flexbiz-server 12.7.2 → 12.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json CHANGED
@@ -2,7 +2,7 @@
2
2
  "name": "flexbiz-server",
3
3
  "main": "./server/app.js",
4
4
  "description": "Flexible Server",
5
- "version": "12.7.2",
5
+ "version": "12.7.5",
6
6
  "author": {
7
7
  "name": "Van Truong Pham",
8
8
  "email": "invncur@gmail.com"
@@ -62,7 +62,7 @@
62
62
  "mongodb-backup": "^1.6.9",
63
63
  "mongodb-restore": "^1.6.2",
64
64
  "mongoose": "^6.13.10",
65
- "mongoose-storage-usage": "^1.4.0",
65
+ "mongoose-storage-usage": "^1.6.0",
66
66
  "morgan": "^1.10.0",
67
67
  "multer": "^0.1.8",
68
68
  "natives": "^1.1.6",
@@ -1,6 +1,6 @@
1
1
  const User=global.getModel("user"),Participant=global.getModel("participant"),UserGroup=global.getModel("usergroup"),Customer=global.getModel("customer"),axios=require("axios"),log=global.getModel("log"),App=global.getModel("app"),Wallet=global.getModel("wallet"),Token=global.getModel("token"),BasicStrategy=require("passport-http").BasicStrategy,_crypto=require("crypto"),validator=require("validator"),email=require("../libs/email"),loadTemplate=require("../libs/load-template"),permission=require("../libs/permission"),
2
- OTP=global.getModel("otp"),DIGITS="0123456789",redisCache=require("../libs/redis-cache"),utils=require("../libs/utils"),Controler=require("../controllers/controller"),{executeInTransaction}=require("../libs/sessionContext"),{isValidObjectId}=require("mongoose"),total_time_wait_login=36E5,total_time_try_login=3;function generateOTP(){let $OTP$$="";for(let $i$$=0;$i$$<6;$i$$++)$OTP$$+=DIGITS[Math.floor(Math.random()*10)];return $OTP$$}
3
- function generateToken($user$$){const $n$$=new Date;return _crypto.createHash("md5").update($user$$.email+$n$$.toISOString()).digest("hex")}function saveOTP($Phone$$,$otp_code$$,$expires$$=5){let $expire_time$$=new Date;$expire_time$$.setMinutes($expire_time$$.getMinutes()+$expires$$);return OTP.create({phone:$Phone$$,otp:$otp_code$$,expire_time:$expire_time$$})}
2
+ OTP=global.getModel("otp"),DIGITS="0123456789",redisCache=require("../libs/redis-cache"),utils=require("../libs/utils"),Controler=require("../controllers/controller"),{executeInTransaction}=require("../libs/sessionContext"),{isValidObjectId}=require("mongoose"),{createRateLimiterMiddleware}=require("./rateLimiterMiddleware"),{promisify}=require("util"),{asyncHandler,redisIncrAsync,redisExpireAsync,redisPttlAsync,redisDelAsync}=require("../libs/utils"),total_time_wait_login=36E5,total_time_try_login=
3
+ 3;function generateOTP(){let $OTP$$="";for(let $i$$=0;$i$$<6;$i$$++)$OTP$$+=DIGITS[Math.floor(Math.random()*10)];return $OTP$$}function generateToken($user$$){const $n$$=new Date;return _crypto.createHash("md5").update($user$$.email+$n$$.toISOString()).digest("hex")}function saveOTP($Phone$$,$otp_code$$,$expires$$=5){let $expire_time$$=new Date;$expire_time$$.setMinutes($expire_time$$.getMinutes()+$expires$$);return OTP.create({phone:$Phone$$,otp:$otp_code$$,expire_time:$expire_time$$})}
4
4
  function findByUsername($username$$,$fn$$){if(!$username$$)return $fn$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");User.findOne({$or:[{email:$username$$},{"local.phone":$username$$}]},function($error$$,$result$$){return!$error$$&&$result$$&&$result$$.local?$fn$$(null,$result$$):$fn$$($error$$||`T\u00e0i kho\u1ea3n ${$username$$} kh\u00f4ng t\u1ed3n t\u1ea1i`)})}const INTRODUCER_CONTROLLER_KEY="INTRODUCER";
5
5
  async function addUserToApp($user$$,$body$$,$session_created$$){if($body$$.id_app){if(!global.mongoose.Types.ObjectId.isValid($body$$.id_app))throw Logger.error("[addUserToApp] id_app kh\u00f4ng h\u1ee3p l\u1ec7",$body$$.id_app),Error("Kh\u00f4ng th\u1ec3 t\u00ecm th\u1ea5y th\u00f4ng tin c\u00f4ng ty n\u00e0y");return executeInTransaction(async()=>{if(!await App.findById($body$$.id_app))throw Logger.error("[addUserToApp] Can't find app",$body$$.id_app),Error("Kh\u00f4ng th\u1ec3 t\u00ecm th\u1ea5y th\u00f4ng tin c\u00f4ng ty n\u00e0y");
6
6
  $user$$.current_id_app=$body$$.id_app;let $introducedBy$$;if($body$$.introduce_code){const $contrIntroducer$$=global.controllers[INTRODUCER_CONTROLLER_KEY];if(!$contrIntroducer$$)throw Logger.error("[addUserToApp] Introducer controller ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd"),Error("Kh\u00f4ng th\u1ec3 x\u1eed l\u00fd m\u00e3 gi\u1edbi thi\u1ec7u l\u00fac n\u00e0y");try{$introducedBy$$=await new Promise(($resolve$$,$reject$$)=>{Controler.create($user$$,$contrIntroducer$$,{introduce_code:$body$$.introduce_code},
@@ -11,12 +11,16 @@ var $cust_existingCustomer$$=await global.getModel("customer").findOne({id_app:$
11
11
  module.exports=async function($app$$,$passport$$){async function $joinUserToApp$$($req$$,$user$$){return executeInTransaction(async()=>{var $customer_idApp$$=$req$$.query.id_app,$participant$$=$req$$.query.group_id&&global.mongoose.Types.ObjectId.isValid($req$$.query.group_id)?$req$$.query.group_id:void 0;const $groupQuery$$={id_app:$customer_idApp$$,$or:[{is_customer_group:!0},{is_partner_group:!0},{is_agent_group:!0},{is_pttt_group:!0}]};$participant$$?$groupQuery$$._id=$participant$$:$groupQuery$$.default_group=
12
12
  !0;const [$app$$,$group$$]=await Promise.all([App.findById($customer_idApp$$),UserGroup.findOne($groupQuery$$).lean()]);if(!$app$$||!$group$$)return{blocked:!1};if(($participant$$=await Participant.asyncCreateParticipant({id_app:$customer_idApp$$,email:$user$$.email,name:$user$$.name,group_id:$group$$._id.toString(),active:$group$$.not_need_active}))&&!$participant$$.active)return{blocked:!0,message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t"};
13
13
  if($participant$$&&$participant$$.group_id&&await UserGroup.findOne({id_app:$customer_idApp$$,_id:$participant$$.group_id,is_customer_group:!0}).lean()){$customer_idApp$$={ten_kh:$user$$.name||$user$$.email,email:$user$$.email,id_app:$customer_idApp$$,user_created:$user$$.email,user_updated:$user$$.email,kh_yn:!0,of_user:$user$$.email};utils.isMobilePhone($user$$.email,["vi-VN"])&&($customer_idApp$$.dien_thoai=$user$$.email);try{await Customer.asyncCreateCustomer($customer_idApp$$)}catch($e$$){Logger.error("[auth][local] Auto create new customer with error:",
14
- $e$$.message)}}return{blocked:!1}},{useParent:!0})}const $rateLimiter$$=await global.createRateLimiterMiddleware(configs.limitRequest.auth||{},"auth");$passport$$.use(new BasicStrategy(function($username$$,$password$$,$done$$){if(!$username$$)return $done$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");$username$$=$username$$.trim();let $id_app$$;if($username$$.indexOf("@app=")>0){const $user_app$$=$username$$.split("@app=");$username$$=$user_app$$[0];$id_app$$=$user_app$$[1]}$username$$=$username$$.toLowerCase();
15
- setImmediate(function(){findByUsername($username$$,async function($err$jscomp$1_pars_pars$$,$user$$){if($err$jscomp$1_pars_pars$$)return $done$$($err$jscomp$1_pars_pars$$);if(!$user$$)return $done$$('T\u00e0i kho\u1ea3n "'+$username$$+'" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd.');if($user$$.status==0)return $done$$("T\u00e0i kho\u1ea3n n\u00e0y kh\u00f4ng c\u00f2n hi\u1ec7u l\u1ef1c");if($user$$.local.rspassword)if($user$$.validRspassword($password$$))$user$$.local.password=$user$$.local.rspassword,
16
- $user$$.local.rspassword=void 0,User.updateOne({email:$user$$.email},{local:$user$$.local},($e$$,$rs$$)=>{if($e$$)return Logger.error("Can't update password",$user$$.email,$e$$);Logger.info("updated new password",$user$$.email,$rs$$)});else{if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=
17
- await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}else{if(!$user$$.local.password)return $done$$("M\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i. H\u00e3y s\u1eed d\u1ee5ng t\u00ednh n\u0103ng kh\u00f4i ph\u1ee5c m\u1eadt kh\u1ea9u \u0111\u1ec3 \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y");
18
- if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}return $done$$(null,
19
- $user$$)})})}));$app$$.get("/send-otp/:address_receive_otp",$rateLimiter$$,async($id_app$jscomp$2_req$$,$res$$)=>{let $address_receive_otp$$=$id_app$jscomp$2_req$$.params.address_receive_otp.trim().toLowerCase();if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){if(!$id_app$jscomp$2_req$$.query["g-recaptcha-response"])return $res$$.status(400).send("Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token");try{await permission.verifyReCaptcha($id_app$jscomp$2_req$$.query["g-recaptcha-response"])}catch($e$$){return Logger.error("Can't verify recaptcha when send otp",
14
+ $e$$.message)}}return{blocked:!1}},{useParent:!0})}async function $issueLoginTokenIfActive$$($user$$,$req$$){if($user$$.local&&$user$$.local.active)try{const $accessToken$$=generateToken($user$$);await (new Token({email:$user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==="true"||$req$$.query.once==="1"})).save();return $accessToken$$}catch($e$$){Logger.error("[signup] can't gen new token for new user:",$user$$.email,
15
+ $e$$)}}async function $createCompanyForUser$$($d_expireDate_initDatabase_user$$,$body$$){const $app$$=new App;$app$$.user_created=$d_expireDate_initDatabase_user$$.email;$app$$.user_updated=$d_expireDate_initDatabase_user$$.email;$app$$.name=$body$$.cty_name;$d_expireDate_initDatabase_user$$=new Date;$app$$.ngay_dn=new Date($d_expireDate_initDatabase_user$$.getFullYear(),0,1);$app$$.ngay_ks=new Date($d_expireDate_initDatabase_user$$.getFullYear()-1,12,0);$app$$.nam_bd=$d_expireDate_initDatabase_user$$.getFullYear();
16
+ $app$$.ngay_ky1=new Date($d_expireDate_initDatabase_user$$.getFullYear(),0,1);$d_expireDate_initDatabase_user$$=new Date;$d_expireDate_initDatabase_user$$.setMonth($d_expireDate_initDatabase_user$$.getMonth()+3);$app$$.expire_date=$d_expireDate_initDatabase_user$$;await $app$$.save();$d_expireDate_initDatabase_user$$=require("../libs/initDatabase");await promisify($d_expireDate_initDatabase_user$$.init.bind($d_expireDate_initDatabase_user$$))($app$$._id)}async function $sendCredentialsEmail$$($user$$,
17
+ $html_plainPassword$$,$receiverName$$){$html_plainPassword$$=await promisify(loadTemplate)("thong tin dang nhap.html",{email:$user$$.email,password:$html_plainPassword$$,receiver_name:$receiverName$$});await promisify(email.sendHtml.bind(email))({to:{name:$user$$.name,address:$user$$.email},subject:"Th\u00f4ng tin t\u00e0i kho\u1ea3n",html:$html_plainPassword$$})}const $rateLimiter$$=await createRateLimiterMiddleware(configs.limitRequest.auth||{},"auth");$passport$$.use(new BasicStrategy(function($username$$,
18
+ $password$$,$done$$){if(!$username$$)return $done$$("B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n");$username$$=$username$$.trim();let $id_app$$;if($username$$.indexOf("@app=")>0){const $user_app$$=$username$$.split("@app=");$username$$=$user_app$$[0];$id_app$$=$user_app$$[1]}$username$$=$username$$.toLowerCase();setImmediate(function(){findByUsername($username$$,async function($err$jscomp$1_pars_pars$$,$user$$){if($err$jscomp$1_pars_pars$$)return $done$$($err$jscomp$1_pars_pars$$);if(!$user$$)return $done$$('T\u00e0i kho\u1ea3n "'+
19
+ $username$$+'" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd.');if($user$$.status==0)return $done$$("T\u00e0i kho\u1ea3n n\u00e0y kh\u00f4ng c\u00f2n hi\u1ec7u l\u1ef1c");if($user$$.local.rspassword)if($user$$.validRspassword($password$$))$user$$.local.password=$user$$.local.rspassword,$user$$.local.rspassword=void 0,User.updateOne({email:$user$$.email},{local:$user$$.local},($e$$,$rs$$)=>{if($e$$)return Logger.error("Can't update password",$user$$.email,$e$$);Logger.info("updated new password",
20
+ $user$$.email,$rs$$)});else{if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),$user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):
21
+ $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}else{if(!$user$$.local.password)return $done$$("M\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i. H\u00e3y s\u1eed d\u1ee5ng t\u00ednh n\u0103ng kh\u00f4i ph\u1ee5c m\u1eadt kh\u1ea9u \u0111\u1ec3 \u0111\u1eb7t l\u1ea1i m\u1eadt kh\u1ea9u cho ng\u01b0\u1eddi d\u00f9ng n\u00e0y");if(!$user$$.validPassword($password$$))if($id_app$$)if(await $user$$.validAppPassword($password$$,$id_app$$))$user$$=$user$$.toObject(),
22
+ $user$$.token_id_app=$id_app$$;else return $done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.");else return $err$jscomp$1_pars_pars$$=await $user$$.getAppOfPassword($password$$),$err$jscomp$1_pars_pars$$.length>0?($user$$=$user$$.toObject(),$user$$.token_id_apps=$err$jscomp$1_pars_pars$$.map($p$$=>$p$$.id_app),$done$$(null,$user$$)):$done$$("M\u1eadt kh\u1ea9u kh\u00f4ng ch\u00ednh x\u00e1c.")}return $done$$(null,$user$$)})})}));$app$$.get("/send-otp/:address_receive_otp",$rateLimiter$$,
23
+ async($id_app$jscomp$2_req$$,$res$$)=>{let $address_receive_otp$$=$id_app$jscomp$2_req$$.params.address_receive_otp.trim().toLowerCase();if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){if(!$id_app$jscomp$2_req$$.query["g-recaptcha-response"])return $res$$.status(400).send("Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token");try{await permission.verifyReCaptcha($id_app$jscomp$2_req$$.query["g-recaptcha-response"])}catch($e$$){return Logger.error("Can't verify recaptcha when send otp",
20
24
  $e$$),$res$$.status(400).send($e$$.messag||$e$$.error||$e$$)}}let $u$$=await User.findOne({$or:[{email:$address_receive_otp$$},{"local.phone":$address_receive_otp$$}]});if(!$u$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n ${$address_receive_otp$$} kh\u00f4ng t\u1ed3n t\u1ea1i`});const $username$$=$u$$.email;var $message$jscomp$9_otp_code$$=generateOTP();let $phone$$;$address_receive_otp$$!=$username$$&&utils.isMobilePhone($address_receive_otp$$)?$phone$$=$address_receive_otp$$:utils.isMobilePhone($username$$)?
