.send($signature$$)}catch($e$$){return $res$$.status(400).send($e$$.message||$e$$)}});$app$$.get("/auth/local",$rateLimiter$$,function($req$$,$res$$,$next$$){let $ip$$=($req$$.ip||$req$$.headers["x-forwarded-for"]||$req$$.connection.remoteAddress).split(".").join("").split(":").join("");var $authorization_password$$=$req$$.headers.authorization;if(!$authorization_password$$)return $res$$.status(400).send({message:"Authorization is required"});
|
|
29
|
+
$authorization_password$$=Buffer.from($authorization_password$$.replace("Basic ",""),"base64").toString("utf-8");$authorization_password$$=$authorization_password$$.split(":");if($authorization_password$$.length>1){let $username$$=$authorization_password$$[0].trim().toLowerCase();$authorization_password$$=$authorization_password$$[1].trim();$req$$.query.id_app&&$username$$.indexOf("@app=")<0&&(Logger.info("[signin] add id_app into username",$username$$,$req$$.query.id_app),$username$$=`${$username$$}@app=${$req$$.query.id_app}`,
|
|
30
|
+
$req$$.headers.authorization=`Basic ${Buffer.from($username$$+":"+$authorization_password$$).toString("base64")}`);let $t_session$$="times_login_"+$ip$$+"_"+$username$$.toLowerCase(),$d_session$$="datetime_login_"+$ip$$+"_"+$username$$.toLowerCase();$req$$.t_session=$t_session$$;$req$$.d_session=$d_session$$;let $now$$=new Date,$d$$=$now$$,$times_try$$=1;if($req$$.headers.cookie&&$req$$.session){$req$$=$req$$.session;$req$$[$t_session$$]?($times_try$$=$req$$[$t_session$$]+1,$req$$[$t_session$$]=$times_try$$):
|
|
31
|
+
($req$$[$t_session$$]=$times_try$$,$req$$[$d_session$$]=$now$$);$req$$[$d_session$$]?$d$$=new Date($req$$[$d_session$$]):$req$$[$d_session$$]=$now$$;$req$$=$now$$.getTime()-$d$$.getTime();if($req$$<total_time_wait_login&&$times_try$$>total_time_try_login)return $res$$.status(400).send({message:"B\u1ea1n \u0111\u0103ng nh\u1eadp sai "+total_time_try_login+" l\u1ea7n li\u00ean ti\u1ebfp. H\u00e3y th\u1eed l\u1ea1i sau "+Math.roundBy((total_time_wait_login-$req$$)/6E4,2)+" ph\u00fat"});$next$$()}else global.clientRedis.get($t_session$$,
|
|
32
|
+
function($err$$,$reply$$){$reply$$?($times_try$$=Number($reply$$)+1,global.clientRedis.set($t_session$$,$times_try$$)):(global.clientRedis.set($t_session$$,$times_try$$),global.clientRedis.set($d_session$$,$now$$));global.clientRedis.get($d_session$$,function($err$jscomp$3_time_wait$$,$reply$$){$reply$$?$d$$=new Date($reply$$):global.clientRedis.set($d_session$$,$now$$);$err$jscomp$3_time_wait$$=$now$$.getTime()-$d$$.getTime();if($err$jscomp$3_time_wait$$<total_time_wait_login&&$times_try$$>total_time_try_login)return $res$$.status(400).send({message:"B\u1ea1n \u0111\u0103ng nh\u1eadp sai "+
|
|
33
|
+
total_time_try_login+" l\u1ea7n li\u00ean ti\u1ebfp. H\u00e3y th\u1eed l\u1ea1i sau "+Math.roundBy((total_time_wait_login-$err$jscomp$3_time_wait$$)/6E4,2)+" ph\u00fat"});$next$$()})})}},function($req$$,$res$$,$next$$){$passport$$.authenticate("basic",{session:!1},async function($err$jscomp$4_p$$,$user$$){if($err$jscomp$4_p$$||!$user$$)return $res$$.status(401).send({message:$err$jscomp$4_p$$||"Unauthorized"});if(configs.require_verify&&!$user$$.local.active)return Logger.warn("[local] H\u1ec7 th\u1ed1ng y\u00eau c\u1ea7u x\u00e1c th\u1ef1c:",
|
|
34
|
+
$user$$.email),$res$$.status(401).send({require_verify:!0});if($req$$.query.id_app&&($err$jscomp$4_p$$=await global.getModel("participant").findOne({id_app:$req$$.query.id_app,email:$user$$.email}).lean())&&!$err$jscomp$4_p$$.active&&!$err$jscomp$4_p$$.admin)return $res$$.status(401).send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t",active:!1});$req$$.user=$user$$;$next$$()})($req$$,$res$$,$next$$)},async($req$$,$res$$)=>{let $agent$$=
|
|
35
|
+
$req$$.headers["user-agent"];if($req$$.headers.cookie){var $session$jscomp$1_user$$=$req$$.session;$session$jscomp$1_user$$[$req$$.t_session]=0;$session$jscomp$1_user$$[$req$$.d_session]=""}else global.clientRedis.set($req$$.t_session,0),global.clientRedis.set($req$$.d_session,"");log.create({id_app:"LOGIN",id_func:"LOGIN",action:"LOCALLOGIN"},$req$$.user.email,$req$$.header("user-agent"),$req$$);$session$jscomp$1_user$$=$req$$.user;if($req$$.query.id_app&&global.mongoose.Types.ObjectId.isValid($req$$.query.id_app)){const $id_app$$=
|
|
36
|
+
$req$$.query.id_app;let $group_id$$=$req$$.query.group_id&&global.mongoose.Types.ObjectId.isValid($req$$.query.group_id)?$req$$.query.group_id:void 0;const $app$$=await App.findById($id_app$$);var $active_group_query_group$$={id_app:$id_app$$,$or:[{is_customer_group:!0},{is_partner_group:!0},{is_agent_group:!0},{is_pttt_group:!0}]};$group_id$$?$active_group_query_group$$._id=$group_id$$:$active_group_query_group$$.default_group=!0;$active_group_query_group$$=await UserGroup.findOne($active_group_query_group$$).lean();
|
|
37
|
+
if($app$$&&$active_group_query_group$$){$group_id$$=$active_group_query_group$$._id.toString();$active_group_query_group$$=$active_group_query_group$$.not_need_active;try{var $p$jscomp$3_session_created$$=await Participant.asyncCreateParticipant({id_app:$id_app$$,email:$session$jscomp$1_user$$.email,name:$session$jscomp$1_user$$.name,group_id:$group_id$$,active:$active_group_query_group$$});if($p$jscomp$3_session_created$$&&!$p$jscomp$3_session_created$$.active)return $res$$.status(401).send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t",