21
25
  $phone$$=$username$$:utils.isMobilePhone(($u$$.local||{}).phone||"")&&($phone$$=($u$$.local||{}).phone);let $optObject$$;try{$optObject$$=await saveOTP($username$$,$message$jscomp$9_otp_code$$)}catch($e$$){return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 t\u1ea1o m\u00e3 OTP"})}if($phone$$){var $email_address_id_app$$=$id_app$jscomp$2_req$$.query.id_app;if($email_address_id_app$$&&isValidObjectId($email_address_id_app$$)){var $app$$=await global.getModel("app").findOne({_id:$email_address_id_app$$});
22
26
  const {zalo_otp_template_id:$zalo_otp_template_id$$,zalo_app_id:$zalo_app_id$$,zalo_secret_key:$zalo_secret_key$$,zalo_refresh_token:$zalo_refresh_token$$}=$app$$||{};if($zalo_otp_template_id$$&&$zalo_app_id$$&&$zalo_secret_key$$&&$zalo_refresh_token$$)try{return await utils.sendMessageZalo($email_address_id_app$$,$phone$$,$zalo_otp_template_id$$,{otp:$message$jscomp$9_otp_code$$}),$res$$.send($optObject$$.toObject())}catch($e$$){return $message$jscomp$9_otp_code$$=$e$$.message||$e$$.error||$e$$,
@@ -30,37 +34,34 @@ $req$$.params.id;if(!global.mongoose.Types.ObjectId.isValid($id$$))return $res$$
30
34
  $otp$$.tried_number>(configs.MAX_TRY_OTP||3)||$otp$$.expire_time.getTime()<(new Date).getTime())return $res$$.status(400).send({error:"M\u00e3 x\u00e1c th\u1ef1c n\u00e0y kh\u00f4ng t\u1ed3n t\u1ea1i ho\u1eb7c \u0111\u00e3 h\u1ebft hi\u1ec7u l\u1ef1c",code:4001});await OTP.updateOne({_id:$id$$},{verified:!0});let $user$$=await User.findOne({email:$otp$$.phone});if(!$user$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n kh\u00f4ng t\u1ed3n t\u1ea1i",code:4001});if(!$user$$.local||!$user$$.local.active){$user$$.local=
31
35
  $user$$.local||{};$user$$.local.active=!0;try{await $user$$.save(),redisCache.set("user",$user$$.toObject(),function($e$$){$e$$?Logger.error($e$$):Logger.info("cache user infomation to redis")})}catch($e$$){return Logger.info("error verify otp, create user",$e$$),$res$$.status(500).send($e$$)}}const $accessToken$$=generateToken($user$$);(new Token({email:$user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||
32
36
  $req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save(function($e$$,$rs$$){return $e$$?$res$$.status(500).send($e$$):$res$$.send({token:$accessToken$$,once:$rs$$.once})})}catch($e$$){Logger.error("error verify otp",$e$$),$res$$.status(400).send($e$$.message)}});$app$$.post("/auth/sign",$rateLimiter$$,($req$$,$res$$,$next$$)=>{$passport$$.authenticate("basic",{session:!1},function($err$$,$user$$){if($err$$||!$user$$)return $res$$.status(401).send({message:$err$$||"Unauthorized"});$req$$.user=
33
- $user$$;$next$$()})($req$$,$res$$,$next$$)},async($req$jscomp$8_user$$,$res$$)=>{let $data$$=$req$jscomp$8_user$$.body;$req$jscomp$8_user$$=$req$jscomp$8_user$$.user;if(!$data$$)return $res$$.status(400).send("Not have data to sign");if(!$data$$.id_app)return $res$$.status(400).send("Data miss id_app property");try{let $signature$$=await Wallet.sign($data$$.id_app,$req$jscomp$8_user$$.email,$data$$);$res$$.send($signature$$)}catch($e$$){return $res$$.status(400).send($e$$.message||$e$$)}});const $asyncHandler$$=
34
- $fn$$=>($req$$,$res$$,$next$$)=>Promise.resolve($fn$$($req$$,$res$$,$next$$)).catch($next$$),$redisIncrAsync$$=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.incr($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisExpireAsync$$=($key$$,$ttlSeconds$$)=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.expire($key$$,$ttlSeconds$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisPttlAsync$$=$key$$=>new Promise(($resolve$$,
35
- $reject$$)=>{global.clientRedis.pttl($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))}),$redisDelAsync$$=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.del($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});$app$$.get("/auth/local",$rateLimiter$$,$asyncHandler$$(async function($req$$,$res$$,$next$$){var $JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$req$$.headers.authorization;if(!$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$)return $res$$.status(400).send({message:"Authorization is required"});
36
- try{var $JSCompiler_inline_result$jscomp$0_password_raw_xff$$=Buffer.from($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.replace(/^Basic\s+/i,""),"base64").toString("utf-8")}catch($e$$){return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"})}var $idApp_sepIndex$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.indexOf(":");if($idApp_sepIndex$$<0)return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"});
37
- $JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice(0,$idApp_sepIndex$$).trim().toLowerCase();$JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice($idApp_sepIndex$$+1).trim();($idApp_sepIndex$$=$req$$.query.id_app)&&global.mongoose.Types.ObjectId.isValid($idApp_sepIndex$$)&&$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.indexOf("@app=")<
38
- 0&&(Logger.info("[signin] add id_app into username",$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,$idApp_sepIndex$$),$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=`${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}@app=${$idApp_sepIndex$$}`,$req$$.headers.authorization=`Basic ${Buffer.from(`${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}:${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}`).toString("base64")}`);
39
- $JSCompiler_inline_result$jscomp$0_password_raw_xff$$=($JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$req$$.headers["x-forwarded-for"])?$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.split(",")[0].trim():$req$$.ip||$req$$.socket&&$req$$.socket.remoteAddress||"unknown";$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=`bruteforce:login:${_crypto.createHash("sha256").update(`${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}:${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}`).digest("hex")}`;
40
- $req$$.bruteForceKey=$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$;try{const $times$$=await $redisIncrAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);$times$$===1&&await $redisExpireAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,Math.ceil(total_time_wait_login/1E3));if($times$$>total_time_try_login){const $ttlMs$$=await $redisPttlAsync$$($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);
41
- if($ttlMs$$>0){var $JSCompiler_inline_result$$=Math.round($ttlMs$$/6E4*100)/100;return $res$$.status(400).send({message:`B\u1ea1n \u0111\u0103ng nh\u1eadp sai ${total_time_try_login} l\u1ea7n li\u00ean ti\u1ebfp. H\u00e3y th\u1eed l\u1ea1i sau ${$JSCompiler_inline_result$$} ph\u00fat`})}}return $next$$()}catch($e$$){return Logger.error("[auth][local] brute-force check failed, fail-open",$e$$),$next$$()}}),function($req$$,$res$$,$next$$){$passport$$.authenticate("basic",{session:!1},async($err$$,$user$$)=>
42
- {if($err$$||!$user$$)return Logger.warn("[auth][local] authentication failed",$err$$?$err$$.message||$err$$:"no user"),$res$$.status(401).send({message:$err$$&&$err$$.message||"Unauthorized"});if(configs.require_verify&&!$user$$.local.active)return Logger.warn("[local] H\u1ec7 th\u1ed1ng y\u00eau c\u1ea7u x\u00e1c th\u1ef1c:",$user$$.email),$res$$.status(401).send({require_verify:!0});try{const $idApp$$=$req$$.query.id_app;if($idApp$$&&global.mongoose.Types.ObjectId.isValid($idApp$$)){const $participant$$=
43
- await global.getModel("participant").findOne({id_app:$idApp$$,email:$user$$.email}).lean();if($participant$$&&!$participant$$.active&&!$participant$$.admin)return $res$$.status(401).send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t",active:!1})}}catch($e$$){return Logger.error("[auth][local] error checking participant status",$e$$),$res$$.status(500).send({message:"\u0110\u00e3 c\u00f3 l\u1ed7i x\u1ea3y ra, vui l\u00f2ng th\u1eed l\u1ea1i sau"})}$req$$.user=
44
- $user$$;return $next$$()})($req$$,$res$$,$next$$)},$asyncHandler$$(async function($req$$,$res$$){const $user$$=$req$$.user,$agent$$=$req$$.headers["user-agent"],$sessionCreated$$=($req$$.cookies||{}).uid,$isOnce$$=$req$$.query.once==="true"||$req$$.query.once==="1";let $joinResult$$={blocked:!1};try{await executeInTransaction(async()=>{$req$$.query.id_app&&global.mongoose.Types.ObjectId.isValid($req$$.query.id_app)&&($joinResult$$=await $joinUserToApp$$($req$$,$user$$));$joinResult$$.blocked||$sessionCreated$$&&
45
- await User.updateOne({email:$user$$.email,session_created:null},{session_created:$sessionCreated$$})},{useParent:!0})}catch($e$$){return Logger.error("[auth][local] login transaction failed, rolled back",$user$$.email,$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 ho\u00e0n t\u1ea5t \u0111\u0103ng nh\u1eadp, vui l\u00f2ng th\u1eed l\u1ea1i"})}if($joinResult$$.blocked)return $res$$.status(401).send({message:$joinResult$$.message,active:!1});const $accessToken$$=generateToken($user$$);
46
- let $savedToken$$;try{$savedToken$$=await (new Token({email:$user$$.email,session_created:$sessionCreated$$,id_apps:$user$$.token_id_apps,only_id_app:$user$$.token_id_app,token:$accessToken$$,agent:$agent$$,ip:"",once:$isOnce$$})).save()}catch($e$$){return Logger.error("[auth][local] failed to save token",$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 t\u1ea1o phi\u00ean \u0111\u0103ng nh\u1eadp"})}log.create({id_app:"LOGIN",id_func:"LOGIN",action:"LOCALLOGIN"},$user$$.email,$agent$$,
47
- $req$$);try{$req$$.bruteForceKey&&await $redisDelAsync$$($req$$.bruteForceKey)}catch($e$$){Logger.error("[auth][local] failed to reset brute-force counter",$e$$)}return $res$$.send({token:$accessToken$$,once:$savedToken$$.once})}));$app$$.get("/check-user/:email",$rateLimiter$$,function($req$$,$res$$){const $email$$=$req$$.params.email;User.findOne({$or:[{email:$email$$},{"local.phone":$email$$}]},{email:1,name:1,picture:1}).lean().then(function($user$$){if(!$user$$)return $res$$.status(400).send(`T\u00e0i kho\u1ea3n ${$email$$} kh\u00f4ng t\u1ed3n t\u1ea1i`);
48
- $res$$.send($user$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.post("/signup",$rateLimiter$$,async($req$$,$res$$)=>{let $body$$=$req$$.body;$body$$.json&&($body$$=JSON.parse($body$$.json));if(!$body$$)return $res$$.status(400).send({error:"Kh\u00f4ng c\u00f3 n\u1ed9i dung"});if($body$$.id_app&&!global.mongoose.Types.ObjectId.isValid($body$$.id_app))return $res$$.status(400).send({error:"id_app kh\u00f4ng h\u1ee3p l\u1ec7"});if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){var $app$$=$body$$["g-recaptcha-response"]||
49
- $req$$.query["g-recaptcha-response"];if(!$app$$)return $res$$.status(400).send({error:"Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token"});try{await permission.verifyReCaptcha($app$$)}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}}let $session_created$$=($req$$.cookies||{}).uid;if($session_created$$&&$body$$.id_app){$app$$=await App.findById($body$$.id_app);if(!$app$$)return $res$$.status(400).send({error:"C\u00f4ng ty kh\u00f4ng t\u1ed3n t\u1ea1i"});
50
- if($app$$.options&&$app$$.options.one_account_per_device&&await Participant.findOne({session_created:$session_created$$,id_app:$body$$.id_app}).lean())return $res$$.status(400).send({error:"M\u1ed7i thi\u1ebft b\u1ecb ch\u1ec9 \u0111\u01b0\u1ee3c t\u1ea1o m\u1ed9t t\u00e0i kho\u1ea3n"})}if(!$body$$.email)return $res$$.status(400).send({error:"B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n"});$body$$.email=$body$$.email.trim().toLowerCase();if(!validator.isEmail($body$$.email)&&!utils.isMobilePhone($body$$.email,
51
- ["vi-VN"]))return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp ph\u1ea3i l\u00e0 1 \u0111\u1ecba ch\u1ec9 email ho\u1eb7c 1 s\u1ed1 \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng"});if(!$body$$.name)return $res$$.status(400).send({error:"H\u1ecd v\u00e0 t\u00ean ch\u01b0a nh\u1eadp"});if($body$$.introduce_code&&$body$$.id_app&&!await global.getModel("introducecode").findOne({id_app:$body$$.id_app,status:!0,introduce_code:$body$$.introduce_code}).lean())return $res$$.status(400).send({error:"M\u00e3 gi\u1edbi thi\u1ec7u kh\u00f4ng h\u1ee3p l\u1ec7"});
52
- Logger.info("[signup] \u0111ang \u0111\u0103ng k\u00fd t\u00e0i kho\u1ea3n",$body$$.email,"...");User.findOne({$or:[{email:$body$$.email},{"local.phone":$body$$.email}]},async function($error$$,$new_user$$){if($error$$)return $res$$.status(400).send($error$$);if($new_user$$)if(!$new_user$$.local||configs.require_verify&&!$new_user$$.local.active||$new_user$$.local.email!=$body$$.email)$new_user$$.local||($new_user$$.local={});else if($body$$.id_app){Logger.info(`[signup] t\u00e0i kho\u1ea3n ${$body$$.email}. \u0110ang th\u00eam v\u00e0o c\u00f4ng ty "${$body$$.id_app}"...`);
53
- try{let $p$$=await global.getModel("participant").findOne({id_app:$body$$.id_app,email:$body$$.email});if($p$$)return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n n\u00e0y \u0111\u00e3 t\u1ed3n t\u1ea1i"});$p$$=await addUserToApp($new_user$$,$body$$,$session_created$$);let $accessToken$$;if($new_user$$.local.active)try{$accessToken$$=generateToken($new_user$$),await (new Token({email:$new_user$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],
54
- ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once==="1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$new_user$$.email,$e$$)}return $res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd th\u00e0nh c\u00f4ng',token:$accessToken$$,active:$new_user$$.local.active})}catch($e$$){return await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),
55
- $res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}}else return $res$$.status(400).send({error:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd'});else $new_user$$=new User,$new_user$$.email=$body$$.email,$new_user$$.local={};$new_user$$.local.email=$body$$.email;$new_user$$.local.name=$body$$.name;$new_user$$.local.active=!configs.require_verify;$new_user$$.partner=$body$$.partner;$new_user$$.session_created=$session_created$$;$body$$.email2&&
56
- validator.isEmail($body$$.email2)&&($new_user$$.email2=$body$$.email2);$new_user$$.name=$new_user$$.local.name;$body$$.picture?$new_user$$.local.picture=$body$$.picture:$new_user$$.local.picture||($new_user$$.local.picture="/images/avatar.jpg");let $password$$;if($body$$.password){if($body$$.rePassword!==$body$$.password)return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u x\u00e1c nh\u1eadn kh\u00f4ng ch\u00ednh x\u00e1c"});if(!User.teststrengthPassword($body$$.password))return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u ph\u1ea3i c\u00f3 \u00edt nh\u1ea5t 6 k\u00fd t\u1ef1 v\u00e0 bao g\u1ed3m \u00edt nh\u1ea5t m\u1ed9t ch\u1eef s\u1ed1, m\u1ed9t ch\u1eef hoa v\u00e0 m\u1ed9t ch\u1eef th\u01b0\u1eddng"});
57
- $password$$=$body$$.password}else $password$$=_crypto.createHash("md5").update($new_user$$.email+(new Date).toISOString()).digest("hex");$new_user$$.local.password=$new_user$$.generateHash($new_user$$.email+$password$$);$new_user$$.save(async function($app$jscomp$5_error$$,$newUser$$){if($app$jscomp$5_error$$)return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 \u0111\u0103ng k\u00fd"});log.create({id_app:"SIGNUP",id_func:"SIGNUP",action:"SIGNUP"},$new_user$$.email,$req$$.header("user-agent"),
58
- $req$$);if($body$$.cty_name){$app$jscomp$5_error$$=new App;$app$jscomp$5_error$$.user_created=$new_user$$.email;$app$jscomp$5_error$$.user_updated=$new_user$$.email;$app$jscomp$5_error$$.name=$body$$.cty_name;var $d_now$$=new Date;$app$jscomp$5_error$$.ngay_dn=new Date($d_now$$.getFullYear(),0,1);$app$jscomp$5_error$$.ngay_ks=new Date($d_now$$.getFullYear()-1,12,0);$app$jscomp$5_error$$.nam_bd=$d_now$$.getFullYear();$app$jscomp$5_error$$.ngay_ky1=new Date($d_now$$.getFullYear(),0,1);$d_now$$=new Date;
59
- $d_now$$.setMonth($d_now$$.getMonth()+3);$app$jscomp$5_error$$.expire_date=new Date($d_now$$);$app$jscomp$5_error$$.save(function($error$$,$obj$$){if($error$$)return Logger.error("[signup] Khong tao duoc new app: "+$error$$);require("../libs/initDatabase").init($obj$$._id,function($error$$){$error$$&&Logger.error("[signup] Can't init database \n"+$error$$)})})}try{await addUserToApp($newUser$$,$body$$,$session_created$$)}catch($e$$){return Logger.error("[signup] add user to app",$e$$.message||$e$$.error||
60
- $e$$),await global.getModel("participant").deleteOne({id_app:$body$$.id_app,email:$body$$.email}),await User.deleteOne({email:$body$$.email}),$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}let $accessToken$$;if($newUser$$.local.active)try{$accessToken$$=generateToken($newUser$$),await (new Token({email:$newUser$$.email,session_created:($req$$.cookies||{}).uid,token:$accessToken$$,agent:$req$$.headers["user-agent"],ip:"",once:$req$$.query.once==1||$req$$.query.once=="true"||$req$$.query.once===
61
- "1"?!0:!1})).save()}catch($e$$){Logger.error("[signup] can't gen new token for new user:"+$newUser$$.email,$e$$)}validator.isEmail($body$$.email)&&!$body$$.password?(loadTemplate("thong tin dang nhap.html",{email:$new_user$$.email,password:$password$$,receiver_name:$body$$.name},function($error$$,$html$$){if($error$$)return Logger.info($error$$);email.sendHtml({to:{name:$new_user$$.name,address:$new_user$$.email},subject:"Th\u00f4ng tin t\u00e0i kho\u1ea3n",html:$html$$},function($error$$){$error$$&&
62
- Logger.error("Khong the gui email thon tin tai khoan cho nguoi dung\n"+$error$$)})}),$res$$.send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y th\u00f4ng tin \u0111\u0103ng nh\u1eadp",token:$accessToken$$,active:$newUser$$.local.active})):$res$$.send({message:'T\u00e0i kho\u1ea3n "'+$body$$.email+'" \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o',token:$accessToken$$,active:$newUser$$.local.active})})})});$app$$.get("/resetpassword",
63
- $rateLimiter$$,async($req$$,$res$$)=>{if(configs.GOOGLE_RECAPTCHA_SECRET_KEY)try{await permission.verifyReCaptcha($req$$.query["g-recaptcha-response"])}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}let $address$$=$req$$.query.email;if(!$address$$)return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u m\u1ed9t \u0111\u1ecba ch\u1ec9 email ho\u1eb7c s\u1ed1 \u0111i\u1ec7n tho\u1ea1i"});$address$$=$address$$.toLowerCase();User.findOne({$or:[{"local.email":$address$$},
64
- {email:$address$$},{email2:$address$$}]},function($error$$,$result$$){if($error$$)return $res$$.status(400).send($error$$);if(!$result$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n "${$address$$}" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd`});let $newpassword$$=_crypto.createHash("md5").update((new Date).toISOString()).digest("hex");$result$$.local.rspassword=$result$$.generateHash($result$$.email+$newpassword$$);$result$$.save(function($error$$){if($error$$)return $res$$.status(400).send($error$$);
37
+ $user$$;$next$$()})($req$$,$res$$,$next$$)},async($req$jscomp$9_user$$,$res$$)=>{let $data$$=$req$jscomp$9_user$$.body;$req$jscomp$9_user$$=$req$jscomp$9_user$$.user;if(!$data$$)return $res$$.status(400).send("Not have data to sign");if(!$data$$.id_app)return $res$$.status(400).send("Data miss id_app property");try{let $signature$$=await Wallet.sign($data$$.id_app,$req$jscomp$9_user$$.email,$data$$);$res$$.send($signature$$)}catch($e$$){return $res$$.status(400).send($e$$.message||$e$$)}});$app$$.get("/auth/local",
38
+ $rateLimiter$$,asyncHandler(async function($req$$,$res$$,$next$$){var $JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$req$$.headers.authorization;if(!$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$)return $res$$.status(400).send({message:"Authorization is required"});try{var $JSCompiler_inline_result$jscomp$0_password_raw_xff$$=Buffer.from($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.replace(/^Basic\s+/i,
39
+ ""),"base64").toString("utf-8")}catch($e$$){return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"})}var $idApp_sepIndex$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.indexOf(":");if($idApp_sepIndex$$<0)return $res$$.status(400).send({message:"Authorization header kh\u00f4ng h\u1ee3p l\u1ec7"});$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice(0,$idApp_sepIndex$$).trim().toLowerCase();
40
+ $JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.slice($idApp_sepIndex$$+1).trim();($idApp_sepIndex$$=$req$$.query.id_app)&&global.mongoose.Types.ObjectId.isValid($idApp_sepIndex$$)&&$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$.indexOf("@app=")<0&&(Logger.info("[signin] add id_app into username",$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,$idApp_sepIndex$$),$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=
41
+ `${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}@app=${$idApp_sepIndex$$}`,$req$$.headers.authorization=`Basic ${Buffer.from(`${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}:${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}`).toString("base64")}`);$JSCompiler_inline_result$jscomp$0_password_raw_xff$$=($JSCompiler_inline_result$jscomp$0_password_raw_xff$$=$req$$.headers["x-forwarded-for"])?$JSCompiler_inline_result$jscomp$0_password_raw_xff$$.split(",")[0].trim():
42
+ $req$$.ip||$req$$.socket&&$req$$.socket.remoteAddress||"unknown";$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$=`bruteforce:login:${_crypto.createHash("sha256").update(`${$JSCompiler_inline_result$jscomp$0_password_raw_xff$$}:${$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$}`).digest("hex")}`;$req$$.bruteForceKey=$JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$;try{const $times$$=await redisIncrAsync($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);
43
+ $times$$===1&&await redisExpireAsync($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$,Math.ceil(total_time_wait_login/1E3));if($times$$>total_time_try_login){const $ttlMs$$=await redisPttlAsync($JSCompiler_inline_result$jscomp$1_authorizationHeader_username$jscomp$2_username$$);if($ttlMs$$>0){var $JSCompiler_inline_result$$=Math.round($ttlMs$$/6E4*100)/100;return $res$$.status(400).send({message:`B\u1ea1n \u0111\u0103ng nh\u1eadp sai ${total_time_try_login} l\u1ea7n li\u00ean ti\u1ebfp. H\u00e3y th\u1eed l\u1ea1i sau ${$JSCompiler_inline_result$$} ph\u00fat`})}}return $next$$()}catch($e$$){return Logger.error("[auth][local] brute-force check failed, fail-open",
44
+ $e$$),$next$$()}}),function($req$$,$res$$,$next$$){$passport$$.authenticate("basic",{session:!1},async($err$$,$user$$)=>{if($err$$||!$user$$)return Logger.warn("[auth][local] authentication failed",$err$$?$err$$.message||$err$$:"no user"),$res$$.status(401).send({message:$err$$&&$err$$.message||"Unauthorized"});if(configs.require_verify&&!$user$$.local.active)return Logger.warn("[local] H\u1ec7 th\u1ed1ng y\u00eau c\u1ea7u x\u00e1c th\u1ef1c:",$user$$.email),$res$$.status(401).send({require_verify:!0});
45
+ try{const $idApp$$=$req$$.query.id_app;if($idApp$$&&global.mongoose.Types.ObjectId.isValid($idApp$$)){const $participant$$=await global.getModel("participant").findOne({id_app:$idApp$$,email:$user$$.email}).lean();if($participant$$&&!$participant$$.active&&!$participant$$.admin)return $res$$.status(401).send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111ang ch\u1edd \u0111\u01b0\u1ee3c x\u00e9t duy\u1ec7t",active:!1})}}catch($e$$){return Logger.error("[auth][local] error checking participant status",
46
+ $e$$),$res$$.status(500).send({message:"\u0110\u00e3 c\u00f3 l\u1ed7i x\u1ea3y ra, vui l\u00f2ng th\u1eed l\u1ea1i sau"})}$req$$.user=$user$$;return $next$$()})($req$$,$res$$,$next$$)},asyncHandler(async function($req$$,$res$$){const $user$$=$req$$.user,$agent$$=$req$$.headers["user-agent"],$sessionCreated$$=($req$$.cookies||{}).uid,$isOnce$$=$req$$.query.once==="true"||$req$$.query.once==="1";let $joinResult$$={blocked:!1};try{await executeInTransaction(async()=>{$req$$.query.id_app&&global.mongoose.Types.ObjectId.isValid($req$$.query.id_app)&&
47
+ ($joinResult$$=await $joinUserToApp$$($req$$,$user$$));$joinResult$$.blocked||$sessionCreated$$&&await User.updateOne({email:$user$$.email,session_created:null},{session_created:$sessionCreated$$})},{useParent:!0})}catch($e$$){return Logger.error("[auth][local] login transaction failed, rolled back",$user$$.email,$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 ho\u00e0n t\u1ea5t \u0111\u0103ng nh\u1eadp, vui l\u00f2ng th\u1eed l\u1ea1i"})}if($joinResult$$.blocked)return $res$$.status(401).send({message:$joinResult$$.message,
48
+ active:!1});const $accessToken$$=generateToken($user$$);let $savedToken$$;try{$savedToken$$=await (new Token({email:$user$$.email,session_created:$sessionCreated$$,id_apps:$user$$.token_id_apps,only_id_app:$user$$.token_id_app,token:$accessToken$$,agent:$agent$$,ip:"",once:$isOnce$$})).save()}catch($e$$){return Logger.error("[auth][local] failed to save token",$e$$),$res$$.status(500).send({message:"Kh\u00f4ng th\u1ec3 t\u1ea1o phi\u00ean \u0111\u0103ng nh\u1eadp"})}log.create({id_app:"LOGIN",id_func:"LOGIN",
49
+ action:"LOCALLOGIN"},$user$$.email,$agent$$,$req$$);try{$req$$.bruteForceKey&&await redisDelAsync($req$$.bruteForceKey)}catch($e$$){Logger.error("[auth][local] failed to reset brute-force counter",$e$$)}return $res$$.send({token:$accessToken$$,once:$savedToken$$.once})}));$app$$.get("/check-user/:email",$rateLimiter$$,function($req$$,$res$$){const $email$$=$req$$.params.email;User.findOne({$or:[{email:$email$$},{"local.phone":$email$$}]},{email:1,name:1,picture:1}).lean().then(function($user$$){if(!$user$$)return $res$$.status(400).send(`T\u00e0i kho\u1ea3n ${$email$$} kh\u00f4ng t\u1ed3n t\u1ea1i`);
50
+ $res$$.send($user$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.post("/signup",$rateLimiter$$,asyncHandler(async($accessToken$jscomp$4_accessToken$jscomp$5_req$$,$res$$)=>{let $body$$=$accessToken$jscomp$4_accessToken$jscomp$5_req$$.body;if($body$$.json)try{$body$$=JSON.parse($body$$.json)}catch($e$$){return $res$$.status(400).send({error:"D\u1eef li\u1ec7u g\u1eedi l\u00ean kh\u00f4ng h\u1ee3p l\u1ec7"})}if(!$body$$)return $res$$.status(400).send({error:"Kh\u00f4ng c\u00f3 n\u1ed9i dung"});
51
+ if($body$$.id_app&&!global.mongoose.Types.ObjectId.isValid($body$$.id_app))return $res$$.status(400).send({error:"id_app kh\u00f4ng h\u1ee3p l\u1ec7"});if(configs.GOOGLE_RECAPTCHA_SECRET_KEY){var $app$jscomp$5_isNewUser_plainPassword$$=$body$$["g-recaptcha-response"]||$accessToken$jscomp$4_accessToken$jscomp$5_req$$.query["g-recaptcha-response"];if(!$app$jscomp$5_isNewUser_plainPassword$$)return $res$$.status(400).send({error:"Ch\u1ee9c n\u0103ng n\u00e0y y\u00eau c\u1ea7u m\u1ed9t google recaptcha token"});
52
+ try{await permission.verifyReCaptcha($app$jscomp$5_isNewUser_plainPassword$$)}catch($e$$){return Logger.warn("[signup] recaptcha verify failed",$body$$.email,$e$$.message||$e$$),$res$$.status(400).send({error:"X\u00e1c th\u1ef1c recaptcha th\u1ea5t b\u1ea1i"})}}const $sessionCreated$$=($accessToken$jscomp$4_accessToken$jscomp$5_req$$.cookies||{}).uid;if($sessionCreated$$&&$body$$.id_app){$app$jscomp$5_isNewUser_plainPassword$$=await App.findById($body$$.id_app);if(!$app$jscomp$5_isNewUser_plainPassword$$)return $res$$.status(400).send({error:"C\u00f4ng ty kh\u00f4ng t\u1ed3n t\u1ea1i"});
53
+ if($app$jscomp$5_isNewUser_plainPassword$$.options&&$app$jscomp$5_isNewUser_plainPassword$$.options.one_account_per_device&&await Participant.findOne({session_created:$sessionCreated$$,id_app:$body$$.id_app}).lean())return $res$$.status(400).send({error:"M\u1ed7i thi\u1ebft b\u1ecb ch\u1ec9 \u0111\u01b0\u1ee3c t\u1ea1o m\u1ed9t t\u00e0i kho\u1ea3n"})}if(!$body$$.email)return $res$$.status(400).send({error:"B\u1ea1n ch\u01b0a nh\u1eadp t\u00e0i kho\u1ea3n"});$body$$.email=$body$$.email.trim().toLowerCase();
54
+ if(!validator.isEmail($body$$.email)&&!utils.isMobilePhone($body$$.email,["vi-VN"]))return $res$$.status(400).send({error:"T\u00e0i kho\u1ea3n \u0111\u0103ng nh\u1eadp ph\u1ea3i l\u00e0 1 \u0111\u1ecba ch\u1ec9 email ho\u1eb7c 1 s\u1ed1 \u0111i\u1ec7n tho\u1ea1i di \u0111\u1ed9ng"});if(!$body$$.name)return $res$$.status(400).send({error:"H\u1ecd v\u00e0 t\u00ean ch\u01b0a nh\u1eadp"});if($body$$.introduce_code&&$body$$.id_app&&!await global.getModel("introducecode").findOne({id_app:$body$$.id_app,
55
+ status:!0,introduce_code:$body$$.introduce_code}).lean())return $res$$.status(400).send({error:"M\u00e3 gi\u1edbi thi\u1ec7u kh\u00f4ng h\u1ee3p l\u1ec7"});Logger.info("[signup] \u0111ang \u0111\u0103ng k\u00fd t\u00e0i kho\u1ea3n",$body$$.email,"...");const $existingUser$$=await User.findOne({$or:[{email:$body$$.email},{"local.phone":$body$$.email}]});if($existingUser$$&&$existingUser$$.local&&(!configs.require_verify||$existingUser$$.local.active)&&$existingUser$$.local.email===$body$$.email){if(!$body$$.id_app)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n "${$body$$.email}" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd`});
56
+ Logger.info(`[signup] t\u00e0i kho\u1ea3n ${$body$$.email}. \u0110ang th\u00eam v\u00e0o c\u00f4ng ty "${$body$$.id_app}"...`);try{await executeInTransaction(async()=>{if(await global.getModel("participant").findOne({id_app:$body$$.id_app,email:$body$$.email})){const $err$$=Error("T\u00e0i kho\u1ea3n n\u00e0y \u0111\u00e3 t\u1ed3n t\u1ea1i");$err$$.isDuplicateParticipant=!0;throw $err$$;}await addUserToApp($existingUser$$,$body$$,$sessionCreated$$)},{useParent:!0})}catch($e$$){if($e$$.isDuplicateParticipant)return $res$$.status(400).send({error:$e$$.message});
57
+ Logger.error("[signup] add existing user to app failed, rolled back",$body$$.email,$e$$);return $res$$.status(400).send({error:$e$$.message||"Kh\u00f4ng th\u1ec3 th\u00eam t\u00e0i kho\u1ea3n v\u00e0o c\u00f4ng ty n\u00e0y"})}$accessToken$jscomp$4_accessToken$jscomp$5_req$$=await $issueLoginTokenIfActive$$($existingUser$$,$accessToken$jscomp$4_accessToken$jscomp$5_req$$);return $res$$.send({message:`T\u00e0i kho\u1ea3n "${$body$$.email}" \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd th\u00e0nh c\u00f4ng`,
58
+ token:$accessToken$jscomp$4_accessToken$jscomp$5_req$$,active:$existingUser$$.local.active})}$app$jscomp$5_isNewUser_plainPassword$$=!$existingUser$$;const $user$$=$existingUser$$||new User;$app$jscomp$5_isNewUser_plainPassword$$?($user$$.email=$body$$.email,$user$$.local={}):$user$$.local||($user$$.local={});$user$$.local.email=$body$$.email;$user$$.local.name=$body$$.name;$user$$.local.active=!configs.require_verify;$user$$.partner=$body$$.partner;$user$$.session_created=$sessionCreated$$;$body$$.email2&&
59
+ validator.isEmail($body$$.email2)&&($user$$.email2=$body$$.email2);$user$$.name=$user$$.local.name;$user$$.local.picture=$body$$.picture||$user$$.local.picture||"/images/avatar.jpg";if($body$$.password){if($body$$.rePassword!==$body$$.password)return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u x\u00e1c nh\u1eadn kh\u00f4ng ch\u00ednh x\u00e1c"});if(!User.teststrengthPassword($body$$.password))return $res$$.status(400).send({error:"M\u1eadt kh\u1ea9u ph\u1ea3i c\u00f3 \u00edt nh\u1ea5t 6 k\u00fd t\u1ef1 v\u00e0 bao g\u1ed3m \u00edt nh\u1ea5t m\u1ed9t ch\u1eef s\u1ed1, m\u1ed9t ch\u1eef hoa v\u00e0 m\u1ed9t ch\u1eef th\u01b0\u1eddng"});
60
+ $app$jscomp$5_isNewUser_plainPassword$$=$body$$.password}else $app$jscomp$5_isNewUser_plainPassword$$=_crypto.randomBytes(24).toString("hex");$user$$.local.password=$user$$.generateHash($user$$.email+$app$jscomp$5_isNewUser_plainPassword$$);if($body$$.id_app)try{await executeInTransaction(async()=>{await $user$$.save();await addUserToApp($user$$,$body$$,$sessionCreated$$)},{useParent:!0})}catch($e$$){return Logger.error("[signup] save user / add to app failed, rolled back",$body$$.email,$e$$),$res$$.status(400).send({error:$e$$.message||
61
+ "Kh\u00f4ng th\u1ec3 \u0111\u0103ng k\u00fd"})}else try{await $user$$.save()}catch($e$$){return Logger.error("[signup] save user failed",$body$$.email,$e$$),$res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 \u0111\u0103ng k\u00fd"})}log.create({id_app:"SIGNUP",id_func:"SIGNUP",action:"SIGNUP"},$user$$.email,$accessToken$jscomp$4_accessToken$jscomp$5_req$$.headers["user-agent"],$accessToken$jscomp$4_accessToken$jscomp$5_req$$);$body$$.cty_name&&$createCompanyForUser$$($user$$,$body$$).catch($e$$=>
62
+ {Logger.error("[signup] Kh\u00f4ng t\u1ea1o \u0111\u01b0\u1ee3c company m\u1edbi",$user$$.email,$e$$)});$accessToken$jscomp$4_accessToken$jscomp$5_req$$=await $issueLoginTokenIfActive$$($user$$,$accessToken$jscomp$4_accessToken$jscomp$5_req$$);return validator.isEmail($body$$.email)&&!$body$$.password?($sendCredentialsEmail$$($user$$,$app$jscomp$5_isNewUser_plainPassword$$,$body$$.name).catch($e$$=>{Logger.error("[signup] g\u1eedi email th\u00f4ng tin t\u00e0i kho\u1ea3n th\u1ea5t b\u1ea1i",$user$$.email,
63
+ $e$$)}),$res$$.send({message:"T\u00e0i kho\u1ea3n c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y th\u00f4ng tin \u0111\u0103ng nh\u1eadp",token:$accessToken$jscomp$4_accessToken$jscomp$5_req$$,active:$user$$.local.active})):$res$$.send({message:`T\u00e0i kho\u1ea3n "${$body$$.email}" \u0111\u00e3 \u0111\u01b0\u1ee3c t\u1ea1o`,token:$accessToken$jscomp$4_accessToken$jscomp$5_req$$,active:$user$$.local.active})}));$app$$.get("/resetpassword",$rateLimiter$$,
64
+ async($req$$,$res$$)=>{if(configs.GOOGLE_RECAPTCHA_SECRET_KEY)try{await permission.verifyReCaptcha($req$$.query["g-recaptcha-response"])}catch($e$$){return $res$$.status(400).send({error:$e$$.message||$e$$.error||$e$$})}let $address$$=$req$$.query.email;if(!$address$$)return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u m\u1ed9t \u0111\u1ecba ch\u1ec9 email ho\u1eb7c s\u1ed1 \u0111i\u1ec7n tho\u1ea1i"});$address$$=$address$$.toLowerCase();User.findOne({$or:[{"local.email":$address$$},{email:$address$$},
65
+ {email2:$address$$}]},function($error$$,$result$$){if($error$$)return $res$$.status(400).send($error$$);if(!$result$$)return $res$$.status(400).send({error:`T\u00e0i kho\u1ea3n "${$address$$}" ch\u01b0a \u0111\u01b0\u1ee3c \u0111\u0103ng k\u00fd`});let $newpassword$$=_crypto.createHash("md5").update((new Date).toISOString()).digest("hex");$result$$.local.rspassword=$result$$.generateHash($result$$.email+$newpassword$$);$result$$.save(function($error$$){if($error$$)return $res$$.status(400).send($error$$);
65
66
  loadTemplate("reset mat khau.html",{receiver_name:$result$$.name,email:$result$$.email,password:$newpassword$$},function($error$$,$html$$){if($error$$)return $res$$.status(400).send($error$$);$result$$.email&&validator.isEmail($result$$.email)&&email.sendHtml({to:{name:$result$$.name,address:$result$$.email},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+$error$$):Logger.info("send new password to",
66
67
  $result$$.email)});$result$$.email2&&validator.isEmail($result$$.email2)&&email.sendHtml({to:{name:$result$$.name,address:$result$$.email2},subject:"\u0110\u1ed5i m\u1eadt kh\u1ea9u",html:$html$$},function($error$$){$error$$?Logger.error("Khong the gui thong tin tai khoan cho nguoi su dung\n"+$error$$):Logger.info("send new password to",$result$$.email)});log.create({id_app:"RESETPASSWORD",id_func:"RESETPASSWORD",action:"RESETPASSWORD"},$result$$.email,$req$$.header("user-agent"),$req$$);$res$$.send({message:"M\u1eadt kh\u1ea9u c\u1ee7a b\u1ea1n \u0111\u00e3 \u0111\u01b0\u1ee3c \u0111\u1ed5i th\u00e0nh c\u00f4ng. Ki\u1ec3m tra email \u0111\u1ec3 l\u1ea5y m\u1eadt kh\u1ea9u m\u1edbi, sau \u0111\u00f3 b\u1ea1n n\u00ean \u0111\u1ed5i m\u1eadt kh\u1ea9u n\u00e0y"})})})})})};
@@ -0,0 +1,11 @@
1
+ const {RateLimiterRedis,RateLimiterMemory}=require("rate-limiter-flexible"),domainCache=new Map,DOMAIN_CACHE_TTL_MS=3E5,DOMAIN_CACHE_MAX_SIZE=5E3;
2
+ async function getDomainConfig($origin$$){var $cached_data$$=domainCache.get($origin$$);if($cached_data$$&&$cached_data$$.expiresAt>Date.now())return $cached_data$$.data;$cached_data$$=null;try{$cached_data$$=await global.getModel("domain").findOne({domain:$origin$$},{points:1,not_allow:1}).lean()}catch($e$$){return Logger.error("[rateLimiter] domain lookup failed",$origin$$,$e$$),null}domainCache.size>=DOMAIN_CACHE_MAX_SIZE&&domainCache.delete(domainCache.keys().next().value);domainCache.set($origin$$,
3
+ {data:$cached_data$$,expiresAt:Date.now()+DOMAIN_CACHE_TTL_MS});return $cached_data$$}function getClientIp($raw_req$$){const $xff$$=$raw_req$$.headers["x-forwarded-for"];$raw_req$$=$raw_req$$.ip||($xff$$?$xff$$.split(",")[0].trim():void 0)||$raw_req$$.socket&&$raw_req$$.socket.remoteAddress||"unknown";return $raw_req$$.startsWith("::ffff:")?$raw_req$$.slice(7):$raw_req$$}
4