|
|
38
|
+
active:!1});if($p$jscomp$3_session_created$$&&$p$jscomp$3_session_created$$.group_id&&await UserGroup.findOne({id_app:$id_app$$,_id:$p$jscomp$3_session_created$$.group_id,is_customer_group:!0}).lean()){let $cust$$={ten_kh:$session$jscomp$1_user$$.name||$session$jscomp$1_user$$.email,email:$session$jscomp$1_user$$.email,id_app:$id_app$$,user_created:$session$jscomp$1_user$$.email,user_updated:$session$jscomp$1_user$$.email,kh_yn:!0,of_user:$session$jscomp$1_user$$.email};utils.isMobilePhone($session$jscomp$1_user$$.email,
|
|
39
|
+
["vi-VN"])&&($cust$$.dien_thoai=$session$jscomp$1_user$$.email);try{await Customer.asyncCreateCustomer($cust$$)}catch($e$$){Logger.error("[auth][local] Auto create new customer with error:",$e$$.message)}}}catch($e$$){return Logger.error("[auth][local] can't add user",$session$jscomp$1_user$$.email,"to company",$app$$.name,$e$$.message||$e$$.error||$e$$),$res$$.status(500).send($e$$)}}}const $accessToken$$=generateToken($session$jscomp$1_user$$);($p$jscomp$3_session_created$$=($req$$.cookies||{}).uid)&&
|
|
40
|
+
User.updateOne({email:$session$jscomp$1_user$$.email,session_created:null},{session_created:$p$jscomp$3_session_created$$}).catch(Logger.error);(new Token({email:$session$jscomp$1_user$$.email,session_created:$p$jscomp$3_session_created$$,id_apps:$session$jscomp$1_user$$.token_id_apps,only_id_app:$session$jscomp$1_user$$.token_id_app,token:$accessToken$$,agent:$agent$$,ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save(function($e$$,$rs$$){if($e$$)return $res$$.status(500).send($e$$);
|
|
41
|
+
$res$$.send({token:$accessToken$$,once:$rs$$.once})})});$app$$.get("/check-user/:email",$rateLimiter$$,function($req$$,$res$$){const $email$$=$req$$.params.email;User.findOne({$or:[{email:$email$$},{"local.phone":$email$$}]},{email:1,name:1,picture:1}).lean().then(function($user$$){if(!$user$$)return $res$$.status(400).send(`T\u00e0i kho\u1ea3n ${$email$$} kh\u00f4ng t\u1ed3n t\u1ea1i`);$res$$.send($user$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.post("/signup",$rateLimiter$$,async($req$$,
|
|
42
|
+
$res$$)=>{let $body$$=$req$$.body;$body$$.json&&($body$$=JSON.parse($body$$.json));if(!$body$$)return $res$$.status(400).send({error:"Kh\u00f4ng c\u00f3 n\u1ed9i dung"});if($body$$.id_app&&!global.mongoose.Types.ObjectId.isValid($body$$.id_app))return $res$$.status(400).send({error:"id_app kh\u00f4ng h\u1ee3p l\u1ec7"});if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){var $app$$=$body$$["g-recaptcha-response"]||$req$$.query["g-recaptcha-response"];if(!$app$$)return $res$$.status(400).send({error:"Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token"});
|
|
43
|
+
try{await permission.verifyReCaptcha($app$$)}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}}let $session_created$$=($req$$.cookies||{}).uid;if($session_created$$&&$body$$.id_app){$app$$=await App.findById($body$$.id_app);if(!$app$$)return $res$$.status(400).send({error:"C\u00f4ng ty kh\u00f4ng t\u1ed3n t\u1ea1i"});if($app$$.options&&$app$$.options.one_account_per_device&&await Participant.findOne({session_created:$session_created$$,id_app:$body$$.id_app}).lean())return $res$$.status(400).send({error:"M\u1ed7i thi\u1ebft b\u1ecb ch\u1ec9 \u0111\u01b0\u1ee3c t\u1ea1o m\u1ed9t t\u00e0i kho\u1ea3n"})}if(!$body$$.email)return $res$$.status(400).send({error:"B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n"});
|
|
44
|
+
$body$$.email=$body$$.email.trim().toLowerCase();if(!validator.isEmail($body$$.email)&&!utils.isMobilePhone($body$$.email,["vi-VN"]))return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp ph\u1ea3i l\u00e0 1 \u0111\u1ecba ch\u1ec9 email ho\u1eb7c 1 s\u1ed1 \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng"});if(!$body$$.name)return $res$$.status(400).send({error:"H\u1ecd v\u00e0 t\u00ean ch\u01b0a nh\u1eadp"});if($body$$.introduce_code&&$body$$.id_app&&!await global.getModel("introducecode").findOne({id_app:$body$$.id_app,
|
|
45
|
+
status:!0,introduce_code:$body$$.introduce_code}).lean())return $res$$.status(400).send({error:"M\u00e3 gi\u1edbi thi\u1ec7u kh\u00f4ng h\u1ee3p l\u1ec7"});Logger.info("[signup] \u0111ang \u0111\u0103ng k\u00fd t\u00e0i kho\u1ea3n",$body$$.email,"...");User.findOne({$or:[{email:$body$$.email},{"local.phone":$body$$.email}]},async function($error$$,$new_user$$){if($error$$)return $res$$.status(400).send($error$$);if($new_user$$)if(!$new_user$$.local||configs.require_verify&&!$new_user$$.local.active||
|
|
46
|
+
$new_user$$.local.email!=$body$$.email)$new_user$$.local||($new_user$$.local={});else if($body$$.id_app){Logger.info(`[signup] t\u00e0i kho\u1ea3n ${$body$$.email}. \u0110ang th\u00eam v\u00e0o c\u00f4ng ty "${$body$$.id_app}"...`);try{let $p$$=await global.getModel("participant").findOne({id_app:$body$$.id_app,email:$body$$.email});if($p$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n n\u00e0y \u0111\u00e3 t\u1ed3n t\u1ea1i"});$p$$=await addUserToApp($new_user$$,$body$$,$session_created$$);
|
|
47
|
+
let $accessToken$$;if($new_user$$.local.active)try{$accessToken$$=generateToken($new_user$$),await (new Token({email:$new_user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$new_user$$.email,$e$$)}return $res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd th\u00e0nh c\u00f4ng',