+ function getOrigin($raw$jscomp$1_req$$){$raw$jscomp$1_req$$=($raw$jscomp$1_req$$.headers.origin||$raw$jscomp$1_req$$.headers.referer||"").toString().trim();if(!$raw$jscomp$1_req$$)return"";try{return(new URL(/^https?:\/\//i.test($raw$jscomp$1_req$$)?$raw$jscomp$1_req$$:`https://${$raw$jscomp$1_req$$}`)).hostname.toLowerCase().replace(/^www\./,"")}catch($e$$){return""}}
5
+ function parseTrustDomains(){return((global.configs||{}).trust_domains||"").toString().toLowerCase().split(",").map($d$$=>$d$$.trim()).filter(Boolean)}
6
+ async function resolvePoints($req$$,$origin$$,$domainConfig_trustKey$$,$totalPoints$$,$keyPrefix$$){var $penaltyPoints_trustDomains$$=parseTrustDomains();if($penaltyPoints_trustDomains$$.includes($origin$$))return{points:1};const $trustKeys$$=(global.configs||{}).trust_keys||[];if($trustKeys$$.length>0&&$trustKeys$$.includes($domainConfig_trustKey$$))return{points:1};if($domainConfig_trustKey$$=await getDomainConfig($origin$$))return $domainConfig_trustKey$$.not_allow?{blocked:!0}:{points:$domainConfig_trustKey$$.points||
7
+ 1};if($penaltyPoints_trustDomains$$.length===0&&$trustKeys$$.length===0)return{points:1};$penaltyPoints_trustDomains$$=Math.max(1,Math.round($totalPoints$$/2));Logger.warn("[rateLimiter] untrusted origin, higher point cost",{keyPrefix:$keyPrefix$$,origin:$origin$$,points:$penaltyPoints_trustDomains$$,totalPoints:$totalPoints$$,originalUrl:$req$$.originalUrl});return{points:$penaltyPoints_trustDomains$$}}
8
+ const createRateLimiterMiddleware=async($blockDuration_config$$,$keyPrefix$$)=>{const $totalPoints$$=$blockDuration_config$$.points||1E3,$duration$$=$blockDuration_config$$.duration||1;$blockDuration_config$$=$blockDuration_config$$.blockDuration||0;const $insuranceLimiter$$=new RateLimiterMemory({points:$totalPoints$$,duration:$duration$$,blockDuration:$blockDuration_config$$}),$limiter$$=new RateLimiterRedis({keyPrefix:$keyPrefix$$,storeClient:global.clientRedis,points:$totalPoints$$,duration:$duration$$,
9
+ blockDuration:$blockDuration_config$$,inMemoryBlockOnConsumed:$totalPoints$$+1,inMemoryBlockDuration:10,insuranceLimiter:$insuranceLimiter$$});return async function($req$$,$res$$,$next$$){let $key$$,$points$$;try{const $origin$$=getOrigin($req$$),$trustKey$$=($req$$.headers["x-trust-key"]||$req$$.query.trustkey||$req$$.query.trust_key||"").toString(),$resolved$$=await resolvePoints($req$$,$origin$$,$trustKey$$,$totalPoints$$,$keyPrefix$$);if($resolved$$.blocked)return $res$$.status(400).send({error:"Access is not allowed"});
10
+ $points$$=$resolved$$.points;$key$$=getClientIp($req$$);$req$$.user&&($key$$=`${$key$$}-${$req$$.user.email}`);$key$$=`${$key$$}-${$origin$$||"unknown"}-${$trustKey$$||"untrustkey"}`}catch($e$$){return Logger.error("[rateLimiter] failed to prepare key/points",$keyPrefix$$,$e$$),$next$$()}try{return await $limiter$$.consume($key$$,$points$$),$next$$()}catch($err$$){if($err$$ instanceof Error)return Logger.error("[rateLimiter] infra error",$keyPrefix$$,$err$$),$next$$();$req$$=Math.ceil(($err$$.msBeforeNext||
11
+ 1E3)/1E3);$res$$.set("Retry-After",String($req$$));return $res$$.status(429).send({error:"Too Many Requests. Please try again later",retryAfter:$req$$})}}};module.exports={createRateLimiterMiddleware};
package/server/global.js CHANGED
@@ -1,25 +1,20 @@
1
- const fs=require("fs"),async=require("async"),logger=require("./libs/logger.js");global.Logger=logger;const prototypes=require("./libs/prototypes.js"),TransactionPool=require("./libs/BlockchainTransactionPool"),leanID=require("./libs/mongooseLeanId"),mongooseSecurityPlugin=require("./libs/mongooseSecurityPlugin"),deletePost=require("./libs/mongooseDeletePost");
1
+ const fs=require("fs"),async=require("async"),logger=require("./libs/logger.js");global.Logger=logger;const prototypes=require("./libs/prototypes.js"),TransactionPool=require("./libs/BlockchainTransactionPool"),leanID=require("./libs/mongooseLeanId"),mongooseSecurityPlugin=require("./libs/mongooseSecurityPlugin"),deletePost=require("./libs/mongooseDeletePost"),{onAfterCommit}=require("./libs/sessionContext.js");
2
2
  function globalListinfoCodePlugin($schema$$){$schema$$.path("listinfo_code")||$schema$$.add({listinfo_code:{type:String,default:null}});$schema$$.path("id_client")||$schema$$.add({id_client:{type:String,default:null}})}global.blockchainTransactionPool=new TransactionPool;global.new_schedules=[];global.rootDir=__dirname;global.ctrlVouchers={};global.controllers={};global.report_controllers={};global.postingVouchers={};global.cacheDatas={};
3
3
  global.socketContainer={loadConnectionId:async()=>new Promise($res$$=>{global.clientRedis.get("client-io",function($err$$,$reply$$){if($err$$)return console.error($err$$),$res$$({});if($reply$$)try{let $ios$$=JSON.parse($reply$$);return $res$$($ios$$||{})}catch($e$$){return console.error($e$$),$res$$({})}else return $res$$({})})}),saveConnectionId:async($clientIO$$={})=>new Promise(($res$$,$rej$$)=>{global.clientRedis.set("client-io",JSON.stringify($clientIO$$),$e$$=>{if($e$$)return console.error($e$$),
4
4
  $rej$$($e$$);$res$$($clientIO$$)})})};global.clientIO={};global.model_books="socai socaitmp socainpp vsocai sokho sokhott sokhonpp sokhokhongton sosanxuat vatvao vatra phucap".split(" ");global.secu_models="asskey assproduct assperiod assinvestment asssell assbuy assneedtobuy asswithdraw asscashwithdraw wallet assfindhash assbank asstransaction assissue token tokens user app listinfo right otp payload smsaccount emailaccount".split(" ");global.webPush=require("web-push");global.mongoose=require("mongoose");
5
- const originalCast=global.mongoose.Number.cast();global.mongoose.Number.cast(function($value$$){return typeof $value$$==="number"&&Number.isNaN($value$$)?0:originalCast($value$$)});global.mongoose.plugin(mongooseSecurityPlugin);require("./libs/mongoosePatch.js");global.mongoose.plugin(leanID);global.mongoose.plugin(deletePost);global.mongoose.plugin(globalListinfoCodePlugin);const {createStorageUsageTracker}=require("mongoose-storage-usage");
6
- global.storageUsage=createStorageUsageTracker(mongoose,{autoApply:!0,fileFieldsConfig:{File:["file"]}});global.storageUsage.registerCronJob("0 2 * * *");global.mongoose.plugin(function($schema$$){$schema$$.set("versionKey",!1)});global.Schema=global.mongoose.Schema;
5
+ const originalCast=global.mongoose.Number.cast();global.mongoose.Number.cast(function($value$$){return typeof $value$$==="number"&&Number.isNaN($value$$)?0:originalCast($value$$)});global.mongoose.plugin(mongooseSecurityPlugin);require("./libs/mongoosePatch.js");global.mongoose.plugin(leanID);global.mongoose.plugin(deletePost);global.mongoose.plugin(globalListinfoCodePlugin);global.Schema=global.mongoose.Schema;
7
6
  global.getModel=$model_name_name$$=>{$model_name_name$$=$model_name_name$$.split(".js")[0];var $_requireFields_manualMap_model_model_path_mySchema$$={kbmpttct:"kbmPttct",kbmtkgtgt:"kbmTkgtgt",token:"tokens",bn1:"pc1",bc1:"pt1",dmnhkh:"group",dmchucvu:"group",dmnhtask:"group",dmntt:"group",dmnt:"currentcy",dmtk:"account",dmkh:"customer",dmsp:"dmvt",data_socai:"socai",data_socaitc:"socaitc",data_sokho:"sokho"};$_requireFields_manualMap_model_model_path_mySchema$$[$model_name_name$$]&&($model_name_name$$=
8
7
  $_requireFields_manualMap_model_model_path_mySchema$$[$model_name_name$$]);if($_requireFields_manualMap_model_model_path_mySchema$$=mongoose.models[$model_name_name$$])return $_requireFields_manualMap_model_model_path_mySchema$$;if(global.controllers[$model_name_name$$.toUpperCase()]&&global.controllers[$model_name_name$$.toUpperCase()].model)return global.controllers[$model_name_name$$].model;if(((global.configs||{}).paths||{}).models&&($_requireFields_manualMap_model_model_path_mySchema$$=((global.configs||
9
8
  {}).paths||{}).models+"/"+$model_name_name$$+".js",fs.existsSync($_requireFields_manualMap_model_model_path_mySchema$$)))return require($_requireFields_manualMap_model_model_path_mySchema$$);$_requireFields_manualMap_model_model_path_mySchema$$=__dirname+"/models/"+$model_name_name$$+".js";if(fs.existsSync($_requireFields_manualMap_model_model_path_mySchema$$))return require($_requireFields_manualMap_model_model_path_mySchema$$);console.error("model",$model_name_name$$,"is not exists. create new model");
10
- $_requireFields_manualMap_model_model_path_mySchema$$={...require("./models/listinfo").requireFields};$_requireFields_manualMap_model_model_path_mySchema$$=new global.Schema($_requireFields_manualMap_model_model_path_mySchema$$,{strict:!1});return global.mongoose.model($model_name_name$$,$_requireFields_manualMap_model_model_path_mySchema$$)};global.getLib=$lib_name$$=>require("./libs/"+$lib_name$$);
9
+ $_requireFields_manualMap_model_model_path_mySchema$$={...require("./models/listinfo").requireFields};$_requireFields_manualMap_model_model_path_mySchema$$=new global.Schema($_requireFields_manualMap_model_model_path_mySchema$$,{strict:!1});return global.mongoose.model($model_name_name$$,$_requireFields_manualMap_model_model_path_mySchema$$)};const {createStorageUsageTracker}=require("mongoose-storage-usage");
10
+ global.storageUsage=createStorageUsageTracker(mongoose,{autoApply:!0,appModel:global.getModel("app"),fileFieldsConfig:{File:["file"]}});global.storageUsage.registerCronJob("0 2 * * *");global.mongoose.plugin(function($schema$$){$schema$$.set("versionKey",!1)});global.getLib=$lib_name$$=>require("./libs/"+$lib_name$$);
11
11
  const pointSchema=new global.mongoose.Schema({type:{type:String,enum:["Point"],required:!0,default:"Point"},coordinates:{type:[Number],required:!0}}),polygonSchema=new global.mongoose.Schema({type:{type:String,enum:["Polygon"],required:!0,default:"Polygon"},coordinates:{type:[[[Number]]],required:!0}});global.customTypes={Point:pointSchema,Polygon:polygonSchema};const EventEmitter=require("events");class GlobalEmitter extends EventEmitter{}global.globalEvents=new GlobalEmitter;
12
- global.getSysConfig=async $cf_code$$=>{if($cf_code$$=await global.getModel("sysconfig").findOne({code:$cf_code$$}))return $cf_code$$.value};global.asyncCountUnRead=async $email$$=>{const $Message$$=global.getModel("message");return new Promise($resolve$$=>{setImmediate(()=>{$Message$$.countDocuments({email:$email$$,read:!1},($e$$,$rs$$)=>{$resolve$$($rs$$||0)})})})};
13
- global.alertMessage=function($email$$,$id_app$$){onAfterCommit(()=>{const $Message$$=global.getModel("message"),$User$$=global.getModel("user");let $query$$={email_owner:$email$$,read:!1};$id_app$$&&($query$$["exfields.id_app"]=$id_app$$);$Message$$.countDocuments($query$$,function($error$$,$count$$){$error$$?console.log($error$$):$User$$.emitEvent($email$$,"message:count",$count$$,!1)})})};
12
+ global.getSysConfig=async $cf_code$$=>{if($cf_code$$=await global.getModel("sysconfig").findOne({code:$cf_code$$}))return $cf_code$$.value};global.asyncCountUnRead=async $email$$=>global.getModel("message").countDocuments({email:$email$$,read:!1});
13
+ global.alertMessage=function($email$$,$id_app$$){onAfterCommit(async()=>{var $Message$jscomp$1_count$$=global.getModel("message");const $User$$=global.getModel("user");let $query$$={email_owner:$email$$,read:!1};$id_app$$&&($query$$["exfields.id_app"]=$id_app$$);$Message$jscomp$1_count$$=await $Message$jscomp$1_count$$.countDocuments($query$$);$User$$.emitEvent($email$$,"message:count",$Message$jscomp$1_count$$,!1)})};
14
14
  global.createNotification=function($email_sender$$,$email_receiver$$,$title$$,$content$$,$fn$$,$exfields$$,$emitEvent$$,$c_token$$,$send_email$$){global.getModel("notification").createNotification($email_sender$$,$email_receiver$$,$title$$,$content$$,$fn$$,$exfields$$,$emitEvent$$,$c_token$$,$send_email$$)};
15
- global.getNotifies=function($email$$,$fn$$,$id_app$$){if(!$id_app$$)return $fn$$(null,{notifications:[],colls:[],apps:[]});const $Notification$$=global.getModel("notification");async.parallel({colls:function($callback$$){$callback$$(null,[])},notifications:function($callback$$){let $query$$={email_owner:$email$$,read:!1};$id_app$$&&($query$$["exfields.id_app"]=$id_app$$);$Notification$$.find($query$$,function($error$$,$colls_raw$$){setImmediate(()=>{if($error$$)$callback$$($error$$);else{const $colls$$=
16
- $colls_raw$$.map(function($c$$){return $c$$.toObject()});$callback$$(null,$colls$$)}})})},apps:function($callback$$){$callback$$(null,[])}},function($error$$,$rs$$){setImmediate(()=>{$fn$$($error$$,$rs$$)})})};
17
- global.sendNotification=function($email$$,$_id$$,$notify$$,$push_to_mobile_and_web$$=!0){const $User$$=global.getModel("user");setImmediate(()=>{$notify$$||={email_sender:"H\u1ec7 th\u1ed1ng"};const $obj_notify$$={_id:$_id$$,code:"notification",action:"view"};$obj_notify$$.body=$notify$$.content||$notify$$.title||"";$obj_notify$$.sender=$notify$$.email_sender;$obj_notify$$.title=$notify$$.title||"";$obj_notify$$.content=$notify$$.content||"";$User$$.emitEvent($email$$,"notify:new",$obj_notify$$,$push_to_mobile_and_web$$)})};
18
- global.alertNotification=function($email$$,$id_app$$){const $Notification$$=global.getModel("notification"),$User$$=global.getModel("user");setImmediate(()=>{let $condition$$={email_owner:$email$$,read:!1};$id_app$$&&($condition$$["exfields.id_app"]=$id_app$$);$Notification$$.countDocuments($condition$$,function($error$$,$count$$){$error$$?Logger.error("[alertNotification]",$error$$):(Logger.warn("[global][alertNotification]",{email:$email$$,id_app:$id_app$$,count:$count$$}),$User$$.emitEvent($email$$,
19
- "notify:count",$count$$,!1))})})};global.asyncCountNotifications=async function($email$$,$id_app$$){const $Notification$$=global.getModel("notification");return new Promise($resolve$$=>{setImmediate(()=>{let $condition$$={email_owner:$email$$,read:!1};$id_app$$&&($condition$$["exfields.id_app"]=$id_app$$);$Notification$$.countDocuments($condition$$,function($error$$,$count$$){setImmediate(()=>{$error$$?(Logger.error("[global][countNotification]",$error$$),$resolve$$(0)):$resolve$$($count$$)})})})})};
20
- const {RateLimiterRedis,RateLimiterQueue,RateLimiterMemory}=require("rate-limiter-flexible"),{onAfterCommit}=require("./libs/sessionContext.js");
21
- global.createRateLimiterMiddleware=async($config$$,$keyPrefix$$)=>{const $total_points$$=$config$$.points||1E3;var $duration_limiterFlexible$$=$config$$.duration||1;const $insuranceLimiter$$=new RateLimiterMemory({points:$total_points$$,duration:$duration_limiterFlexible$$});$duration_limiterFlexible$$=new RateLimiterRedis({keyPrefix:$keyPrefix$$,storeClient:global.clientRedis,points:$total_points$$,duration:$duration_limiterFlexible$$,blockDuration:$config$$.blockDuration||0,inmemoryBlockOnConsumed:$total_points$$+
22
- 1,inmemoryBlockDuration:10,insuranceLimiter:$insuranceLimiter$$});const $rateLimiter$$=new RateLimiterQueue($duration_limiterFlexible$$,{maxQueueSize:$config$$.maxQueueSize||1E4});return async($req$$,$res$$,$next$$)=>{let $key$$=($req$$.ip||$req$$.headers["x-forwarded-for"]||$req$$.connection.remoteAddress).replace("::ffff:","");const $origin$$=($req$$.headers.origin||$req$$.headers.referer||"").toString().toLowerCase().replace("https://","").replace("http://","").replace("www.","").split("/").join("").trim();
23
- let $trust_domains$$=((global.configs||{}).trust_domains||"").toString().toLowerCase().split(","),$points$$;if($origin$$&&$trust_domains$$.indexOf($origin$$)<0){var $check_query$$={domain:$origin$$};if($check_query$$=await global.getModel("domain").findOne($check_query$$).lean()){if($check_query$$.not_allow)return $res$$.status(400).send({error:"Access is not allowed"});$points$$=$check_query$$.points;$trust_domains$$.push($origin$$)}}$check_query$$=$req$$.headers["x-trust-key"]||$req$$.query.trustkey||
24
- $req$$.query.trust_key||"";const $trust_keys$$=(global.configs||{}).trust_keys||[];$req$$.user&&($key$$=`${$key$$}-${$req$$.user.email}`);$key$$=`${$key$$}-${$origin$$||"unknow"}-${$check_query$$||"untrustkey"}`;$points$$||(!$origin$$||$trust_domains$$.length==0&&$trust_keys$$.length==0||$origin$$&&$trust_domains$$.length>0&&$trust_domains$$.indexOf($origin$$)>=0||$trust_keys$$.length>0&&$trust_keys$$.indexOf($check_query$$)>=0?$points$$=1:($points$$=Math.roundBy($total_points$$/2),Logger.warn("This request is limit rate at",
25
- $points$$,"/",$total_points$$,{origin:$origin$$,originalUrl:$req$$.originalUrl,trust_keys:$trust_keys$$,trust_Key:$check_query$$,key:$key$$})));setImmediate(async()=>{try{await $rateLimiter$$.removeTokens($points$$,$key$$),$next$$()}catch($err$$){console.error("Error rate limiter",$keyPrefix$$,$err$$),$err$$ instanceof Error?$res$$.status(400).send({error:$err$$.message||"Error rate limiter"}):$res$$.status(429).send({error:"Too Many Requests. Please try again later"})}})}};
15
+ global.getNotifies=function($email$$,$fn$$,$id_app$$){if(!$id_app$$)return $fn$$(null,{notifications:[],colls:[],apps:[]});const $Notification$$=global.getModel("notification");async.parallel({colls:function($callback$$){$callback$$(null,[])},notifications:function($callback$$){setImmediate(async()=>{var $colls_raw_query$$={email_owner:$email$$,read:!1};$id_app$$&&($colls_raw_query$$["exfields.id_app"]=$id_app$$);$colls_raw_query$$=await $Notification$$.find($colls_raw_query$$).lean();$callback$$(null,
16
+ $colls_raw_query$$)})},apps:function($callback$$){$callback$$(null,[])}},function($error$$,$rs$$){setImmediate(()=>{$fn$$($error$$,$rs$$)})})};
17
+ global.sendNotification=function($email$$,$_id_obj_notify$$,$notify$$,$push_to_mobile_and_web$$=!0){const $User$$=global.getModel("user");$notify$$||={email_sender:"H\u1ec7 th\u1ed1ng"};$_id_obj_notify$$={_id:$_id_obj_notify$$,code:"notification",action:"view"};$_id_obj_notify$$.body=$notify$$.content||$notify$$.title||"";$_id_obj_notify$$.sender=$notify$$.email_sender;$_id_obj_notify$$.title=$notify$$.title||"";$_id_obj_notify$$.content=$notify$$.content||"";$User$$.emitEvent($email$$,"notify:new",
18
+ $_id_obj_notify$$,$push_to_mobile_and_web$$)};
19
+ global.alertNotification=async function($email$$,$id_app$$){var $Notification$jscomp$2_count$$=global.getModel("notification");const $User$$=global.getModel("user");let $condition$$={email_owner:$email$$,read:!1};$id_app$$&&($condition$$["exfields.id_app"]=$id_app$$);$Notification$jscomp$2_count$$=await $Notification$jscomp$2_count$$.countDocuments($condition$$);Logger.warn("[global][alertNotification]",{email:$email$$,id_app:$id_app$$,count:$Notification$jscomp$2_count$$});$User$$.emitEvent($email$$,
20
+ "notify:count",$Notification$jscomp$2_count$$,!1)};global.asyncCountNotifications=async function($condition$jscomp$1_email$$,$id_app$$){const $Notification$$=global.getModel("notification");$condition$jscomp$1_email$$={email_owner:$condition$jscomp$1_email$$,read:!1};$id_app$$&&($condition$jscomp$1_email$$["exfields.id_app"]=$id_app$$);return await $Notification$$.countDocuments($condition$jscomp$1_email$$)};
@@ -1,14 +1,16 @@
1
1
  const mongoose=require("mongoose");
2
2
  module.exports=function($schema$$){const $schemaPaths$$={};$schema$$.eachPath(($pathname$$,$schemaType$$)=>{$schemaPaths$$[$pathname$$]=$schemaType$$.instance});const $hasIdAppField$$=!!$schema$$.path("id_app"),$isMongoOperatorObject$$=$keys_obj$$=>{if(!$keys_obj$$||typeof $keys_obj$$!=="object"||Array.isArray($keys_obj$$)||$keys_obj$$ instanceof Date||$keys_obj$$._bsontype==="ObjectID")return!1;$keys_obj$$=Object.keys($keys_obj$$);return $keys_obj$$.length===0?!1:$keys_obj$$.every($k$$=>$k$$.startsWith("$"))},
3
+ $filterValidArrayItems$$=($currentPath$$,$arr$$,$expectedType$$)=>{const $validItems$$=$arr$$.filter($item$$=>$validateType$$($currentPath$$,$item$$,$expectedType$$)===null);if($validItems$$.length!==$arr$$.length){const $removed$$=$arr$$.filter($item$$=>!$validItems$$.includes($item$$));Logger.warn(`[Security Info] \u0110\u00e3 lo\u1ea1i b\u1ecf ${$arr$$.length-$validItems$$.length} ph\u1ea7n t\u1eed kh\u00f4ng h\u1ee3p l\u1ec7 t\u1ea1i '${$currentPath$$}': ${JSON.stringify($removed$$)}`)}return $validItems$$},
3
4
  $validateType$$=($key$$,$val$$,$expectedType$$)=>{if($val$$===null||$val$$===void 0)return null;switch($expectedType$$){case "ObjectID":if(typeof $val$$==="string"&&!mongoose.isValidObjectId($val$$))return`Sai \u0111\u1ecbnh d\u1ea1ng ObjectId t\u1ea1i '${$key$$}'`;break;case "String":if(Array.isArray($val$$))return`Sai \u0111\u1ecbnh d\u1ea1ng String t\u1ea1i '${$key$$}' (nh\u1eadn \u0111\u01b0\u1ee3c m\u1ea3ng)`;if(typeof $val$$==="object"&&$val$$!==null&&$val$$._bsontype!=="ObjectID"&&!($val$$ instanceof
4
5
  Date))return`Sai \u0111\u1ecbnh d\u1ea1ng String t\u1ea1i '${$key$$}' (nh\u1eadn \u0111\u01b0\u1ee3c object r\u00e1c)`;break;case "Number":if(typeof $val$$==="object"||Array.isArray($val$$)||$val$$===""||isNaN(Number($val$$)))return`Sai \u0111\u1ecbnh d\u1ea1ng Number t\u1ea1i '${$key$$}'`;break;case "Boolean":if(typeof $val$$!=="boolean"&&!["true","false","1","0",1,0].includes($val$$))return`Sai \u0111\u1ecbnh d\u1ea1ng Boolean t\u1ea1i '${$key$$}'`;break;case "Date":if(typeof $val$$==="object"&&
5
- !($val$$ instanceof Date))return`Sai \u0111\u1ecbnh d\u1ea1ng Date t\u1ea1i '${$key$$}'`;if(isNaN((new Date($val$$)).getTime()))return`Th\u1eddi gian kh\u00f4ng h\u1ee3p l\u1ec7 t\u1ea1i '${$key$$}'`}return null},$scanFilterForInvalidTypes$$=($filter$$,$prefix$$="")=>{if(!$filter$$||typeof $filter$$!=="object")return null;for(const $key$$ of Object.keys($filter$$)){var $err$jscomp$1_value$$=$filter$$[$key$$];if(["$and","$or","$nor"].includes($key$$)){if(Array.isArray($err$jscomp$1_value$$))for(const $sub$$ of $err$jscomp$1_value$$){var $currentPath_err_err$jscomp$4_err$$=
6
- $scanFilterForInvalidTypes$$($sub$$,"");if($currentPath_err_err$jscomp$4_err$$)return $currentPath_err_err$jscomp$4_err$$}continue}$currentPath_err_err$jscomp$4_err$$=$prefix$$?`${$prefix$$}.${$key$$}`:$key$$;const $expectedType$$=$schemaPaths$$[$currentPath_err_err$jscomp$4_err$$];if($expectedType$$)if(Array.isArray($err$jscomp$1_value$$)){if($expectedType$$!=="Array"){$filter$$[$key$$]={$in:$err$jscomp$1_value$$};for(const $item$$ of $err$jscomp$1_value$$)if($err$jscomp$1_value$$=$validateType$$($currentPath_err_err$jscomp$4_err$$,
7
- $item$$,$expectedType$$))return $err$jscomp$1_value$$}}else if($isMongoOperatorObject$$($err$jscomp$1_value$$))for(const $op$$ of Object.keys($err$jscomp$1_value$$)){var $err$jscomp$2_err$$=$err$jscomp$1_value$$[$op$$];if("$eq $ne $gt $gte $lt $lte".split(" ").includes($op$$)){if($err$jscomp$2_err$$=$validateType$$($currentPath_err_err$jscomp$4_err$$,$err$jscomp$2_err$$,$expectedType$$))return $err$jscomp$2_err$$}else if(["$in","$nin"].includes($op$$)){if(!Array.isArray($err$jscomp$2_err$$))return`To\u00e1n t\u1eed ${$op$$} t\u1ea1i '${$currentPath_err_err$jscomp$4_err$$}' y\u00eau c\u1ea7u m\u1ed9t m\u1ea3ng`;
8
- for(const $item$$ of $err$jscomp$2_err$$)if($err$jscomp$2_err$$=$validateType$$($currentPath_err_err$jscomp$4_err$$,$item$$,$expectedType$$))return $err$jscomp$2_err$$}else if($op$$==="$regex"&&$expectedType$$!=="String")return`To\u00e1n t\u1eed $regex t\u1ea1i '${$currentPath_err_err$jscomp$4_err$$}' ch\u1ec9 d\u00f9ng cho ki\u1ec3u String`}else if(typeof $err$jscomp$1_value$$!=="object"||$err$jscomp$1_value$$===null||$err$jscomp$1_value$$ instanceof Date||$err$jscomp$1_value$$._bsontype==="ObjectID"){if($currentPath_err_err$jscomp$4_err$$=
9
- $validateType$$($currentPath_err_err$jscomp$4_err$$,$err$jscomp$1_value$$,$expectedType$$))return $currentPath_err_err$jscomp$4_err$$}else return`Tr\u01b0\u1eddng '${$currentPath_err_err$jscomp$4_err$$}' (ki\u1ec3u ${$expectedType$$}) nh\u1eadn \u0111\u01b0\u1ee3c Object r\u00e1c kh\u00f4ng h\u1ee3p l\u1ec7`;else if(typeof $err$jscomp$1_value$$==="object"&&$err$jscomp$1_value$$!==null&&!$isMongoOperatorObject$$($err$jscomp$1_value$$)&&!Array.isArray($err$jscomp$1_value$$)&&($currentPath_err_err$jscomp$4_err$$=
10
- $scanFilterForInvalidTypes$$($err$jscomp$1_value$$,$currentPath_err_err$jscomp$4_err$$)))return $currentPath_err_err$jscomp$4_err$$}return null},$hasIdAppInFilter$$=$filter$$=>{if(!$filter$$||typeof $filter$$!=="object")return!1;if(Object.hasOwn($filter$$,"id_app"))return!0;for(const $key$$ of Object.keys($filter$$))if(["$and","$or","$nor"].includes($key$$)&&Array.isArray($filter$$[$key$$])&&$filter$$[$key$$].some($sub$$=>$hasIdAppInFilter$$($sub$$)))return!0;return!1};"find findOne findOneAndUpdate findOneAndDelete findOneAndRemove update updateOne updateMany deleteOne deleteMany count countDocuments".split(" ").forEach($method$$=>
11
- {$schema$$.pre($method$$,function($next$$){var $errorMessage$jscomp$1_filter$$=this.getFilter();Object.keys($errorMessage$jscomp$1_filter$$).length===0&&["updateMany","deleteMany","update"].includes($method$$)&&Logger.warn(`[DANGER WARN] L\u1ec7nh '${$method$$}' c\u00f3 filter r\u1ed7ng tr\u00ean Model '${this.model.modelName}'!`);var $errorMessage_modelName$$=$scanFilterForInvalidTypes$$($errorMessage$jscomp$1_filter$$);if($errorMessage_modelName$$)return Logger.warn(`[Security Warn] ${$errorMessage_modelName$$} tr\u00ean Model '${this.model.modelName}'. \u0110\u00e3 \u00e9p query tr\u1ea3 v\u1ec1 r\u1ed7ng. Filter: ${JSON.stringify($errorMessage$jscomp$1_filter$$)}`),
6
+ !($val$$ instanceof Date))return`Sai \u0111\u1ecbnh d\u1ea1ng Date t\u1ea1i '${$key$$}'`;if(isNaN((new Date($val$$)).getTime()))return`Th\u1eddi gian kh\u00f4ng h\u1ee3p l\u1ec7 t\u1ea1i '${$key$$}'`}return null},$scanFilterForInvalidTypes$$=($filter$$,$prefix$$="")=>{if(!$filter$$||typeof $filter$$!=="object")return null;for(const $key$$ of Object.keys($filter$$)){var $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$=$filter$$[$key$$];if(["$and","$or","$nor"].includes($key$$)){if(Array.isArray($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$))for(const $sub$$ of $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$)if($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$=
7
+ $scanFilterForInvalidTypes$$($sub$$,""))return $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$;continue}const $currentPath$$=$prefix$$?`${$prefix$$}.${$key$$}`:$key$$,$expectedType$$=$schemaPaths$$[$currentPath$$];if($expectedType$$)if(Array.isArray($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$))$expectedType$$!=="Array"&&($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$=$filterValidArrayItems$$($currentPath$$,$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$,
8
+ $expectedType$$),$filter$$[$key$$]={$in:$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$});else if($isMongoOperatorObject$$($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$))for(const $op$$ of Object.keys($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$)){var $err$$=$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$[$op$$];if("$eq $ne $gt $gte $lt $lte".split(" ").includes($op$$)){if($err$$=$validateType$$($currentPath$$,$err$$,$expectedType$$))return $err$$}else if(["$in",
9
+ "$nin"].includes($op$$)){if(!Array.isArray($err$$))return`To\u00e1n t\u1eed ${$op$$} t\u1ea1i '${$currentPath$$}' y\u00eau c\u1ea7u m\u1ed9t m\u1ea3ng`;$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$[$op$$]=$filterValidArrayItems$$($currentPath$$,$err$$,$expectedType$$)}else if($op$$==="$regex"&&$expectedType$$!=="String")return`To\u00e1n t\u1eed $regex t\u1ea1i '${$currentPath$$}' ch\u1ec9 d\u00f9ng cho ki\u1ec3u String`}else if(typeof $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$!==
10
+ "object"||$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$===null||$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$ instanceof Date||$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$._bsontype==="ObjectID"){if($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$=$validateType$$($currentPath$$,$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$,$expectedType$$))return $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$}else return`Tr\u01b0\u1eddng '${$currentPath$$}' (ki\u1ec3u ${$expectedType$$}) nh\u1eadn \u0111\u01b0\u1ee3c Object r\u00e1c kh\u00f4ng h\u1ee3p l\u1ec7`;
11
+ else if(typeof $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$==="object"&&$err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$!==null&&!$isMongoOperatorObject$$($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$)&&!Array.isArray($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$)&&($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$=$scanFilterForInvalidTypes$$($err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$,$currentPath$$)))return $err_err$jscomp$2_err$jscomp$3_validItems$jscomp$1_value$$}return null},
12
+ $hasIdAppInFilter$$=$filter$$=>{if(!$filter$$||typeof $filter$$!=="object")return!1;if(Object.hasOwn($filter$$,"id_app"))return!0;for(const $key$$ of Object.keys($filter$$))if(["$and","$or","$nor"].includes($key$$)&&Array.isArray($filter$$[$key$$])&&$filter$$[$key$$].some($sub$$=>$hasIdAppInFilter$$($sub$$)))return!0;return!1};"find findOne findOneAndUpdate findOneAndDelete findOneAndRemove update updateOne updateMany deleteOne deleteMany count countDocuments".split(" ").forEach($method$$=>{$schema$$.pre($method$$,
13
+ function($next$$){var $errorMessage$jscomp$1_filter$$=this.getFilter();Object.keys($errorMessage$jscomp$1_filter$$).length===0&&["updateMany","deleteMany","update"].includes($method$$)&&Logger.warn(`[DANGER WARN] L\u1ec7nh '${$method$$}' c\u00f3 filter r\u1ed7ng tr\u00ean Model '${this.model.modelName}'!`);var $errorMessage_modelName$$=$scanFilterForInvalidTypes$$($errorMessage$jscomp$1_filter$$);if($errorMessage_modelName$$)return Logger.warn(`[Security Warn] ${$errorMessage_modelName$$} tr\u00ean Model '${this.model.modelName}'. \u0110\u00e3 \u00e9p query tr\u1ea3 v\u1ec1 r\u1ed7ng. Filter: ${JSON.stringify($errorMessage$jscomp$1_filter$$)}`),
12
14
  this.setQuery({_id:{$in:[]}}),$next$$();this.setQuery($errorMessage$jscomp$1_filter$$);$hasIdAppField$$&&Object.keys($errorMessage$jscomp$1_filter$$).length>0&&!$errorMessage$jscomp$1_filter$$._id&&!$hasIdAppInFilter$$($errorMessage$jscomp$1_filter$$)&&($errorMessage_modelName$$=this.model?this.model.modelName:"UnknownModel",$errorMessage$jscomp$1_filter$$.id_ct||["sys_job_queue_book_keeping","participant","cache","parameter"].indexOf($errorMessage_modelName$$)>=0?($errorMessage$jscomp$1_filter$$=
13
15
  `[SECURITY WARN] Query tr\u00ean Model '${$errorMessage_modelName$$}' \u0111ang thi\u1ebfu \u0111i\u1ec1u ki\u1ec7n 'id_app'! \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 g\u00e2y l\u1ecdt d\u1eef li\u1ec7u ch\u00e9o. Filter: ${JSON.stringify($errorMessage$jscomp$1_filter$$)}`,Logger.warn($errorMessage$jscomp$1_filter$$)):($errorMessage$jscomp$1_filter$$=`[SECURITY ERROR] Query tr\u00ean Model '${$errorMessage_modelName$$}' \u0111ang thi\u1ebfu \u0111i\u1ec1u ki\u1ec7n 'id_app'! \u0110i\u1ec1u n\u00e0y c\u00f3 th\u1ec3 g\u00e2y l\u1ecdt d\u1eef li\u1ec7u ch\u00e9o. Filter: ${JSON.stringify($errorMessage$jscomp$1_filter$$)}`,
14
16
  Logger.error($errorMessage$jscomp$1_filter$$)));$next$$()})})};
@@ -116,4 +116,6 @@ const getDir=$dirName$$=>{let $dirPath$$=configs.paths[$dirName$$];$dirPath$$||(
116
116
  const getPathFile=$file_file_name$$=>{if($file_file_name$$.file&&$file_file_name$$.file.name){$file_file_name$$=$file_file_name$$.file.name;var $root$$=getDir("uploads");return path.join($root$$,$file_file_name$$)}};exports.getPathFile=getPathFile;
117
117
  function restoreObjectIds($data$$){const $walk$$=$buffer$jscomp$inline_2_value$$=>{if($buffer$jscomp$inline_2_value$$===null||typeof $buffer$jscomp$inline_2_value$$!=="object"||$buffer$jscomp$inline_2_value$$ instanceof Date||$buffer$jscomp$inline_2_value$$ instanceof RegExp||Buffer.isBuffer($buffer$jscomp$inline_2_value$$))return $buffer$jscomp$inline_2_value$$;if(Array.isArray($buffer$jscomp$inline_2_value$$))return $buffer$jscomp$inline_2_value$$.map($walk$$);if($buffer$jscomp$inline_2_value$$&&
118
118
  typeof $buffer$jscomp$inline_2_value$$==="object"&&$buffer$jscomp$inline_2_value$$._bsontype==="ObjectID"&&$buffer$jscomp$inline_2_value$$.id&&typeof $buffer$jscomp$inline_2_value$$.id==="object")return $buffer$jscomp$inline_2_value$$=Buffer.from(Object.values($buffer$jscomp$inline_2_value$$.id)),new mongoose.Types.ObjectId($buffer$jscomp$inline_2_value$$);const $result$$={};for(const $key$$ in $buffer$jscomp$inline_2_value$$)Object.prototype.hasOwnProperty.call($buffer$jscomp$inline_2_value$$,$key$$)&&
119
- ($result$$[$key$$]=$walk$$($buffer$jscomp$inline_2_value$$[$key$$]));return $result$$};return $walk$$($data$$)}exports.restoreObjectIds=restoreObjectIds;
119
+ ($result$$[$key$$]=$walk$$($buffer$jscomp$inline_2_value$$[$key$$]));return $result$$};return $walk$$($data$$)}exports.restoreObjectIds=restoreObjectIds;exports.asyncHandler=$fn$$=>($req$$,$res$$,$next$$)=>Promise.resolve($fn$$($req$$,$res$$,$next$$)).catch($next$$);exports.redisIncrAsync=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.incr($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});
120
+ exports.redisExpireAsync=($key$$,$ttlSeconds$$)=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.expire($key$$,$ttlSeconds$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});exports.redisPttlAsync=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.pttl($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});
121
+ exports.redisDelAsync=$key$$=>new Promise(($resolve$$,$reject$$)=>{global.clientRedis.del($key$$,($err$$,$reply$$)=>$err$$?$reject$$($err$$):$resolve$$($reply$$))});
@@ -2,5 +2,4 @@ const bangtinhluongSchema=new Schema({id_app:{type:String,required:!0,maxlength:
2
2
  ngay_phep:Number,ngay_khong_phep:Number,ngay_khong_luong:Number,ngay_tang_ca:Number,so_luong_ngay_tang_ca_mien_thue:Number,tong_ngay_khong_luong:Number,tong_ngay_cong_tinh_luong:Number,luong_co_ban:Number,luong_tang_ca:Number,luong_phep:Number,luong_theo_ds:Number,ct_luong_tg:[{loai:String,dien_giai:String,so_luong:Number,don_gia:Number,thanh_tien:Number}],ct_luong_theo_ds:[],tru_luong:Number,luong_thang:Number,cac_khoan_phat:[],tien_phat:Number,cac_khoan_phu_cap:[],so_ngay_tinh_phu_cap:Number,tien_phu_cap:Number,
3
3
  tong_phu_cap:Number,tong_thu_nhap:Number,luong_bhxh:Number,bhxh:Boolean,bhyt:Boolean,bhtn:Boolean,giam_tru:[],gt_bhxh:Number,gt_bhyt:Number,gt_bhtn:Number,gt_kpcd:Number,tong_bao_hiem_nv:Number,cty_bhxh:Number,cty_bhyt:Number,cty_bhtn:Number,ct_kpcd:Number,tong_bao_hiem_cty:Number,cac_khoan_phu_cap_mien_thue:[],luong_tang_ca_mien_thue:Number,tong_phu_cap_mien_thue:Number,ttncn_tong_thu_nhap_mien_thue:Number,ttncn_so_nguoi_phu_thuoc:Number,ttncn_muc_gt_phu_thuoc:Number,ttncn_gt_phu_thuoc:Number,ttncn_gt_tu_thien:Number,
4
4
  ttncn_so_thang_gt_ban_than:Number,ttncn_muc_gt_ban_than:Number,ttncn_gt_ban_than:Number,ttncn_tong_giam_tru:Number,ttncn_thu_nhap_chiu_thue:Number,ttncn_thue_theo_bac:[],ttncn_tong_thue:Number,tong_luong:Number,exfields:Schema.Types.Mixed,status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
5
- (global.configs||{}).createIndexes&&(bangtinhluongSchema.index({id_app:1,ma_nv:1,ma_bp:1}),bangtinhluongSchema.index({thang:-1,nam:-1}),bangtinhluongSchema.index({ma_bp:1}),bangtinhluongSchema.index({ma_kho:1}),bangtinhluongSchema.index({ten_nv:1}),bangtinhluongSchema.index({loai_luong:1}),bangtinhluongSchema.index({status:1}),bangtinhluongSchema.index({user_created:1}),bangtinhluongSchema.index({ma_nv:"text",ten_nv:"text"},{name:"bangtinhluong_index_text"}));
6
- const model=mongoose.models.bangtinhluong||mongoose.model("bangtinhluong",bangtinhluongSchema);module.exports=model;
5
+ (global.configs||{}).createIndexes&&(bangtinhluongSchema.index({id_app:1,ma_nv:1,ma_bp:1}),bangtinhluongSchema.index({id_app:1,thang:-1,nam:-1}),bangtinhluongSchema.index({id_app:1,ma_bp:1}),bangtinhluongSchema.index({id_app:1,ma_kho:1}),bangtinhluongSchema.index({id_app:1,loai_luong:1}),bangtinhluongSchema.index({id_app:1,status:1}),bangtinhluongSchema.index({id_app:1,user_created:1}));const model=mongoose.models.bangtinhluong||mongoose.model("bangtinhluong",bangtinhluongSchema);module.exports=model;
@@ -1,4 +1,4 @@
1
1
  const datlichSchema=new Schema({id_app:{type:String,required:!0,maxlength:1024},id_link:{type:String,maxlength:1024},collection_link:{type:String,maxlength:1024},datlich_user:{type:String,lowercase:!0,maxlength:1024},phone:{type:String,maxlength:1024},name:String,address:String,ma_kho:{type:String,maxlength:1024},ten_kho:String,ma_kh:{type:String,maxlength:1024},ten_kh:String,ngay:{type:Date,required:!0},khung_gio:{type:String,required:!0,maxlength:1024},nhac_nho_truoc:{type:Number,default:20},thong_tin_san_pham:{type:String,
2
2
  maxlength:1024},group_id:{type:String},noi_dung:{type:String,required:!0},ghi_chu:{type:String},support_user:{type:String,lowercase:!0,maxlength:1024},phu_trach:{type:String,lowercase:!0,maxlength:1024},attends:[],trang_thai:{type:String,default:"HENLICH"},status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