|
|
48
|
+
token:$accessToken$$,active:$new_user$$.local.active})}catch($e$$){return await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}}else return $res$$.status(400).send({error:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd'});else $new_user$$=new User,$new_user$$.email=$body$$.email,$new_user$$.local={};$new_user$$.local.email=$body$$.email;$new_user$$.local.name=
|
|
49
|
+
$body$$.name;$new_user$$.local.active=!configs.require_verify;$new_user$$.partner=$body$$.partner;$new_user$$.session_created=$session_created$$;$body$$.email2&&validator.isEmail($body$$.email2)&&($new_user$$.email2=$body$$.email2);$new_user$$.name=$new_user$$.local.name;$body$$.picture?$new_user$$.local.picture=$body$$.picture:$new_user$$.local.picture||($new_user$$.local.picture="/images/avatar.jpg");let $password$$;if($body$$.password){if($body$$.rePassword!==$body$$.password)return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u x\u00e1c nh\u1eadn kh\u00f4ng ch\u00ednh x\u00e1c"});
|
|
50
|
+
if(!User.teststrengthPassword($body$$.password))return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u ph\u1ea3i c\u00f3 \u00edt nh\u1ea5t 6 k\u00fd t\u1ef1 v\u00e0 bao g\u1ed3m \u00edt nh\u1ea5t m\u1ed9t ch\u1eef s\u1ed1, m\u1ed9t ch\u1eef hoa v\u00e0 m\u1ed9t ch\u1eef th\u01b0\u1eddng"});$password$$=$body$$.password}else $password$$=_crypto.createHash("md5").update($new_user$$.email+(new Date).toISOString()).digest("hex");$new_user$$.local.password=$new_user$$.generateHash($new_user$$.email+
|
|
51
|
+
$password$$);$new_user$$.save(async function($app$jscomp$5_error$$,$newUser$$){if($app$jscomp$5_error$$)return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 \u0111\u0103ng k\u00fd"});log.create({id_app:"SIGNUP",id_func:"SIGNUP",action:"SIGNUP"},$new_user$$.email,$req$$.header("user-agent"),$req$$);if($body$$.cty_name){$app$jscomp$5_error$$=new App;$app$jscomp$5_error$$.user_created=$new_user$$.email;$app$jscomp$5_error$$.user_updated=$new_user$$.email;$app$jscomp$5_error$$.name=$body$$.cty_name;
|
|
52
|
+
var $d$jscomp$1_now$$=new Date;$app$jscomp$5_error$$.ngay_dn=new Date($d$jscomp$1_now$$.getFullYear(),0,1);$app$jscomp$5_error$$.ngay_ks=new Date($d$jscomp$1_now$$.getFullYear()-1,12,0);$app$jscomp$5_error$$.nam_bd=$d$jscomp$1_now$$.getFullYear();$app$jscomp$5_error$$.ngay_ky1=new Date($d$jscomp$1_now$$.getFullYear(),0,1);$d$jscomp$1_now$$=new Date;$d$jscomp$1_now$$.setMonth($d$jscomp$1_now$$.getMonth()+3);$app$jscomp$5_error$$.expire_date=new Date($d$jscomp$1_now$$);$app$jscomp$5_error$$.save(function($error$$,
|
|
53
|
+
$obj$$){if($error$$)return Logger.error("[signup] Khong tao duoc new app: "+$error$$);require("../libs/initDatabase").init($obj$$._id,function($error$$){$error$$&&Logger.error("[signup] Can't init database \n"+$error$$)})})}try{await addUserToApp($newUser$$,$body$$,$session_created$$)}catch($e$$){return Logger.error("[signup] add user to app",$e$$.message||$e$$.error||$e$$),await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),await User.deleteOne({email:$body$$.email}),
|
|
54
|
+
$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}let $accessToken$$;if($newUser$$.local.active)try{$accessToken$$=generateToken($newUser$$),await (new Token({email:$newUser$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$newUser$$.email,$e$$)}validator.isEmail($body$$.email)&&
|
|
55
|
+
!$body$$.password?(loadTemplate("thong tin dang nhap.html",{email:$new_user$$.email,password:$password$$,receiver_name:$body$$.name},function($error$$,$html$$){if($error$$)return Logger.info($error$$);email.sendHtml({to:{name:$new_user$$.name,address:$new_user$$.email},subject:"Th\u00f4ng tin t\u00e0i kho\u1ea3n",html:$html$$},function($error$$){$error$$&&Logger.error("Khong the gui email thon tin tai khoan cho nguoi dung\n"+$error$$)})}),$res$$.send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y th\u00f4ng tin \u0111\u0103ng nh\u1eadp",
|
|
56
|
+
token:$accessToken$$,active:$newUser$$.local.active})):$res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o',token:$accessToken$$,active:$newUser$$.local.active})})})});$app$$.get("/resetpassword",$rateLimiter$$,async($req$$,$res$$)=>{if(configs.GOOGLE_RECAPTCHA_SECRET_KEY)try{await permission.verifyReCaptcha($req$$.query["g-recaptcha-response"])}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}let $address$$=$req$$.query.email;
|
|
57
|
+
if(!$address$$)return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u m\u1ed9t \u0111\u1ecba ch\u1ec9 email ho\u1eb7c s\u1ed1 \u0111i\u1ec7n tho\u1ea1i"});$address$$=$address$$.toLowerCase();User.findOne({$or:[{"local.email":$address$$},{email:$address$$},{email2:$address$$}]},function($error$$,$result$$){if($error$$)return $res$$.status(400).send($error$$);if(!$result$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n "${$address$$}" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd`});
|
|
58
|
+
let $newpassword$$=_crypto.createHash("md5").update((new Date).toISOString()).digest("hex");$result$$.local.rspassword=$result$$.generateHash($result$$.email+$newpassword$$);$result$$.save(function($error$$){if($error$$)return $res$$.status(400).send($error$$);loadTemplate("reset mat khau.html",{receiver_name:$result$$.name,email:$result$$.email,password:$newpassword$$},function($error$$,$html$$){if($error$$)return $res$$.status(400).send($error$$);$result$$.email&&validator.isEmail($result$$.email)&&
|
|
59
|
+
email.sendHtml({to:{name:$result$$.name,address:$result$$.email},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+$error$$):Logger.info("send new password to",$result$$.email)});$result$$.email2&&validator.isEmail($result$$.email2)&&email.sendHtml({to:{name:$result$$.name,address:$result$$.email2},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+
|
|
60
|
+
$error$$):Logger.info("send new password to",$result$$.email)});log.create({id_app:"RESETPASSWORD",id_func:"RESETPASSWORD",action:"RESETPASSWORD"},$result$$.email,$req$$.header("user-agent"),$req$$);$res$$.send({message:"M\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ed5i th\u00e0nh c\u00f4ng. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y m\u1eadt kh\u1ea9u m\u1edbi, sau \u0111\u00f3 b\u1ea1n n\u00ean \u0111\u1ed5i m\u1eadt kh\u1ea9u n\u00e0y"})})})})})};
|
|
@@ -8,8 +8,9 @@ $c$$._id.toString(),$allGroups_email$$.has($children$jscomp$1_id$$)||($allGroups
|
|
|
8
8
|
exports.dsKhDangPhuTrach=async($data_id_app$$,$phu_trach$$)=>{if(!$data_id_app$$)return[];var $key_cache$$=typeof $phu_trach$$==="object"?JSON.stringify($phu_trach$$):$phu_trach$$;$key_cache$$=`khdangphutrach::${$data_id_app$$}::${$key_cache$$}`;if(global.cacheDatas[$key_cache$$]&&moment().diff(moment(global.cacheDatas[$key_cache$$].time),"minutes")<1)return Logger.info("lay danh sach khach hang dang phu trach tu cache",$key_cache$$),global.cacheDatas[$key_cache$$].data;$data_id_app$$=(await global.getModel("customer").find({id_app:$data_id_app$$,
|
|
9
9
|
phu_trach:$phu_trach$$},{ma_kh:1}).lean()).map($p$$=>$p$$.ma_kh);global.cacheDatas[$key_cache$$]={time:new Date,data:_.cloneDeep($data_id_app$$)};return $data_id_app$$};
|
|
10
10
|
exports.isAdmin=function($current_id_app$$,$email$$,$callback$$){if(!$current_id_app$$)return $callback$$(null,!0);App.findOne({_id:$current_id_app$$}).lean().then(async $app$$=>{if(!$app$$)return $callback$$({error:`ID app: ${$current_id_app$$} kh\u00f4ng t\u1ed3n t\u1ea1i`,code:-7},!1);if($app$$.trang_thai==="9")return $callback$$({error:`C\u00f4ng ty ${$app$$.name} \u0111\u00e3 ng\u1eebng s\u1eed d\u1ee5ng`,code:-9},!1);if(global.configs.check_expire_date&&$app$$.expire_date&&(new Date($app$$.expire_date)).getTime()<
|
|
11
|
-
Date.now())return $callback$$({error:`C\u00f4ng ty ${$app$$.name} \u0111\u00e3 h\u1ebft h\u1ea1n s\u1eed d\u1ee5ng`,code:-8},!1);
|
|
12
|
-
|
|
11
|
+
Date.now())return $callback$$({error:`C\u00f4ng ty ${$app$$.name} \u0111\u00e3 h\u1ebft h\u1ea1n s\u1eed d\u1ee5ng`,code:-8},!1);if(global.storageUsage&&($app$$.dung_luong_duoc_su_dung||$app$$.so_tai_lieu_duoc_su_dung)){var $da_su_dung_participant$$=await global.storageUsage.getTotalUsageByApp($app$$._id.toString());if($app$$.dung_luong_duoc_su_dung&&$app$$.dung_luong_duoc_su_dung<($da_su_dung_participant$$?.total_bytes||0)||$app$$.so_tai_lieu_duoc_su_dung&&$app$$.so_tai_lieu_duoc_su_dung<($da_su_dung_participant$$?.total_docs||
|
|
12
|
+
0))return $callback$$({error:`C\u00f4ng ty ${$app$$.name} \u0111\u00e3 s\u1eed d\u1ee5ng h\u1ebft dung l\u01b0\u1ee3ng`,code:-8},!1)}$da_su_dung_participant$$=await Participant.findOne({id_app:$current_id_app$$,email:$email$$}).lean();if(!$da_su_dung_participant$$)return $callback$$({error:`B\u1ea1n kh\u00f4ng c\u00f3 quy\u1ec1n truy c\u1eadp c\u00f4ng ty ${$app$$.name}`,code:-2},!1);if(!$da_su_dung_participant$$.admin&&!$da_su_dung_participant$$.active&&$email$$!=="public")return $callback$$({error:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e1c nh\u1eadn",
|
|
13
|
+
code:-1},!1);$callback$$(null,$da_su_dung_participant$$.admin,$app$$,$da_su_dung_participant$$)}).catch($e$$=>$callback$$($e$$,!1))};const findRight=async($id_app$$,$key_right$$,$permistion_code$$,$module$$)=>{let $_right$$=await right.findOne({id_app:$id_app$$,email:$key_right$$,module:$permistion_code$$}).lean();$_right$$||$permistion_code$$===$module$$.toLowerCase()||($_right$$=await right.findOne({id_app:$id_app$$,email:$key_right$$,module:$module$$.toLowerCase()}).lean());return $_right$$};
|
|
13
14
|
exports.hasRight=async function($action_right_current_id_app$$,$email$$,$module$$,$action$$,$callbackMain$$,$options$$={}){if($options$$.notNeedRight)return $callbackMain$$(null,!0);if(!$action_right_current_id_app$$)return $action$$==="view"||$action$$==="view_all"||$options$$.user?.admin?$callbackMain$$(null,!0):$callbackMain$$("B\u1ea1n kh\u00f4ng c\u00f3 quy\u1ec1n th\u1ef1c hi\u1ec7n thao t\u00e1c n\u00e0y",!1);const $model$$=global.controllers[$module$$]?.model;if($model$$?.schema&&!underscore.has($model$$.schema.paths,
|
|
14
15
|
"id_app"))return $callbackMain$$(null,!0);var $q_right_code$$=($options$$.right_code||$options$$.listinfo_code||$module$$).toLowerCase();$action$$=($action$$||"").toLowerCase();$options$$.data?.trang_thai!=null&&($options$$.data.trang_thai=$options$$.data.trang_thai.toString());$options$$.obj?.trang_thai!=null&&($options$$.obj.trang_thai=$options$$.obj.trang_thai.toString());var $data$$=$options$$.data||$options$$.obj||{},$ma_ct_permistion_code$$=$model$$&&underscore.has($model$$.schema.paths,"ma_ct")?