3
- (global.configs||{}).createIndexes&&(datlichSchema.index({id_app:1}),datlichSchema.index({datlich_user:1}),datlichSchema.index({ma_kho:1}),datlichSchema.index({ma_kh:1}),datlichSchema.index({id_link:1}),datlichSchema.index({phu_trach:1}),datlichSchema.index({group_id:1}),datlichSchema.index({status:1}),datlichSchema.index({user_created:1,visible_to:1,visible_to_users:1}),datlichSchema.index({trang_thai:1}),datlichSchema.index({attends:1}),datlichSchema.index({datlich_user:"text",phone:"text",ma_kh:"text",
4
- ten_kh:"text",ma_kho:"text",ten_kho:"text"},{name:"datlich_index_text"}));module.exports=mongoose.models.datlich||mongoose.model("datlich",datlichSchema);
3
+ (global.configs||{}).createIndexes&&(datlichSchema.index({id_app:1}),datlichSchema.index({id_app:1,datlich_user:1}),datlichSchema.index({id_app:1,ma_kho:1}),datlichSchema.index({id_app:1,ma_kh:1}),datlichSchema.index({id_link:1}),datlichSchema.index({id_app:1,phu_trach:1}),datlichSchema.index({id_app:1,group_id:1}),datlichSchema.index({id_app:1,status:1}),datlichSchema.index({id_app:1,user_created:1,visible_to:1,visible_to_users:1}),datlichSchema.index({id_app:1,trang_thai:1}),datlichSchema.index({id_app:1,
4
+ attends:1}));module.exports=mongoose.models.datlich||mongoose.model("datlich",datlichSchema);
@@ -1,4 +1,3 @@
1
1
  const dmbanSchema=new Schema({id_app:{type:String,required:!0,maxlength:1024},ma_kho:{type:String,required:!0,uppercase:!0,maxlength:64},ten_kho:String,ma_ban:{type:String,required:!0,uppercase:!0,maxlength:32},ten_ban:{type:String,required:!0,maxlength:1024},nh_ban:{type:String,maxlength:1024},loai_ban:{type:String,maxlength:1024},kenh_ban_hang:{type:String},picture:{type:String},trang_thai:{type:String,maxlength:32},stt:{type:Number,default:0},exfields:Schema.Types.Mixed,status:{type:Boolean,default:!0},
2
- date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
3
- (global.configs||{}).createIndexes&&(dmbanSchema.index({id_app:1,ma_ban:1,ten_ban:1,nh_ban:1}),dmbanSchema.index({ma_kho:1}),dmbanSchema.index({nh_ban:1}),dmbanSchema.index({status:1}),dmbanSchema.index({user_created:1,visible_to:1,visible_to_users:1}),dmbanSchema.index({trang_thai:1}),dmbanSchema.index({ma_ban:"text",ten_ban:"text",nh_ban:"text",ma_kho:"text",ten_kho:"text"},{name:"dmban_index_text"}));const model=mongoose.models.dmban||mongoose.model("dmban",dmbanSchema);
4
- model.referenceKeys={ma_ban:[{model:"pbl",key:"ma_ban",error:"B\u00e0n {{VALUE}} \u0111\u00e3 ph\u00e1t sinh d\u1eef li\u1ec7u"}]};module.exports=model;
2
+ date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});(global.configs||{}).createIndexes&&(dmbanSchema.index({id_app:1,ma_ban:1,ten_ban:1,nh_ban:1}),dmbanSchema.index({id_app:1,ma_kho:1}),dmbanSchema.index({id_app:1,nh_ban:1}),dmbanSchema.index({id_app:1,status:1}),dmbanSchema.index({id_app:1,user_created:1,visible_to:1,visible_to_users:1}),dmbanSchema.index({id_app:1,trang_thai:1}));
3
+ const model=mongoose.models.dmban||mongoose.model("dmban",dmbanSchema);model.referenceKeys={ma_ban:[{model:"pbl",key:"ma_ban",error:"B\u00e0n {{VALUE}} \u0111\u00e3 ph\u00e1t sinh d\u1eef li\u1ec7u"}]};module.exports=model;
@@ -1,4 +1,3 @@
1
1
  const giaocaSchema=new Schema({id_app:{type:String,required:!0,maxlength:1024},tu_ngay:{type:Date,default:Date.now},den_ngay:{type:Date,default:Date.now},nhan_vien:{type:String,required:!0,maxlength:1024},ten_nhan_vien:String,nhan_vien_nhan:{type:String,required:!0,maxlength:1024},ten_nhan_vien_nhan:String,ma_kho:{type:String,required:!0,uppercase:!0,maxlength:32},ten_kho:String,ma_ca:{type:String,uppercase:!0,maxlength:32},tien_ket:{type:Number,default:0},tien_hang:{type:Number,default:0},da_giao:{type:Number,
2
2
  default:0},con_lai:{type:Number,default:0},tien_giao:{type:Number,default:0},details:[],ghi_chu:{type:String,maxlength:1024},exfields:Schema.Types.Mixed,visible_to:{type:Number,default:0},visible_to_users:[String],update_right:[String],delete_right:[String],status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},user_created:{type:String,default:""},user_updated:{type:String,default:""}});
3
- (global.configs||{}).createIndexes&&(giaocaSchema.index({id_app:1,ma_ca:1,ma_kho:1}),giaocaSchema.index({den_ngay:-1}),giaocaSchema.index({nhan_vien:1}),giaocaSchema.index({nhan_vien_nhan:1}),giaocaSchema.index({ma_kho:1}),giaocaSchema.index({status:1}),giaocaSchema.index({user_created:1,visible_to:1,visible_to_users:1}),giaocaSchema.index({nhan_vien:"text",ten_nhan_vien:"text",nhan_vien_nhan:"text",ten_nhan_vien_nhan:"text",ma_kho:"text",ten_kho:"text"},{name:"giaoca_index_text"}));
4
- const model=mongoose.models.giaoca||mongoose.model("giaoca",giaocaSchema);module.exports=model;
3
+ (global.configs||{}).createIndexes&&(giaocaSchema.index({id_app:1,ma_ca:1,ma_kho:1}),giaocaSchema.index({id_app:1,den_ngay:-1}),giaocaSchema.index({id_app:1,nhan_vien:1}),giaocaSchema.index({id_app:1,nhan_vien_nhan:1}),giaocaSchema.index({id_app:1,ma_kho:1}),giaocaSchema.index({id_app:1,status:1}),giaocaSchema.index({id_app:1,user_created:1,visible_to:1,visible_to_users:1}));const model=mongoose.models.giaoca||mongoose.model("giaoca",giaocaSchema);module.exports=model;
@@ -4,5 +4,5 @@ detailSchema.validate={tk_no:validAccount.existsTk,tk_co:validAccount.existsTk,m
4
4
  const phtSchema=new Schema({id_app:{type:String,required:!0,maxlength:1024},ma_dvcs:{type:String,required:!0,maxlength:1024},kc_dvcs:{type:Boolean,default:!1},ma_ct:{type:String,default:"PHT",required:!0,uppercase:!0,maxlength:32},ma_gd:{type:String,default:"0",maxlength:32},so_ct:{type:String,required:!0,uppercase:!0,trim:!0,maxlength:32},ngay_ct:{type:Date,default:Date.now,required:!0},dien_giai:{type:String,default:"",maxlength:1024},exfields:Schema.Types.Mixed,trang_thai:{type:String,maxlength:32},
5
5
  ma_bp:{type:String,uppercase:!0,default:"",maxlength:32},ma_phi:{type:String,uppercase:!0,default:"",maxlength:32},ma_hd:{type:String,uppercase:!0,default:"",maxlength:32},ma_dt:{type:String,uppercase:!0,default:"",maxlength:32},ma_nv:{type:String,uppercase:!0,default:"",maxlength:32},ma_kho:{type:String,uppercase:!0,default:"",maxlength:32},ma_kh:{type:String,uppercase:!0,default:"",maxlength:32},status:{type:Boolean,default:!0},date_created:{type:Date,default:Date.now},date_updated:{type:Date,default:Date.now},
6
6
  user_created:{type:String,default:""},user_updated:{type:String,default:""},visible_to:{type:Number,default:0},visible_to_users:[String],update_right:[String],delete_right:[String],details:{type:[detailSchema]}});phtSchema.validate={ma_dvcs:validator.existsDvcs,ma_nt:validator.existsNt,ngay_ct:validator.unlockBook};
7
- (global.configs||{}).createIndexes&&(phtSchema.index({id_app:1,ma_dvcs:1,so_ct:-1,ngay_ct:-1}),phtSchema.index({dien_giai:"text",so_ct:"text"}),phtSchema.index({ma_ct:1}),phtSchema.index({user_created:1,date_created:-1}),phtSchema.index({date_updated:-1}),phtSchema.index({ma_bp:1}),phtSchema.index({ma_phi:1}),phtSchema.index({ma_hd:1}),phtSchema.index({ma_kho:1}),phtSchema.index({ma_nv:1}),phtSchema.index({ma_dt:1}),phtSchema.index({ma_kh:1}),phtSchema.index({status:1}),phtSchema.index({user_created:1,
8
- visible_to:1,visible_to_users:1}),phtSchema.index({trang_thai:1}));module.exports=mongoose.models.pht||mongoose.model("pht",phtSchema);
7
+ (global.configs||{}).createIndexes&&(phtSchema.index({id_app:1,ma_dvcs:1,so_ct:-1,ngay_ct:-1}),phtSchema.index({id_app:1,ma_ct:1}),phtSchema.index({id_app:1,user_created:1,date_created:-1}),phtSchema.index({id_app:1,ma_bp:1}),phtSchema.index({id_app:1,ma_phi:1}),phtSchema.index({id_app:1,ma_hd:1}),phtSchema.index({id_app:1,ma_kho:1}),phtSchema.index({id_app:1,ma_nv:1}),phtSchema.index({id_app:1,ma_dt:1}),phtSchema.index({id_app:1,ma_kh:1}),phtSchema.index({id_app:1,status:1}),phtSchema.index({id_app:1,
8
+ user_created:1,visible_to:1,visible_to_users:1}),phtSchema.index({id_app:1,trang_thai:1}));module.exports=mongoose.models.pht||mongoose.model("pht",phtSchema);
@@ -12,7 +12,7 @@ User.findByToken=async($token$$,$ip_now$$,$fn$$,$options$$={check_service_token:
12
12
  $ip_now$$.split(":").pop())return $fn$$("\u0110\u1ecba ch\u1ec9 IP n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p s\u1eed d\u1ee5ng token n\u00e0y");if(global.configs.check_token_expired&&!$_token$$.ip&&($ip_now$$=new Date,($_token$$.last_access||new Date).getTime()+(global.configs.expired_time||EXP_TIME)<$ip_now$$.getTime()))return $fn$$("Token \u0111\u00e3 h\u1ebft h\u1ea1n")}if($_token$$.service&&$options$$.check_service_token&&$_token$$.service==="facebook"&&!await checkFacebookToken($token$$))return Logger.error("This facebook access token is not valid",
13
13
  $_token$$),$fn$$("This facebook access token is not valid");let $query$$={email:$_token$$.email};(new Promise(($resove$$,$reject$$)=>{global.clientRedis.get(`:email:${$_token$$.email}`,function($err$$,$reply$$){if($reply$$)return $resove$$(JSON.parse($reply$$));User.findOne($query$$).lean().then(function($user$$){$user$$?$resove$$($user$$):$reject$$(`User ${$_token$$.email} kh\u00f4ng t\u1ed3n t\u1ea1i`)}).catch($error$$=>{$reject$$($error$$)})})})).then(async $user$$=>{$user$$.current_user=$user$$.email;
14
14
  $user$$.token=$token$$;if($user$$.status===!1)return $fn$$(`User ${$user$$.email} \u0111\u00e3 b\u1ecb kho\u00e1`);$user$$.admin=underscore.contains($usersAdmin$$,$user$$.email)||isSupperAdmin($user$$.email.toLowerCase())||$user$$.is_system_admin;if($_token$$.email!=="public"&&$_token$$._id){const $now$$=new Date;if(!$_token$$.last_access||$now$$-(new Date($_token$$.last_access)).getTime()>3E5)global.getModel("token").updateOne({_id:$_token$$._id},{last_access:$now$$}).catch($err$$=>Logger.error("Update last_access failed",
15
- $err$$)),$_token$$.last_access=$now$$}setImmediate(()=>{$fn$$(null,$user$$,$_token$$)})}).catch($e$$=>{$fn$$($e$$)})};
15
+ $err$$)),$_token$$.last_access=$now$$}$fn$$(null,$user$$,$_token$$)}).catch($e$$=>{$fn$$($e$$)})};
16
16
  User.sendEmailTo=async($email_u$$,$data$$)=>{if($data$$.email_content){let $to$$;validator.isEmail($email_u$$)?$to$$=$email_u$$:($email_u$$=await global.getModel("user").findOne({email:$email_u$$},{email2:1}).lean())&&$email_u$$.email2&&validator.isEmail($email_u$$.email2)&&($to$$=$email_u$$.email2);$to$$&&emailService.sendHtml({to:{address:$to$$},subject:($data$$.title||"").replace(/<[^>]*>?/gm,""),html:$data$$.email_content,attachments:$data$$.attachments,app_info:$data$$.app_info},function($error$$){$error$$&&
17
17
  Logger.error($error$$)})}};
18
18
  User.socketSendTo=async($email$$,$event_name$$,$msg$$)=>{$email$$&&$event_name$$&&(global.socketContainer.socketIO?($email$$=$email$$.toLowerCase(),setImmediate(async()=>{try{Logger.info("[user] [socketSendTo] send msg ",{email:$email$$,event_name:$event_name$$,msg:$msg$$}),global.socketContainer.socketIO.to($email$$).emit($event_name$$,$msg$$),global.socketContainer.socketIO.to($email$$).emit("allevents",{event:$event_name$$,msg:$msg$$})}catch($e$$){Logger.error("[user] [socketSendTo] error send msg ",{email:$email$$,
@@ -1,5 +1,5 @@
1
- const model=global.getModel("dmkho"),customer=global.getModel("customer"),controller=require("../../controllers/controller"),getSysorder=function($item$$,$callback$$){let $sysorder$$=$item$$.ma_kho.toString();$item$$.ma_kho_me&&$item$$.ma_kho_me!=$item$$.ma_kho.toString()?model.findOne({ma_kho:$item$$.ma_kho_me}).lean().then(function($item_me$$){$item_me$$?getSysorder($item_me$$,function($rs$$){$sysorder$$=$rs$$+"---"+$sysorder$$;$callback$$($sysorder$$)}):$callback$$($sysorder$$)}).catch($e$$=>{Logger.error($e$$);
2
- $callback$$($sysorder$$)}):$callback$$($sysorder$$)};
1
+ const model=global.getModel("dmkho"),customer=global.getModel("customer"),controller=require("../../controllers/controller"),getSysorder=function($item$$,$callback$$){let $sysorder$$=$item$$.ma_kho.toString();$item$$.ma_kho_me&&$item$$.ma_kho_me!=$item$$.ma_kho.toString()?model.findOne({id_app:$item$$.id_app,ma_kho:$item$$.ma_kho_me}).lean().then(function($item_me$$){$item_me$$?getSysorder($item_me$$,function($rs$$){$sysorder$$=$rs$$+"---"+$sysorder$$;$callback$$($sysorder$$)}):$callback$$($sysorder$$)}).catch($e$$=>
2
+ {Logger.error($e$$);$callback$$($sysorder$$)}):$callback$$($sysorder$$)};
3
3
  module.exports=function($contr_router$$){$contr_router$$=new controller($contr_router$$,model,"dmkho",{sort:{ma_kho:1},unique:["ma_kho"],onView:async($user$$,$items$$,$next$$)=>{await $items$$.asyncJoinModel2($user$$.current_id_app,customer,{where:{ma_kh:"ma_kh"},fields:{ten_kh:"ten_kh"}});$next$$(null,$items$$)},onUpdating:async($user$$,$data$$,$obj$$,$next$$)=>{if($data$$.ma_kho_me&&(await model.getAllChildrenGroup($obj$$.id_app,$obj$$.ma_kho.toString())).indexOf($data$$.ma_kho_me)>=0)return $next$$("Kh\u00f4ng th\u1ec3 ch\u1ecdn nh\u00f3m n\u00e0y l\u00e0m nh\u00f3m m\u1eb9");
4
4
  $next$$(null,$data$$,$obj$$)}});$contr_router$$.deleting=function($user$$,$obj$$,$next$$){if($obj$$.loai_nh===0)return $next$$(Error("Kh\u00f4ng \u0111\u01b0\u1ee3c ph\u00e9p x\u00f3a nh\u00f3m m\u1eb9"));$next$$(null,$obj$$)};$contr_router$$.created=function($user$$,$obj$$,$next$$){getSysorder($obj$$,async function($rs$$){$obj$$.sysorder=$rs$$;$obj$$.bac=$rs$$.split("---").length;await model.updateOne({_id:$obj$$._id},{$set:{bac:$obj$$.bac,sysorder:$obj$$.sysorder,loai_nh:1}}).catch(console.error);
5
5
  $next$$(null,$obj$$)})};$contr_router$$.updated=function($user$$,$obj$$,$next$$){getSysorder($obj$$,async function($loai_nh_rs$$){$obj$$.sysorder=$loai_nh_rs$$;$obj$$.bac=$loai_nh_rs$$.split("---").length;$loai_nh_rs$$=1;await model.findOne({ma_kho_me:$obj$$.ma_kho.toString(),id_app:$obj$$.id_app}).catch(console.error)&&($loai_nh_rs$$=0);$obj$$.loai_nh=$loai_nh_rs$$;await model.updateOne({_id:$obj$$._id},{$set:{bac:$obj$$.bac,sysorder:$obj$$.sysorder,loai_nh:$loai_nh_rs$$}}).catch(console.error);
package/server/route.js CHANGED
@@ -1,19 +1,19 @@
1
- const fs=require("fs"),appModel=global.getModel("app"),listinfo=global.getModel("listinfo"),Token=global.getModel("token"),express=require("express"),passport=require("passport"),path=require("path"),async=require("async"),sharp=require("sharp"),docs=require("./libs/docs"),{isValidObjectId}=require("mongoose"),permission=require("./libs/permission"),{sendMessageZalo}=require("./libs/utils"),{getTmpFile}=require("./libs/excelHelper"),controllerRPT=require("./controllers/controllerRPT"),isAdmin=($req$$,
2
- $res$$,$next$$)=>{$req$$.user&&$req$$.user.admin?$next$$():$res$$.status(403).json({message:"Y\u00eau c\u1ea7u quy\u1ec1n qu\u1ea3n tr\u1ecb vi\u00ean"})};
3
- module.exports=async function($app$$,$cb$$=()=>{},$limiter$jscomp$2_limiter$$=!1){var $createRateLimiterMiddleware_limiter_others$$=global.createRateLimiterMiddleware;const $router$$=global.routerAPI=express.Router();if($limiter$jscomp$2_limiter$$!==!0){configs.trust_proxy&&$app$$.enable("trust proxy",!0);require("./auths/google")($app$$,passport);require("./auths/facebook")($app$$,passport);require("./auths/local")($app$$,passport);require("./auths/bearer")(passport);$router$$.use(async function($req$$,
4
- $access_token_listinfo_code_res$$,$next$$){for(let $key$$ in $req$$.query)$req$$.query[$key$$]=="true"&&($req$$.query[$key$$]=!0),$req$$.query[$key$$]=="false"&&($req$$.query[$key$$]=!1);($access_token_listinfo_code_res$$=$req$$.query.access_token)||($access_token_listinfo_code_res$$=$req$$.get("X-Access-Token")||$req$$.get("access-token"));$access_token_listinfo_code_res$$&&($req$$.query.access_token=$access_token_listinfo_code_res$$,Token.updateOne({token:$access_token_listinfo_code_res$$,used:{$ne:!0}},
5
- {used:!0}).catch($err$$=>Logger.error("Token update error:",$err$$)));($access_token_listinfo_code_res$$=$req$$.get("listinfo-code")||$req$$.query["listinfo-code"])&&($req$$.query["listinfo-code"]=$access_token_listinfo_code_res$$);$next$$()});var $authenticate_dynamic_list_limiter_limiter$$=require("./auths/authMiddleware");$router$$.use($authenticate_dynamic_list_limiter_limiter$$);$router$$.param("id_app",async function($req$$,$res$$,$next$$,$id_app$$){let $_clientIp$$=(($req$$.headers["x-forwarded-for"]||
6
- "").split(",").pop()||$req$$.connection.remoteAddress||$req$$.socket.remoteAddress||$req$$.connection.socket.remoteAddress).split(":");if($id_app$$){if($req$$.user.token_id_app&&$req$$.user.token_id_app!=$id_app$$)return $res$$.status(400).send(`Token kh\u00f4ng c\u00f3 gi\u00e1 tr\u1ecb cho c\u00f4ng ty '${$id_app$$}'`);if(mongoose.Types.ObjectId.isValid($id_app$$))try{const $appInfo$$=await appModel.findById($id_app$$).lean();if($appInfo$$)$req$$.user.current_id_app=$id_app$$,$appInfo$$.options||
7
- ($appInfo$$.options={}),$req$$.user.current_app_info=$appInfo$$,$req$$.query.id_app=$id_app$$,$req$$.user.clientIp=$_clientIp$$[$_clientIp$$.length-1],$req$$.user.appAdmin=await new Promise($rs$$=>{permission.isAdmin($id_app$$,$req$$.user.email,function($e$$,$admin$$){$rs$$($admin$$)})}),$req$$.user.current_app_info.appAdmin=$req$$.user.appAdmin,$next$$();else return $res$$.status(400).send(`ID c\u00f4ng ty '${$id_app$$}' kh\u00f4ng t\u1ed3n t\u1ea1i`)}catch($error$$){$next$$($error$$)}else return $res$$.status(400).send("id_app:'"+
8
- $id_app$$+"' kh\u00f4ng c\u00f3 gi\u00e1 tr\u1ecb")}else $req$$.user&&($req$$.user.current_id_app=void 0,$req$$.user.appAdmin=void 0,$req$$.user.current_app_info={},$req$$.user.clientIp=$_clientIp$$[$_clientIp$$.length-1],$next$$())});configs.limitRequest.api&&($authenticate_dynamic_list_limiter_limiter$$=await $createRateLimiterMiddleware_limiter_others$$(configs.limitRequest.api,"api"),$router$$.use($authenticate_dynamic_list_limiter_limiter$$));global.storageUsage&&$app$$.use("/api/storage-usage",
9
- isAdmin,global.storageUsage.createExpressRouter());$app$$.use("/api",$router$$)}$router$$.post(["/dispatch-report/:id_app/:code/:subReport","/dispatch-report/:id_app/:code","/dispatch-report/:code"],($req$$,$res$$,$next$$)=>{const {id_app:$id_app$$,code:$code$$,subReport:$subReport$$}=$req$$.params,$queryString$$=$req$$.url.includes("?")?$req$$.url.substring($req$$.url.indexOf("?")):"",$subPath$$=$subReport$$?`/${$subReport$$}`:"";if(global.controllers?.[$code$$.trim().toUpperCase()])$req$$.url=$id_app$$?