|
|
15
16
|
(($options$$.obj||{}).ma_ct||($options$$.data||{}).ma_ct||"").toString().toUpperCase():null;$data$$=($data$$.trang_thai||$data$$.progress||"").toString().toUpperCase();!$data$$&&$options$$.obj&&($data$$=($options$$.obj.trang_thai||$options$$.obj.progress||"").toString().toUpperCase());if($ma_ct_permistion_code$$&&$data$$){const $tt$$=await trangthai.findOne({ma_trang_thai:$data$$,ma_ct:$ma_ct_permistion_code$$}).lean();if($tt$$?.not_need_right)return $callbackMain$$(null,!0);$tt$$||Logger.info("Kh\u00f4ng t\u00ecm th\u1ea5y tr\u1ea1ng th\u00e1i",
|
package/server/models/app.js
CHANGED
|
@@ -5,8 +5,8 @@ ma_so_thue:{type:String,maxlength:1024},dia_chi_xuat_hoa_don:String,nguoi_nop_th
|
|
|
5
5
|
ty_le_hoa_hong:Number,tang_gioi_thieu_denom:String,ten_chu_tai_khoan:String,tai_khoan_ngan_hang:String,ten_ngan_hang:String,chi_nhanh_ngan_hang:String,so_bin:String,so_ngay_lam_mot_thang:{type:Number,default:24},logo:{type:String,maxlength:1024},logo_watermark:{type:String,maxlength:1024},account_types_accept:[],options:{},allow_modules:[String],partner:String,server:String,owner:String,default_password:String,google_credentials:String,email_host:String,email_port:Number,email_secure:{type:Boolean,
|
|
6
6
|
default:!0},email_authMethod:{type:String,default:"LOGIN"},email_user:String,email_pass:String,email_name:String,invoice_service:String,viettel_version:{type:String,maxlength:1024},viettel_user:{type:String,maxlength:1024},viettel_password:{type:String,maxlength:1024},viettel_token:{type:String},viettel_url_service:{type:String,maxlength:1024},viettel_direct_issue:Boolean,ma_hoa_don:String,ky_hieu_hoa_don:String,so_serial:String,vnpt_user:{type:String,maxlength:1024},vnpt_password:{type:String,maxlength:1024},
|
|
7
7
|
vnpt_url_service:{type:String,maxlength:1024},vnpt_ky_hieu_hoa_don:String,vnpt_so_serial:String,easy_user:{type:String,maxlength:1024},easy_password:{type:String,maxlength:1024},easy_url_service:{type:String,maxlength:1024},easy_ky_hieu_hoa_don:String,easy_so_serial:String,facebook_webhook_verify_token:String,facebook_webhook:String,sip_uri:String,sip_password:String,sip_websocket:String,voiip_access_token:String,voiip_webhook:String,zalo_app_id:String,zalo_secret_key:String,zalo_code:String,zalo_oa_id:String,
|
|
8
|
-
zalo_code_verifier:String,zalo_code_challenge:String,zalo_access_token:String,zalo_refresh_token:String,zalo_expires_in:Number,zalo_updated:Date,zalo_otp_template_id:String,exfields:global.Schema.Types.Mixed,domain:String,ssl_key:String,ssl_cert:String,ssl_ca:String,ai_name:String,ai_api_key:String,ai_model:String,expire_date:Date,trang_thai:{type:String,default:"0"},status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},
|
|
9
|
-
default:""},user_updated:{type:String,default:""}});
|
|
8
|
+
zalo_code_verifier:String,zalo_code_challenge:String,zalo_access_token:String,zalo_refresh_token:String,zalo_expires_in:Number,zalo_updated:Date,zalo_otp_template_id:String,exfields:global.Schema.Types.Mixed,domain:String,ssl_key:String,ssl_cert:String,ssl_ca:String,ai_name:String,ai_api_key:String,ai_model:String,expire_date:Date,dung_luong_duoc_su_dung:Number,so_tai_lieu_duoc_su_dung:Number,trang_thai:{type:String,default:"0"},status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},
|
|
9
|
+
date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
|
|
10
10
|
(global.configs||{}).createIndexes&&(appScheam.index({app_code:1},{unique:!0}),appScheam.index({name:1,province:1}),appScheam.index({menu_code:1}),appScheam.index({trang_thai:1}),appScheam.index({sale_online:1}),appScheam.index({date_created:1}),appScheam.index({date_updated:1}),appScheam.index({user_created:"text"},{name:"app_index_created"}),appScheam.index({name:"text",province:"text",name_en:"text",address:"text",phone:"text",email:"text",ma_so_thue:"text"},{name:"app_index"}));
|
|
11
11
|
const App=global.mongoose.models.app||global.mongoose.model("app",appScheam);
|
|
12
12
|
App.participants=async $app$$=>{_.isString($app$$)&&($app$$=await App.getInfo($app$$));let $participants$$=await Participant.find({id_app:$app$$._id});if($app$$.user_created&&!$participants$$.find($p$$=>$p$$.email===$app$$.user_created)){let $_p$$={email:$app$$.user_created,name:$app$$.user_created.split("@")[0],admin:!0,active:!0,cancel:!1,id_app:$app$$._id};$participants$$.push($_p$$);Participant.createParticipant($_p$$,$e$$=>{$e$$&&Logger.error("create participant for user owner",$e$$)})}return $participants$$};
|
package/server/models/log.js
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
const mongoose=require("mongoose"),Schema=mongoose.Schema,{onAfterCommit}=require("../libs/sessionContext.js"),logSchema=new Schema({id_app:{type:String},id_func:{type:String},action:{type:String},description:{type:String},data:{},result:Schema.Types.Mixed,ip:{type:String},user_agent:{type:String},status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now,expires:7552E3},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
|
|
2
2
|
(global.configs||{}).createIndexes&&(logSchema.index({id_app:1,date_created:-1},{background:!0}),logSchema.index({id_app:1,user_created:1,date_created:-1},{background:!0}),logSchema.index({id_app:1,ip:1},{background:!0}),logSchema.index({id_app:1,id_func:1,action:1,date_created:-1}),logSchema.index({id_app:1,id_func:1,"data.data.id_link":1}),logSchema.index({id_app:1,id_func:1,"data.newData.id_link":1}),logSchema.index({id_app:1,"data.id":1}),logSchema.index({id_app:1,"data.id":1,"data.data.id_link":1,
|
|
3
|
-
"data.oldData.id_link":1,action:1,date_created:-1}));const Log=mongoose.models.log||mongoose.model("log",logSchema);
|
|
4
|
-
class LogBuffer{constructor($gracefulShutdown_model$$,$batchSize$$=1E3,$flushInterval$$=5E3){this.model=$gracefulShutdown_model$$;this.buffer=[];this.batchSize=$batchSize$$;this.flushInterval=$flushInterval$$;this.timer=null;this.startTimer();$gracefulShutdown_model$$=async()=>{Logger.info("Server stopping... Flushing logs...");await this.flush()};process.on("SIGTERM",$gracefulShutdown_model$$);process.on("SIGINT",$gracefulShutdown_model$$)}startTimer(){this.timer&&clearInterval(this.timer);
|
|
5
|
-
setInterval(()=>this.flush(),this.flushInterval)}add($logData$$){this.buffer.push($logData$$);this.buffer.length>=this.batchSize&&this.flush()}async flush(){if(this.buffer.length!==0){var $logsToWrite$$=[...this.buffer];this.buffer=[];this.startTimer();try{await this.model.insertMany($
|
|
3
|
+
"data.oldData.id_link":1,action:1,date_created:-1}));const Log=mongoose.models.log||mongoose.model("log",logSchema);function sanitizeData($obj$$){if($obj$$===null||$obj$$===void 0)return $obj$$;try{return JSON.parse(JSON.stringify($obj$$))}catch($e$$){return{error:"[Serialization Failed]",message:$e$$.message}}}
|
|
4
|
+
class LogBuffer{constructor($gracefulShutdown_model$$,$batchSize$$=1E3,$flushInterval$$=5E3){this.model=$gracefulShutdown_model$$;this.buffer=[];this.batchSize=$batchSize$$;this.flushInterval=$flushInterval$$;this.timer=null;this.startTimer();$gracefulShutdown_model$$=async()=>{typeof Logger!=="undefined"&&Logger.info("Server stopping... Flushing logs...");await this.flush()};process.on("SIGTERM",$gracefulShutdown_model$$);process.on("SIGINT",$gracefulShutdown_model$$)}startTimer(){this.timer&&clearInterval(this.timer);
|
|
5
|
+
this.timer=setInterval(()=>this.flush(),this.flushInterval)}add($logData$$){this.buffer.push($logData$$);this.buffer.length>=this.batchSize&&this.flush()}async flush(){if(this.buffer.length!==0){var $logsToWrite$$=[...this.buffer];this.buffer=[];this.startTimer();try{var $safeLogs$$=sanitizeData($logsToWrite$$);await this.model.insertMany($safeLogs$$,{ordered:!1,lean:!0})}catch($err$$){typeof Logger!=="undefined"?Logger.error("\u274c[log] L\u1ed7i ghi log batch:",$err$$.message,JSON.stringify($safeLogs$$,
|
|
6
|
+
null,2)):console.error("\u274c[log] L\u1ed7i ghi log batch:",$err$$.message)}}}}const accessLogBuffer=new LogBuffer(Log);
|
|
6
7
|
Log.create=async function($log$$,$user_created$$,$user_agent$$,$req$$){onAfterCommit(()=>{const $l$$={id_app:$log$$.id_app,id_func:$log$$.id_func,action:$log$$.action,description:$log$$.description,data:$log$$.data,result:$log$$.result,user_agent:$user_agent$$,user_created:$user_created$$,date_created:new Date};if($req$$){let $ip$$=$req$$.ip;!$ip$$&&$req$$.headers&&$req$$.headers["x-forwarded-for"]&&($ip$$=$req$$.headers["x-forwarded-for"].split(",")[0].trim());!$ip$$&&$req$$.connection&&($ip$$=$req$$.connection.remoteAddress);
|
|
7
8
|
$ip$$&&$ip$$.includes("::ffff:")&&($ip$$=$ip$$.split("::ffff:")[1]);$l$$.ip=$ip$$||""}accessLogBuffer.add($l$$)})};module.exports=Log;