10
- `/search/${$id_app$$}/${$code$$}${$subPath$$}${$queryString$$}`:`/search/${$code$$}${$subPath$$}${$queryString$$}`;else{if(!global.report_controllers?.[$code$$.toUpperCase()]){if($subReport$$)return Logger.error(`[dispatch-report] L\u1ed7i: B\u00e1o c\u00e1o '${$code$$}' kh\u00f4ng t\u1ed3n t\u1ea1i, t\u1eeb ch\u1ed1i x\u1eed l\u00fd subReport: '${$subReport$$}'`),$res$$.status(404).json({success:!1,message:`B\u00e1o c\u00e1o '${$code$$}' kh\u00f4ng t\u1ed3n t\u1ea1i v\u00e0 kh\u00f4ng h\u1ed7 tr\u1ee3 lu\u1ed3ng ph\u1ee5 (subReport).`});
1
+ const fs=require("fs"),appModel=global.getModel("app"),listinfo=global.getModel("listinfo"),Token=global.getModel("token"),express=require("express"),passport=require("passport"),path=require("path"),async=require("async"),sharp=require("sharp"),docs=require("./libs/docs"),{isValidObjectId}=require("mongoose"),permission=require("./libs/permission"),{sendMessageZalo}=require("./libs/utils"),{getTmpFile}=require("./libs/excelHelper"),controllerRPT=require("./controllers/controllerRPT"),{createRateLimiterMiddleware}=
2
+ require("./auths/rateLimiterMiddleware"),isAdmin=($req$$,$res$$,$next$$)=>{$req$$.user&&$req$$.user.admin?$next$$():$res$$.status(403).json({message:"Y\u00eau c\u1ea7u quy\u1ec1n qu\u1ea3n tr\u1ecb vi\u00ean"})};
3
+ module.exports=async function($app$$,$cb$$=()=>{},$limiter$jscomp$2_limiter$$=!1){const $router$$=global.routerAPI=express.Router();if($limiter$jscomp$2_limiter$$!==!0){configs.trust_proxy&&$app$$.enable("trust proxy",!0);require("./auths/google")($app$$,passport);require("./auths/facebook")($app$$,passport);require("./auths/local")($app$$,passport);require("./auths/bearer")(passport);$router$$.use(async function($req$$,$access_token_listinfo_code_res$$,$next$$){for(let $key$$ in $req$$.query)$req$$.query[$key$$]==
4
+ "true"&&($req$$.query[$key$$]=!0),$req$$.query[$key$$]=="false"&&($req$$.query[$key$$]=!1);($access_token_listinfo_code_res$$=$req$$.query.access_token)||($access_token_listinfo_code_res$$=$req$$.get("X-Access-Token")||$req$$.get("access-token"));$access_token_listinfo_code_res$$&&($req$$.query.access_token=$access_token_listinfo_code_res$$,Token.updateOne({token:$access_token_listinfo_code_res$$,used:{$ne:!0}},{used:!0}).catch($err$$=>Logger.error("Token update error:",$err$$)));($access_token_listinfo_code_res$$=
5
+ $req$$.get("listinfo-code")||$req$$.query["listinfo-code"])&&($req$$.query["listinfo-code"]=$access_token_listinfo_code_res$$);$next$$()});var $authenticate_dynamic_list_limiter_limiter$$=require("./auths/authMiddleware");$router$$.use($authenticate_dynamic_list_limiter_limiter$$);$router$$.param("id_app",async function($req$$,$res$$,$next$$,$id_app$$){let $_clientIp$$=(($req$$.headers["x-forwarded-for"]||"").split(",").pop()||$req$$.connection.remoteAddress||$req$$.socket.remoteAddress||$req$$.connection.socket.remoteAddress).split(":");
6
+ if($id_app$$){if($req$$.user.token_id_app&&$req$$.user.token_id_app!=$id_app$$)return $res$$.status(400).send(`Token kh\u00f4ng c\u00f3 gi\u00e1 tr\u1ecb cho c\u00f4ng ty '${$id_app$$}'`);if(mongoose.Types.ObjectId.isValid($id_app$$))try{const $appInfo$$=await appModel.findById($id_app$$).lean();if($appInfo$$)$req$$.user.current_id_app=$id_app$$,$appInfo$$.options||($appInfo$$.options={}),$req$$.user.current_app_info=$appInfo$$,$req$$.query.id_app=$id_app$$,$req$$.user.clientIp=$_clientIp$$[$_clientIp$$.length-
7
+ 1],$req$$.user.appAdmin=await new Promise($rs$$=>{permission.isAdmin($id_app$$,$req$$.user.email,function($e$$,$admin$$){$rs$$($admin$$)})}),$req$$.user.current_app_info.appAdmin=$req$$.user.appAdmin,$next$$();else return $res$$.status(400).send(`ID c\u00f4ng ty '${$id_app$$}' kh\u00f4ng t\u1ed3n t\u1ea1i`)}catch($error$$){$next$$($error$$)}else return $res$$.status(400).send("id_app:'"+$id_app$$+"' kh\u00f4ng c\u00f3 gi\u00e1 tr\u1ecb")}else $req$$.user&&($req$$.user.current_id_app=void 0,$req$$.user.appAdmin=
8
+ void 0,$req$$.user.current_app_info={},$req$$.user.clientIp=$_clientIp$$[$_clientIp$$.length-1],$next$$())});configs.limitRequest.api&&($authenticate_dynamic_list_limiter_limiter$$=await createRateLimiterMiddleware(configs.limitRequest.api,"api"),$router$$.use($authenticate_dynamic_list_limiter_limiter$$));global.storageUsage&&($router$$.use("/storage-dashboard",isAdmin,global.storageUsage.createDashboardRouter({injectConfig:$req$$=>({headers:{"access-token":$req$$.query.access_token||$req$$.headers["access-token"]}})})),
9
+ $router$$.use("/api/storage-usage",isAdmin,global.storageUsage.createExpressRouter()));$app$$.use("/api",$router$$)}$router$$.post(["/dispatch-report/:id_app/:code/:subReport","/dispatch-report/:id_app/:code","/dispatch-report/:code"],($req$$,$res$$,$next$$)=>{const {id_app:$id_app$$,code:$code$$,subReport:$subReport$$}=$req$$.params,$queryString$$=$req$$.url.includes("?")?$req$$.url.substring($req$$.url.indexOf("?")):"",$subPath$$=$subReport$$?`/${$subReport$$}`:"";if(global.controllers?.[$code$$.trim().toUpperCase()])$req$$.url=
10
+ $id_app$$?`/search/${$id_app$$}/${$code$$}${$subPath$$}${$queryString$$}`:`/search/${$code$$}${$subPath$$}${$queryString$$}`;else{if(!global.report_controllers?.[$code$$.toUpperCase()]){if($subReport$$)return Logger.error(`[dispatch-report] L\u1ed7i: B\u00e1o c\u00e1o '${$code$$}' kh\u00f4ng t\u1ed3n t\u1ea1i, t\u1eeb ch\u1ed1i x\u1eed l\u00fd subReport: '${$subReport$$}'`),$res$$.status(404).json({success:!1,message:`B\u00e1o c\u00e1o '${$code$$}' kh\u00f4ng t\u1ed3n t\u1ea1i v\u00e0 kh\u00f4ng h\u1ed7 tr\u1ee3 lu\u1ed3ng ph\u1ee5 (subReport).`});
11
11
  Logger.warn("[route] T\u1ea1o customize report...",$code$$);new controllerRPT($router$$,$code$$,async function($req$$,$callback$$){$callback$$(null,[])})}$req$$.url=$id_app$$?`/${$id_app$$}/${$code$$}${$subPath$$}${$queryString$$}`:`/${$code$$}${$subPath$$}${$queryString$$}`}Logger.info(`[dispatch-report] ${$req$$.method} ${$req$$.originalUrl} ---> ${$req$$.url}`);$next$$()});const $funcs_inited$$={};configs.paths.modules&&fs.existsSync(configs.paths.modules+"/lists")&&fs.readdirSync(configs.paths.modules+
12
12
  "/lists").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/lists/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});fs.existsSync(__dirname+"/modules/lists")&&fs.readdirSync(__dirname+"/modules/lists").filter($file$$=>!$funcs_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&(require("./modules/lists/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});configs.paths.modules&&fs.existsSync(configs.paths.modules+"/vouchers")&&fs.readdirSync(configs.paths.modules+
13
13
  "/vouchers").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/vouchers/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});fs.existsSync(__dirname+"/modules/vouchers")&&fs.readdirSync(__dirname+"/modules/vouchers").filter($file$$=>!$funcs_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&(require("./modules/vouchers/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});configs.paths.modules&&fs.existsSync(configs.paths.modules+"/reports")&&
14
14
  fs.readdirSync(configs.paths.modules+"/reports").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/reports/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});fs.existsSync(__dirname+"/modules/reports")&&fs.readdirSync(__dirname+"/modules/reports").filter($file$$=>!$funcs_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&(require("./modules/reports/"+$file$$)($router$$),$funcs_inited$$[$file$$]=$file$$)});const $sys_router$$=express.Router();
15
- $sys_router$$.use(passport.authenticate("bearer",{session:!1}));configs.limitRequest.sys&&($authenticate_dynamic_list_limiter_limiter$$=await $createRateLimiterMiddleware_limiter_others$$(configs.limitRequest.sys,"sys"),$sys_router$$.use($authenticate_dynamic_list_limiter_limiter$$));$app$$.use("/api",$sys_router$$);const $redisCache$$=require("./libs/redis-cache");$sys_router$$.route("/uploadfile").post(function($req$$,$res$$){const $access_token$$=$req$$.query.access_token;let $folder$$=$req$$.query.folder||
16
- "";const $id_app$$=$req$$.query.id_app;if(!$req$$.files.fileupload)if($req$$.files.file)$req$$.files.fileupload=$req$$.files.file;else return $res$$.status(400).send({error:"File kh\u00f4ng t\u1ed3n t\u1ea1i"});const $path$$=require("path");if(!$req$$.files.fileupload.path)return $res$$.status(400).send({error:"File kh\u00f4ng t\u1ed3n t\u1ea1i"});let $ext$$=$path$$.extname($req$$.files.fileupload.path);if($ext$$){if($ext$$=$ext$$.toLowerCase(),$ext$$===".exe")return $res$$.status(400).send({error:"Ki\u1ec3u file n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn"})}else return $res$$.status(400).send({error:"Ki\u1ec3u file n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn"});
15
+ $sys_router$$.use(passport.authenticate("bearer",{session:!1}));configs.limitRequest.sys&&($authenticate_dynamic_list_limiter_limiter$$=await createRateLimiterMiddleware(configs.limitRequest.sys,"sys"),$sys_router$$.use($authenticate_dynamic_list_limiter_limiter$$));$app$$.use("/api",$sys_router$$);const $redisCache$$=require("./libs/redis-cache");$sys_router$$.route("/uploadfile").post(function($req$$,$res$$){const $access_token$$=$req$$.query.access_token;let $folder$$=$req$$.query.folder||"";const $id_app$$=
16
+ $req$$.query.id_app;if(!$req$$.files.fileupload)if($req$$.files.file)$req$$.files.fileupload=$req$$.files.file;else return $res$$.status(400).send({error:"File kh\u00f4ng t\u1ed3n t\u1ea1i"});const $path$$=require("path");if(!$req$$.files.fileupload.path)return $res$$.status(400).send({error:"File kh\u00f4ng t\u1ed3n t\u1ea1i"});let $ext$$=$path$$.extname($req$$.files.fileupload.path);if($ext$$){if($ext$$=$ext$$.toLowerCase(),$ext$$===".exe")return $res$$.status(400).send({error:"Ki\u1ec3u file n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn"})}else return $res$$.status(400).send({error:"Ki\u1ec3u file n\u00e0y kh\u00f4ng \u0111\u01b0\u1ee3c ch\u1ea5p nh\u1eadn"});
17
17
  const $ip$$=$req$$.ip||$req$$.headers["x-forwarded-for"]||$req$$.socket.remoteAddress;global.getModel("user").findByToken($access_token$$,$ip$$,async($error$$,$_user$$)=>{if($error$$)return $res$$.status(400).send({error:$error$$.message||$error$$.error||$error$$});if($_user$$){const $user$$=await global.getModel("user").findOne({email:$_user$$.email});fs.readFile($req$$.files.fileupload.path,async function($err$$,$data$$){if($err$$)return $res$$.status(400).send({error:$err$$.message||$err$$.error||
18
18
  $err$$});var $originalname_p$$=$req$$.files.fileupload.originalname.split(" ").join("_");$err$$=configs.paths.images||$path$$.dirname($path$$.dirname(__dirname))+"/images";$err$$+="/";fs.existsSync($err$$+$folder$$)||fs.mkdirSync($err$$+$folder$$);$id_app$$&&$folder$$!="avatar"&&($folder$$=$folder$$+"/"+$id_app$$,fs.existsSync($err$$+$folder$$)||fs.mkdirSync($err$$+$folder$$));let $newPath$$=$folder$$+"/"+$user$$._id.toString()+"_"+(new Date).getTime().toString()+"_"+$originalname_p$$,$path_image$$;
19
19
  if($ext$$!==".png"&&$ext$$!==".jpeg"&&$ext$$!==".jpg"&&$ext$$!==".gif"&&$ext$$!==".webp")$path_image$$=$err$$+$newPath$$,fs.writeFile($path_image$$,$data$$,function($err$$){if($err$$)return $res$$.status(400).send({error:$err$$.message||$err$$.error||$err$$});fs.unlink($req$$.files.fileupload.path,$e$$=>{$e$$&&Logger.error($e$$)});$req$$.query.json?$res$$.send({fileUrl:"/getfile/"+$newPath$$}):($res$$.writeHead(200,{"Content-Type":"text/html"}),$res$$.end("<html><head><title>/getfile/"+$newPath$$+
@@ -28,28 +28,27 @@ else{var $root_dir_templates$$=configs.paths.templates||$path$$.dirname($path$$.
28
28
  fs.existsSync($root_dir_templates$$+"excels")||fs.mkdirSync($root_dir_templates$$+"excels");let $newPath$$="excels/"+$user$$._id.toString()+"_"+$path$$.basename($req$$.files.fileupload.path);fs.unlink($req$$.files.fileupload.path,$e$$=>{$e$$&&Logger.error($e$$)});Logger.info("uploading template file",$root_dir_templates$$+$newPath$$);fs.writeFile($root_dir_templates$$+$newPath$$,$data$$,function($error$$){if($error$$)return Logger.error("Error upload file",$error$$),$res$$.status(404).send($error$$);
29
29
  $error$$="/templates/"+$newPath$$;Logger.info("Updated a file to ",$root_dir_templates$$+$newPath$$);if($req$$.query.json)return $res$$.send({fileUrl:$error$$});$res$$.writeHead(200,{"Content-Type":"text/html"});$res$$.end("<html><head><title>"+$error$$+"</title></head><body>success</body></html>")})}):$res$$.status(404).send({error:"Not found"})})}else $res$$.status(400).send("Ch\u1ec9 ch\u1ea5p nh\u1eadn c\u00e1c \u0111\u1ecbnh d\u1ea1ng file: xlsx,xml")});let $funcs_sys_inited$$={};configs.paths.modules&&
30
30
  fs.existsSync(configs.paths.modules+"/systems")&&fs.readdirSync(configs.paths.modules+"/systems").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/systems/"+$file$$)($sys_router$$),$funcs_sys_inited$$[$file$$]=$file$$)});fs.readdirSync(__dirname+"/modules/systems").filter($file$$=>!$funcs_sys_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&(require("./modules/systems/"+$file$$)($sys_router$$),$funcs_sys_inited$$[$file$$]=$file$$)});$authenticate_dynamic_list_limiter_limiter$$=
31
- await listinfo.find({status:!0,create_model:!0}).lean();Logger.info("Creating dynamic APIs...",$authenticate_dynamic_list_limiter_limiter$$.length);$authenticate_dynamic_list_limiter_limiter$$.forEach($r$$=>{listinfo.createController(global.routerAPI,$r$$)});if($limiter$jscomp$2_limiter$$!==!0){const $bot_router$$=express.Router();configs.limitRequest.bot&&($limiter$jscomp$2_limiter$$=await $createRateLimiterMiddleware_limiter_others$$(configs.limitRequest.bot,"bot"),$router$$.use($limiter$jscomp$2_limiter$$));
32
- $app$$.use("/bot",$bot_router$$);fs.existsSync(__dirname+"/modules/bot")&&(Logger.info("init bot..."),fs.readdirSync(__dirname+"/modules/bot").forEach(function($file$$){$file$$.endsWith(".js")&&require("./modules/bot/"+$file$$)($bot_router$$)}));const $public_router$$=express.Router();configs.limitRequest.public&&($limiter$jscomp$2_limiter$$=await $createRateLimiterMiddleware_limiter_others$$(configs.limitRequest.public,"public"),$router$$.use($limiter$jscomp$2_limiter$$));$public_router$$.use(function($req$$,
33
- $res$$,$next$$){for(let $key$$ in $req$$.query)$req$$.query[$key$$]=="true"&&($req$$.query[$key$$]=!0),$req$$.query[$key$$]=="false"&&($req$$.query[$key$$]=!1);if($req$$.query.id_app){let $id_app$$=$req$$.query.id_app;appModel.findOne({_id:$id_app$$},function($error$$,$app$$){if($error$$)return $next$$($error$$);if($app$$)$req$$.user={current_id_app:$id_app$$,email:"public"},$req$$.query.id_app=$id_app$$,$next$$();else return $res$$.status(400).send("Kh\u00f4ng t\u1ed3n t\u1ea1i c\u00f4ng ty n\u00e0y")})}else $next$$()});
34
- $app$$.use("/public",$public_router$$);const $funcs_public_inited$$={};configs.paths.modules&&fs.existsSync(configs.paths.modules+"/public")&&(Logger.info("init custom public..."),fs.readdirSync(configs.paths.modules+"/public").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/public/"+$file$$)($public_router$$),$funcs_public_inited$$[$file$$]=$file$$)}));fs.existsSync(__dirname+"/modules/public")&&(Logger.info("init default public..."),fs.readdirSync(__dirname+"/modules/public").filter($file$$=>
35
- !$funcs_public_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&(require("./modules/public/"+$file$$)($public_router$$),$funcs_public_inited$$[$file$$]=$file$$)}));configs.useFlow&&require("./flow/FlowEngine")($app$$);$createRateLimiterMiddleware_limiter_others$$=await $createRateLimiterMiddleware_limiter_others$$(configs.limitRequest.other||{},"other");$app$$.get("/downloads/temp/:fileName",$createRateLimiterMiddleware_limiter_others$$,async function($fileName_req$$,$res$$){$fileName_req$$=
36
- $fileName_req$$.params.fileName;try{const $fileBuffer$$=await getTmpFile($fileName_req$$);if(!$fileBuffer$$)return Logger.error("[route][download temp file] Kh\u00f4ng t\u00ecm th\u1ea5y file",$fileName_req$$),$res$$.status(404).send('\n <div style="font-family: Arial; text-align: center; margin-top: 50px;">\n <h2 style="color: red;">\u0110\u01b0\u1eddng link \u0111\u00e3 h\u1ebft h\u1ea1n ho\u1eb7c kh\u00f4ng t\u1ed3n t\u1ea1i!</h2>\n <p>V\u00ec l\u00fd do b\u1ea3o m\u1eadt, link t\u1ea3i file ch\u1ec9 c\u00f3 hi\u1ec7u l\u1ef1c trong v\u00f2ng 1 ph\u00fat.</p>\n <p>Vui l\u00f2ng quay l\u1ea1i ph\u1ea7n m\u1ec1m v\u00e0 th\u1ef1c hi\u1ec7n xu\u1ea5t file l\u1ea7n n\u1eefa.</p>\n </div>\n ');
31
+ await listinfo.find({status:!0,create_model:!0}).lean();Logger.info("Creating dynamic APIs...",$authenticate_dynamic_list_limiter_limiter$$.length);$authenticate_dynamic_list_limiter_limiter$$.forEach($r$$=>{listinfo.createController(global.routerAPI,$r$$)});if($limiter$jscomp$2_limiter$$!==!0){const $bot_router$$=express.Router();configs.limitRequest.bot&&($limiter$jscomp$2_limiter$$=await createRateLimiterMiddleware(configs.limitRequest.bot,"bot"),$router$$.use($limiter$jscomp$2_limiter$$));$app$$.use("/bot",
32
+ $bot_router$$);fs.existsSync(__dirname+"/modules/bot")&&(Logger.info("init bot..."),fs.readdirSync(__dirname+"/modules/bot").forEach(function($file$$){$file$$.endsWith(".js")&&require("./modules/bot/"+$file$$)($bot_router$$)}));const $public_router$$=express.Router();configs.limitRequest.public&&($limiter$jscomp$2_limiter$$=await createRateLimiterMiddleware(configs.limitRequest.public,"public"),$router$$.use($limiter$jscomp$2_limiter$$));$public_router$$.use(function($req$$,$res$$,$next$$){for(let $key$$ in $req$$.query)$req$$.query[$key$$]==
33
+ "true"&&($req$$.query[$key$$]=!0),$req$$.query[$key$$]=="false"&&($req$$.query[$key$$]=!1);if($req$$.query.id_app){let $id_app$$=$req$$.query.id_app;appModel.findOne({_id:$id_app$$},function($error$$,$app$$){if($error$$)return $next$$($error$$);if($app$$)$req$$.user={current_id_app:$id_app$$,email:"public"},$req$$.query.id_app=$id_app$$,$next$$();else return $res$$.status(400).send("Kh\u00f4ng t\u1ed3n t\u1ea1i c\u00f4ng ty n\u00e0y")})}else $next$$()});$app$$.use("/public",$public_router$$);const $funcs_public_inited$$=
34