|
|
@@ -10,14 +10,13 @@ $items$$,$next$$)=>$next$$(null,$items$$),onCreating:($user$$,$obj$$,$next$$)=>{
|
|
|
10
10
|
fields:[{ma_nv_phu_trach:"ma_nv"},{ten_nv_phu_trach:"ten_nv"},{ma_bp_nv:"ma_bp"}]}]),$items$$.filter($i$$=>$i$$.nh_kh).asyncJoinModel2($id_app$$,group,[{where:{nh_kh:"_id"},fields:[{ten_nh_kh:"group_name"}]}]),(async()=>{var $all_docs_uniq$$=[...$items$$.flatMap($i$$=>$i$$.nh_kh2||[]),...$items$$.flatMap($i$$=>$i$$.nh_kh3||[]),...$items$$.flatMap($i$$=>$i$$.nh_kh4||[])];if($all_docs_uniq$$.length){$all_docs_uniq$$=[...(new Set($all_docs_uniq$$))];$all_docs_uniq$$=await group.find({id_app:$id_app$$,
|
|
11
11
|
_id:{$in:$all_docs_uniq$$}},{group_name:1}).lean();var $setMap$$=Object.fromEntries($all_docs_uniq$$.map($n$$=>[$n$$._id.toString(),$n$$.group_name]));for(const $item$$ of $items$$)$item$$.nh_kh2&&($item$$.ten_nh_kh2=$item$$.nh_kh2.map($k$$=>$setMap$$[$k$$])),$item$$.nh_kh3&&($item$$.ten_nh_kh3=$item$$.nh_kh3.map($k$$=>$setMap$$[$k$$])),$item$$.nh_kh4&&($item$$.ten_nh_kh4=$item$$.nh_kh4.map($k$$=>$setMap$$[$k$$]))}})(),$items$$.filter($i$$=>$i$$.ma_kho_npp).asyncJoinModel2($id_app$$,"dmkho",[{where:{ma_kho_npp:"ma_kho"},
|
|
12
12
|
fields:[{ten_kho_npp:"ten_kho"}]}]),$items$$.filter($i$$=>$i$$.of_user).asyncJoinModel2(null,User,[{where:{of_user:"email"},fields:[{user_name:"name"}]}]),$items$$.filter($i$$=>$i$$.trang_thai).asyncJoinModel2(null,Trangthai,[{where:$item$$=>({ma_trang_thai:$item$$.trang_thai,ma_ct:"CUSTOMER"}),fields:["ten_trang_thai","color"]}]),(async()=>{if((!$q$$.fields||$q$$.fields.includes("ngay_mua_gan_nhat")||!$q$$.fields||$q$$.fields.includes("ngay_mua_dau_tien"))&&model.updateActives){var $needUpdate$$=
|
|
13
|
-
$items$$.filter($i$$=>$i$$.ngay_mua_gan_nhat===void 0||!$i$$.ngay_mua_dau_tien||$i$$.ngay_tuong_tac_gan_nhat===void 0);await Promise.all($needUpdate$$.map(async $item$$=>{try{const $rs$$=await model.updateActives($item$$);$item$$.ngay_mua_gan_nhat=$rs$$.ngay_mua_gan_nhat;$item$$.ngay_mua_dau_tien=$rs$$.ngay_mua_dau_tien;$item$$.so_ngay_da_mua=$rs$$.so_ngay_da_mua}catch($e$$){Logger.error($e$$)}}))}})(),(async()=>{$q$$.fields?.includes("
|
|
14
|
-
|
|
15
|
-
$
|
|
16
|
-
|
|
17
|
-
$
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
module.exports=customer;
|
|
13
|
+
$items$$.filter($i$$=>$i$$.ngay_mua_gan_nhat===void 0||!$i$$.ngay_mua_dau_tien||$i$$.ngay_tuong_tac_gan_nhat===void 0);await Promise.all($needUpdate$$.map(async $item$$=>{try{const $rs$$=await model.updateActives($item$$);$item$$.ngay_mua_gan_nhat=$rs$$.ngay_mua_gan_nhat;$item$$.ngay_mua_dau_tien=$rs$$.ngay_mua_dau_tien;$item$$.so_ngay_da_mua=$rs$$.so_ngay_da_mua}catch($e$$){Logger.error($e$$)}}))}})(),(async()=>{if($q$$.fields?.includes("latest_note")){var $needNote$$=$items$$.filter($i$$=>!$i$$.latest_note);
|
|
14
|
+
await Promise.all($needNote$$.map(async $item$$=>{try{const $latest_note$$=await global.getModel("note").findOne({id_app:$item$$.id_app,id_link:$item$$._id.toString()},{content:1,date_created:1,user_created:1}).sort({date_created:-1}).lean();$latest_note$$&&($item$$.latest_note=$latest_note$$,Promise.all([model.updateOne({_id:$item$$._id},{latest_note:$latest_note$$}),new Promise($resolve$$=>{model.findById($item$$._id).then($c$$=>{redisCache.set("customer",$c$$.toObject(),$e$$=>{Logger.info("cache customer data",
|
|
15
|
+
$e$$);$resolve$$()})}).catch($resolve$$)})]).catch($e$$=>Logger.error("latest_note update error",$e$$)))}catch($e$$){Logger.error($e$$)}}))}})()]),$next$$(null,$items$$)}catch($e$$){$next$$($e$$)}}});$contr_router$$.validating=async($user$$,$obj$$,$next$$,$options$$={})=>{if($options$$.action==="add"&&!$obj$$.ma_kh&&$obj$$.ten_kh)try{const $ma_kh$$=await model.asyncCreateCustomerCode($user$$.current_id_app,$obj$$.dien_thoai||$obj$$.ten_kh);if(!$ma_kh$$)return $next$$("Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 kh\u00e1ch h\u00e0ng");
|
|
16
|
+
$obj$$.ma_kh=$ma_kh$$;$next$$(null,$obj$$)}catch($e$$){Logger.error("Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 kh\u00e1ch h\u00e0ng",$obj$$.ten_kh,$e$$),$next$$(`Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 kh\u00e1ch h\u00e0ng, L\u1ed7i: ${$e$$.message||$e$$.error||$e$$}`)}else $next$$(null,$obj$$)};$contr_router$$.route();$contr_router$$.on("saved",async $data$$=>{if($data$$.of_user)try{const $query_ug$$=$data$$.group_user&&isValidObjectId($data$$.group_user)?{_id:$data$$.group_user}:{is_customer_group:!0},
|
|
17
|
+
$_usergroup$$=await Usergroup.getInfo($data$$.id_app,$query_ug$$);if($_usergroup$$)if(await User.findOne({email:$data$$.of_user}).lean())Participant.createParticipant({id_app:$data$$.id_app,email:$data$$.of_user,group_id:$_usergroup$$._id,active:!0},$e$$=>{$e$$&&Logger.info("can't add user",$data$$.of_user,"to company")});else{var $newUser$$=new User;$newUser$$.email=$data$$.of_user;$newUser$$.name=$data$$.ten_kh;$newUser$$.email2=$data$$.email;$newUser$$.local={email:$data$$.of_user,name:$data$$.ten_kh,
|
|
18
|
+
picture:"/images/avatar.jpg"};$newUser$$.local.password=$newUser$$.generateHash($newUser$$.email+($data$$.default_password||`${$newUser$$.email}@123456`));await $newUser$$.save();Participant.createParticipant({id_app:$data$$.id_app,email:$newUser$$.email,group_id:$_usergroup$$._id,active:!0},$e$$=>{$e$$&&Logger.info("can't add user",$newUser$$.email,"to company")})}}catch($e$$){Logger.error("[customer saved] error",$e$$)}});$contr_router$$.createRoute("qc/sms",async($req$$,$next$$)=>{const $body$$=
|
|
19
|
+
$req$$.body||{};if(!$body$$.id_account)return $next$$("Thi\u1ebfu t\u00e0i kho\u1ea3n sms");if(!$body$$.content)return $next$$("Thi\u1ebfu n\u1ed9i dung tin nh\u1eafn");const $account_sms$$=await global.getModel("smsaccount").findOne({_id:$body$$.id_account,id_app:$req$$.user.current_id_app}).lean();if(!$account_sms$$)return $next$$("T\u00e0i kho\u1ea3n sms kh\u00f4ng t\u1ed3n t\u1ea1i");permission.hasRight($req$$.user.current_id_app,$req$$.user.email,"smssend","add",async($custs_custs_raw_error$jscomp$2_q$$,
|
|
20
|
+
$hasPerm$$)=>{if(!$hasPerm$$)return $next$$("B\u1ea1n kh\u00f4ng c\u00f3 quy\u1ec1n g\u1eedi tin nh\u1eafn qu\u1ea3ng c\u00e1o");$custs_custs_raw_error$jscomp$2_q$$=$body$$.q||{};$custs_custs_raw_error$jscomp$2_q$$.dien_thoai||($custs_custs_raw_error$jscomp$2_q$$.dien_thoai={$exists:!0});$custs_custs_raw_error$jscomp$2_q$$.id_app=$req$$.user.current_id_app;$custs_custs_raw_error$jscomp$2_q$$=await model.find($custs_custs_raw_error$jscomp$2_q$$,{dien_thoai:1}).lean();$custs_custs_raw_error$jscomp$2_q$$=
|
|
21
|
+
[...(new Set($custs_custs_raw_error$jscomp$2_q$$.map($c$$=>$c$$.dien_thoai)))];if($custs_custs_raw_error$jscomp$2_q$$.length<30)return $next$$("C\u1ea7n g\u1eedi cho t\u1ed1i thi\u1ec3u 30 kh\u00e1ch h\u00e0ng");const $custsStr$$=$custs_custs_raw_error$jscomp$2_q$$.join(",");setImmediate(async()=>{let $result$$;try{await global.getModel("smsaccount").send($account_sms$$,$custsStr$$,$body$$.content),$result$$={msg:"\u0110\u00e3 g\u1eedi y\u00eau c\u1ea7u th\u00e0nh c\u00f4ng",code:0}}catch($e$$){$result$$=
|
|
22
|
+
{msg:"Kh\u00f4ng th\u1ec3 g\u1eedi",error:$e$$.message||$e$$.error||$e$$,code:-1}}await global.getModel("smssend").create({id_app:$req$$.user.current_id_app,phone:$custsStr$$,content:$body$$.content,user_created:$req$$.user.email,result:$result$$})});$next$$()})},{method:"POST"})};module.exports=customer;
|
|
@@ -1,3 +1,3 @@
|
|
|
1
1
|
const model=global.getModel("deal"),controller=require("../../controllers/controller");
|
|
2
|
-
module.exports=function($router$$){(new controller($router$$,model,"deal",{sort:{date_created:-1},onView:async($user$$,$items$$,$callback$$)=>{await $items$$.asyncJoinModel2($user$$.current_id_app,"customer",{where:"ma_kh",fields:["ten_kh","dien_thoai"]});await $items$$.filter($item$$=>$item$$.ma_dt).asyncJoinModel2($user$$.current_id_app,"dmdt",{where:"ma_dt",fields:["ten_dt"]})
|
|
3
|
-
|
|
2
|
+
module.exports=function($router$$){(new controller($router$$,model,"deal",{sort:{date_created:-1},onView:async($user$$,$items$$,$callback$$)=>{await $items$$.asyncJoinModel2($user$$.current_id_app,"customer",{where:"ma_kh",fields:["ten_kh","dien_thoai"]});await $items$$.filter($item$$=>$item$$.ma_dt).asyncJoinModel2($user$$.current_id_app,"dmdt",{where:"ma_dt",fields:["ten_dt"]});$callback$$(null,$items$$)},onFinding:($user$$,$condition$$,$next$$)=>{$next$$(null,$condition$$)},onUpdating:($user$$,
|
|
3
|
+
$data$$,$obj$$,$next$$)=>{$next$$(null,$data$$,$obj$$)},onDeleting:($user$$,$obj$$,$next$$)=>{$next$$(null,$obj$$)}})).route()};
|