+ {};configs.paths.modules&&fs.existsSync(configs.paths.modules+"/public")&&(Logger.info("init custom public..."),fs.readdirSync(configs.paths.modules+"/public").forEach(function($file$$){$file$$.endsWith(".js")&&(require(configs.paths.modules+"/public/"+$file$$)($public_router$$),$funcs_public_inited$$[$file$$]=$file$$)}));fs.existsSync(__dirname+"/modules/public")&&(Logger.info("init default public..."),fs.readdirSync(__dirname+"/modules/public").filter($file$$=>!$funcs_public_inited$$[$file$$]).forEach(function($file$$){$file$$.endsWith(".js")&&
35
+ (require("./modules/public/"+$file$$)($public_router$$),$funcs_public_inited$$[$file$$]=$file$$)}));configs.useFlow&&require("./flow/FlowEngine")($app$$);$limiter$jscomp$2_limiter$$=await createRateLimiterMiddleware(configs.limitRequest.other||{},"other");$app$$.get("/downloads/temp/:fileName",$limiter$jscomp$2_limiter$$,async function($fileName_req$$,$res$$){$fileName_req$$=$fileName_req$$.params.fileName;try{const $fileBuffer$$=await getTmpFile($fileName_req$$);if(!$fileBuffer$$)return Logger.error("[route][download temp file] Kh\u00f4ng t\u00ecm th\u1ea5y file",
36
+ $fileName_req$$),$res$$.status(404).send('\n <div style="font-family: Arial; text-align: center; margin-top: 50px;">\n <h2 style="color: red;">\u0110\u01b0\u1eddng link \u0111\u00e3 h\u1ebft h\u1ea1n ho\u1eb7c kh\u00f4ng t\u1ed3n t\u1ea1i!</h2>\n <p>V\u00ec l\u00fd do b\u1ea3o m\u1eadt, link t\u1ea3i file ch\u1ec9 c\u00f3 hi\u1ec7u l\u1ef1c trong v\u00f2ng 1 ph\u00fat.</p>\n <p>Vui l\u00f2ng quay l\u1ea1i ph\u1ea7n m\u1ec1m v\u00e0 th\u1ef1c hi\u1ec7n xu\u1ea5t file l\u1ea7n n\u1eefa.</p>\n </div>\n ');
37
37
  $fileName_req$$=$fileName_req$$.replace(/[\r\n]+/g,"").replace(/"/g,'\\"');const $asciiFileName$$=$fileName_req$$.replace(/[^\x20-\x7E]/g,"_"),$encodedFileName$$=encodeURIComponent($fileName_req$$);if($fileName_req$$.endsWith(".json"))return $res$$.setHeader("Content-Type","application/json; charset=utf-8"),$res$$.setHeader("Content-Disposition",`attachment; filename="${$asciiFileName$$}"; filename*=UTF-8''${$encodedFileName$$}`),$res$$.send($fileBuffer$$);$res$$.setHeader("Content-Disposition",`attachment; filename="${$fileName_req$$}"; filename*=UTF-8''${$encodedFileName$$}`);
38
- $res$$.type($fileName_req$$);return $res$$.send($fileBuffer$$)}catch($e$$){Logger.error("[download tmp data]",$e$$,$fileName_req$$),$res$$.status(400).send($e$$.message)}});$app$$.get("/getfile/:folder/:filename",$createRateLimiterMiddleware_limiter_others$$,async function($orgin_file_size$jscomp$2_req$$,$res$$){let $root_dir$$=configs.paths.images||path.join(__dirname,"images"),$imgPath$$=path.join($root_dir$$,$orgin_file_size$jscomp$2_req$$.params.folder,$orgin_file_size$jscomp$2_req$$.params.filename);
39
- if(fs.existsSync($imgPath$$)){let $size$$,$cache$$;if($orgin_file_size$jscomp$2_req$$.query.size||$orgin_file_size$jscomp$2_req$$.query.resize)switch(String($orgin_file_size$jscomp$2_req$$.query.size||$orgin_file_size$jscomp$2_req$$.query.resize).toUpperCase()){case "64":case "X":$size$$=64;$cache$$=!0;break;case "128":$size$$=128;$cache$$=!0;break;case "320":case "S":$size$$=320;$cache$$=!0;break;case "512":case "M":$size$$=512;$cache$$=!0;break;case "1024":case "L":$size$$=1024;$cache$$=!0;break;
40
- default:try{$size$$=Number($orgin_file_size$jscomp$2_req$$.query.size||$orgin_file_size$jscomp$2_req$$.query.resize);if(isNaN($size$$)||!$size$$)$size$$=1024;$cache$$=!0}catch($e$$){Logger.info("size param must be X or S or M or L or a number")}}if($size$$){let $file_name_resize$$=path.join($root_dir$$,$orgin_file_size$jscomp$2_req$$.params.folder,String($size$$)+"."+$orgin_file_size$jscomp$2_req$$.params.filename);if(fs.existsSync($file_name_resize$$))return sharp($file_name_resize$$,{failOnError:!1}).pipe($res$$);
41
- let $_gm$$=sharp($imgPath$$,{failOnError:!1});($orgin_file_size$jscomp$2_req$$=await $_gm$$.metadata())&&$size$$&&$size$$<$orgin_file_size$jscomp$2_req$$.width&&$size$$<$orgin_file_size$jscomp$2_req$$.height&&($_gm$$=$_gm$$.resize({width:$size$$}).rotate());$orgin_file_size$jscomp$2_req$$&&$orgin_file_size$jscomp$2_req$$.format!="webp"&&($_gm$$=$_gm$$.webp({lossless:!1}));$cache$$&&setImmediate(()=>{$_gm$$.toFile($file_name_resize$$,$error$$=>{if($error$$)return Logger.error("save resize image:",
42
- $error$$.message);Logger.info("cache file",$file_name_resize$$)})});$_gm$$.pipe($res$$)}else $res$$.sendFile($imgPath$$)}else $res$$.sendFile(path.join(__dirname,"images","others","noimage.png"))});const $Labelinfo$$=global.getModel("labelinfo");$app$$.get("/labels/:labelid",$createRateLimiterMiddleware_limiter_others$$,function($labelid_req$$,$res$$){$labelid_req$$=$labelid_req$$.params.labelid.toUpperCase();$Labelinfo$$.find({labelid:$labelid_req$$}).lean().then($labels$$=>{let $_labels$$={};$labels$$.forEach($l$$=>
43
- {$_labels$$[$l$$.textid]=$l$$});$res$$.send($_labels$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.get("/aff/:_id",$createRateLimiterMiddleware_limiter_others$$,async function($id_afflink_req$$,$res$$){$id_afflink_req$$=$id_afflink_req$$.params._id;if(!$id_afflink_req$$)return $res$$.status(404).send("Page not found");var $afflink_page_link$$=await global.getModel("afflink").findOne({_id:$id_afflink_req$$});$afflink_page_link$$?(await global.getModel("afflink").updateOne({_id:$id_afflink_req$$},
44
- {$inc:{da_truy_cap:1}}),$afflink_page_link$$=$afflink_page_link$$.page_link,$afflink_page_link$$=$afflink_page_link$$.indexOf("?")<0?`${$afflink_page_link$$}?afflink=${$id_afflink_req$$}`:`${$afflink_page_link$$}&afflink=${$id_afflink_req$$}`,$res$$.redirect($afflink_page_link$$)):$res$$.status(404).send("Page not found")});const $axios$$=require("axios"),$querystring$$=require("querystring");$app$$.post("/oa/sendMessage",$createRateLimiterMiddleware_limiter_others$$,async function($data$jscomp$2_req$$,
45
- $res$$){$data$jscomp$2_req$$=$data$jscomp$2_req$$.body||{};if(!($data$jscomp$2_req$$.secret_key&&$data$jscomp$2_req$$.id_app&&$data$jscomp$2_req$$.template_data&&$data$jscomp$2_req$$.template_id&&$data$jscomp$2_req$$.phone))return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 g\u1eedi Zalo OTP"});try{let $rs$$=await sendMessageZalo($data$jscomp$2_req$$.id_app,$data$jscomp$2_req$$.phone,$data$jscomp$2_req$$.template_id,$data$jscomp$2_req$$.template_data,null,$data$jscomp$2_req$$.secret_key);
46
- $res$$.send($rs$$)}catch($e$$){$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}});$app$$.get("/oa/:id_app",$createRateLimiterMiddleware_limiter_others$$,async function($data$jscomp$3_req$$,$res$$){var $app$jscomp$2_id_app$$=$data$jscomp$3_req$$.params.id_app,$headers_zalo_oa_id$$=$data$jscomp$3_req$$.query.oa_id;$data$jscomp$3_req$$=$data$jscomp$3_req$$.query.code;if(!$headers_zalo_oa_id$$||!$data$jscomp$3_req$$||!isValidObjectId($app$jscomp$2_id_app$$))return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u kh\u00f4ng h\u1ee3p l\u1ec7"});
47
- $app$jscomp$2_id_app$$=await global.getModel("app").findOne({_id:$app$jscomp$2_id_app$$});if(!$app$jscomp$2_id_app$$)return $res$$.status(400).send({error:"App kh\u00f4ng t\u1ed3n t\u1ea1i"});$app$jscomp$2_id_app$$.zalo_oa_id=$headers_zalo_oa_id$$;$app$jscomp$2_id_app$$.zalo_code=$data$jscomp$3_req$$;if($app$jscomp$2_id_app$$.zalo_secret_key&&$app$jscomp$2_id_app$$.zalo_app_id){$headers_zalo_oa_id$$={"Content-Type":"application/x-www-form-urlencoded",secret_key:$app$jscomp$2_id_app$$.zalo_secret_key};
48
- $data$jscomp$3_req$$={code:$app$jscomp$2_id_app$$.zalo_code,app_id:$app$jscomp$2_id_app$$.zalo_app_id,grant_type:"authorization_code"};try{var $message$$=(await $axios$$.post("https://oauth.zaloapp.com/v4/oa/access_token",$querystring$$.stringify($data$jscomp$3_req$$),{headers:$headers_zalo_oa_id$$})).data;$app$jscomp$2_id_app$$.zalo_access_token=$message$$.access_token;$app$jscomp$2_id_app$$.zalo_refresh_token=$message$$.refresh_token;$app$jscomp$2_id_app$$.zalo_expires_in=$message$$.expires_in;
49
- $app$jscomp$2_id_app$$.zalo_updated=new Date}catch($e$$){return $message$$=(($e$$.response||{}).data||{}).message,Logger.error("Can't get access token from zalo",$message$$||$e$$),$res$$.status(400).send({error:$message$$||$e$$.message||$e$$})}}else return $res$$.status(400).send({error:"Ch\u01b0a khai b\u00e1o th\u00f4ng tin zalo app id v\u00e0 secret key cho c\u00f4ng ty n\u00e0y"});await $app$jscomp$2_id_app$$.save();$res$$.send({ok:!0})});$app$$.get("/task-status/:id",$createRateLimiterMiddleware_limiter_others$$,
50
- async function($req$$,$res$$){try{let $task$$=await $redisCache$$.getObject($req$$.params.id);return $res$$.send($task$$)}catch($e$$){$res$$.status(400).send($e$$)}});$app$$.get("/api-docs-auth",$createRateLimiterMiddleware_limiter_others$$,async function($document_req$$,$res$$){$document_req$$=await docs.apiAuth();return $res$$.send($document_req$$)});$app$$.get("/api-docs-fields/:code",$createRateLimiterMiddleware_limiter_others$$,async function($document$jscomp$1_req$$,$res$$){$document$jscomp$1_req$$=
51
- await docs.apiFields($document$jscomp$1_req$$.params.code,$document$jscomp$1_req$$.query.id_app,$document$jscomp$1_req$$.query.import_yn);return $res$$.send($document$jscomp$1_req$$)});$app$$.get("/api-docs-input/:code",$createRateLimiterMiddleware_limiter_others$$,async function($document$jscomp$2_req$$,$res$$){$document$jscomp$2_req$$=await docs.apiDocs($document$jscomp$2_req$$.params.code,$document$jscomp$2_req$$.query.id_app);return $res$$.send($document$jscomp$2_req$$)});$app$$.get("/api-docs-report/:code",
52
- $createRateLimiterMiddleware_limiter_others$$,async function($document$jscomp$3_req$$,$res$$){$document$jscomp$3_req$$=await docs.apiReport($document$jscomp$3_req$$.params.code,$document$jscomp$3_req$$.query.id_app);return $res$$.send($document$jscomp$3_req$$)});if(configs.has_api_barcode){const $qr$$=require("qr-image");$app$$.get("/qrcode",$createRateLimiterMiddleware_limiter_others$$,function($req$$,$res$$){let $report$$=$req$$.query.report,$type$$=$req$$.query.type||"svg",$size$$=5;if($req$$.query.size)try{$size$$=
38
+ $res$$.type($fileName_req$$);return $res$$.send($fileBuffer$$)}catch($e$$){Logger.error("[download tmp data]",$e$$,$fileName_req$$),$res$$.status(400).send($e$$.message)}});$app$$.get("/getfile/:folder/:filename",$limiter$jscomp$2_limiter$$,async function($orgin_file_size$jscomp$2_req$$,$res$$){let $root_dir$$=configs.paths.images||path.join(__dirname,"images"),$imgPath$$=path.join($root_dir$$,$orgin_file_size$jscomp$2_req$$.params.folder,$orgin_file_size$jscomp$2_req$$.params.filename);if(fs.existsSync($imgPath$$)){let $size$$,
39
+ $cache$$;if($orgin_file_size$jscomp$2_req$$.query.size||$orgin_file_size$jscomp$2_req$$.query.resize)switch(String($orgin_file_size$jscomp$2_req$$.query.size||$orgin_file_size$jscomp$2_req$$.query.resize).toUpperCase()){case "64":case "X":$size$$=64;$cache$$=!0;break;case "128":$size$$=128;$cache$$=!0;break;case "320":case "S":$size$$=320;$cache$$=!0;break;case "512":case "M":$size$$=512;$cache$$=!0;break;case "1024":case "L":$size$$=1024;$cache$$=!0;break;default:try{$size$$=Number($orgin_file_size$jscomp$2_req$$.query.size||
40
+ $orgin_file_size$jscomp$2_req$$.query.resize);if(isNaN($size$$)||!$size$$)$size$$=1024;$cache$$=!0}catch($e$$){Logger.info("size param must be X or S or M or L or a number")}}if($size$$){let $file_name_resize$$=path.join($root_dir$$,$orgin_file_size$jscomp$2_req$$.params.folder,String($size$$)+"."+$orgin_file_size$jscomp$2_req$$.params.filename);if(fs.existsSync($file_name_resize$$))return sharp($file_name_resize$$,{failOnError:!1}).pipe($res$$);let $_gm$$=sharp($imgPath$$,{failOnError:!1});($orgin_file_size$jscomp$2_req$$=
41
+ await $_gm$$.metadata())&&$size$$&&$size$$<$orgin_file_size$jscomp$2_req$$.width&&$size$$<$orgin_file_size$jscomp$2_req$$.height&&($_gm$$=$_gm$$.resize({width:$size$$}).rotate());$orgin_file_size$jscomp$2_req$$&&$orgin_file_size$jscomp$2_req$$.format!="webp"&&($_gm$$=$_gm$$.webp({lossless:!1}));$cache$$&&setImmediate(()=>{$_gm$$.toFile($file_name_resize$$,$error$$=>{if($error$$)return Logger.error("save resize image:",$error$$.message);Logger.info("cache file",$file_name_resize$$)})});$_gm$$.pipe($res$$)}else $res$$.sendFile($imgPath$$)}else $res$$.sendFile(path.join(__dirname,
42
+ "images","others","noimage.png"))});const $Labelinfo$$=global.getModel("labelinfo");$app$$.get("/labels/:labelid",$limiter$jscomp$2_limiter$$,function($labelid_req$$,$res$$){$labelid_req$$=$labelid_req$$.params.labelid.toUpperCase();$Labelinfo$$.find({labelid:$labelid_req$$}).lean().then($labels$$=>{let $_labels$$={};$labels$$.forEach($l$$=>{$_labels$$[$l$$.textid]=$l$$});$res$$.send($_labels$$)}).catch($e$$=>{$res$$.status(400).send($e$$)})});$app$$.get("/aff/:_id",$limiter$jscomp$2_limiter$$,async function($id_afflink_req$$,
43
+ $res$$){$id_afflink_req$$=$id_afflink_req$$.params._id;if(!$id_afflink_req$$)return $res$$.status(404).send("Page not found");var $afflink_page_link$$=await global.getModel("afflink").findOne({_id:$id_afflink_req$$});$afflink_page_link$$?(await global.getModel("afflink").updateOne({_id:$id_afflink_req$$},{$inc:{da_truy_cap:1}}),$afflink_page_link$$=$afflink_page_link$$.page_link,$afflink_page_link$$=$afflink_page_link$$.indexOf("?")<0?`${$afflink_page_link$$}?afflink=${$id_afflink_req$$}`:`${$afflink_page_link$$}&afflink=${$id_afflink_req$$}`,
44
+ $res$$.redirect($afflink_page_link$$)):$res$$.status(404).send("Page not found")});const $axios$$=require("axios"),$querystring$$=require("querystring");$app$$.post("/oa/sendMessage",$limiter$jscomp$2_limiter$$,async function($data$jscomp$2_req$$,$res$$){$data$jscomp$2_req$$=$data$jscomp$2_req$$.body||{};if(!($data$jscomp$2_req$$.secret_key&&$data$jscomp$2_req$$.id_app&&$data$jscomp$2_req$$.template_data&&$data$jscomp$2_req$$.template_id&&$data$jscomp$2_req$$.phone))return $res$$.status(400).send({error:"Kh\u00f4ng th\u1ec3 g\u1eedi Zalo OTP"});
45
+ try{let $rs$$=await sendMessageZalo($data$jscomp$2_req$$.id_app,$data$jscomp$2_req$$.phone,$data$jscomp$2_req$$.template_id,$data$jscomp$2_req$$.template_data,null,$data$jscomp$2_req$$.secret_key);$res$$.send($rs$$)}catch($e$$){$res$$.status(400).send({error:$e$$.error||$e$$.message||$e$$})}});$app$$.get("/oa/:id_app",$limiter$jscomp$2_limiter$$,async function($data$jscomp$3_req$$,$res$$){var $app$jscomp$2_id_app$$=$data$jscomp$3_req$$.params.id_app,$headers_zalo_oa_id$$=$data$jscomp$3_req$$.query.oa_id;
46
+ $data$jscomp$3_req$$=$data$jscomp$3_req$$.query.code;if(!$headers_zalo_oa_id$$||!$data$jscomp$3_req$$||!isValidObjectId($app$jscomp$2_id_app$$))return $res$$.status(400).send({error:"Y\u00eau c\u1ea7u kh\u00f4ng h\u1ee3p l\u1ec7"});$app$jscomp$2_id_app$$=await global.getModel("app").findOne({_id:$app$jscomp$2_id_app$$});if(!$app$jscomp$2_id_app$$)return $res$$.status(400).send({error:"App kh\u00f4ng t\u1ed3n t\u1ea1i"});$app$jscomp$2_id_app$$.zalo_oa_id=$headers_zalo_oa_id$$;$app$jscomp$2_id_app$$.zalo_code=
47
+ $data$jscomp$3_req$$;if($app$jscomp$2_id_app$$.zalo_secret_key&&$app$jscomp$2_id_app$$.zalo_app_id){$headers_zalo_oa_id$$={"Content-Type":"application/x-www-form-urlencoded",secret_key:$app$jscomp$2_id_app$$.zalo_secret_key};$data$jscomp$3_req$$={code:$app$jscomp$2_id_app$$.zalo_code,app_id:$app$jscomp$2_id_app$$.zalo_app_id,grant_type:"authorization_code"};try{var $message$$=(await $axios$$.post("https://oauth.zaloapp.com/v4/oa/access_token",$querystring$$.stringify($data$jscomp$3_req$$),{headers:$headers_zalo_oa_id$$})).data;
48
+ $app$jscomp$2_id_app$$.zalo_access_token=$message$$.access_token;$app$jscomp$2_id_app$$.zalo_refresh_token=$message$$.refresh_token;$app$jscomp$2_id_app$$.zalo_expires_in=$message$$.expires_in;$app$jscomp$2_id_app$$.zalo_updated=new Date}catch($e$$){return $message$$=(($e$$.response||{}).data||{}).message,Logger.error("Can't get access token from zalo",$message$$||$e$$),$res$$.status(400).send({error:$message$$||$e$$.message||$e$$})}}else return $res$$.status(400).send({error:"Ch\u01b0a khai b\u00e1o th\u00f4ng tin zalo app id v\u00e0 secret key cho c\u00f4ng ty n\u00e0y"});
49
+ await $app$jscomp$2_id_app$$.save();$res$$.send({ok:!0})});$app$$.get("/task-status/:id",$limiter$jscomp$2_limiter$$,async function($req$$,$res$$){try{let $task$$=await $redisCache$$.getObject($req$$.params.id);return $res$$.send($task$$)}catch($e$$){$res$$.status(400).send($e$$)}});$app$$.get("/api-docs-auth",$limiter$jscomp$2_limiter$$,async function($document_req$$,$res$$){$document_req$$=await docs.apiAuth();return $res$$.send($document_req$$)});$app$$.get("/api-docs-fields/:code",$limiter$jscomp$2_limiter$$,
50
+ async function($document$jscomp$1_req$$,$res$$){$document$jscomp$1_req$$=await docs.apiFields($document$jscomp$1_req$$.params.code,$document$jscomp$1_req$$.query.id_app,$document$jscomp$1_req$$.query.import_yn);return $res$$.send($document$jscomp$1_req$$)});$app$$.get("/api-docs-input/:code",$limiter$jscomp$2_limiter$$,async function($document$jscomp$2_req$$,$res$$){$document$jscomp$2_req$$=await docs.apiDocs($document$jscomp$2_req$$.params.code,$document$jscomp$2_req$$.query.id_app);return $res$$.send($document$jscomp$2_req$$)});
51
+ $app$$.get("/api-docs-report/:code",$limiter$jscomp$2_limiter$$,async function($document$jscomp$3_req$$,$res$$){$document$jscomp$3_req$$=await docs.apiReport($document$jscomp$3_req$$.params.code,$document$jscomp$3_req$$.query.id_app);return $res$$.send($document$jscomp$3_req$$)});if(configs.has_api_barcode){const $qr$$=require("qr-image");$app$$.get("/qrcode",$limiter$jscomp$2_limiter$$,function($req$$,$res$$){let $report$$=$req$$.query.report,$type$$=$req$$.query.type||"svg",$size$$=5;if($req$$.query.size)try{$size$$=
53
52
  Number($req$$.query.size),isNaN($size$$)&&($size$$=void 0)}catch($e$$){Logger.error("size qrcode is not valid",$e$$)}else $size$$=5;$report$$||($report$$=$req$$.query.data)&&($report$$=Buffer.from($report$$,"base64").toString("utf8"));if(!$report$$)return $res$$.status(400).send("miss parameter 'report'");setImmediate(()=>{const $code$$=$qr$$.image($report$$,{type:$type$$,size:$size$$});$res$$.type($type$$);$code$$.pipe($res$$)})});const $bwipjs$$=require("bwip-js"),$stream$$=require("stream");$app$$.get("/barcode",
54
- $createRateLimiterMiddleware_limiter_others$$,function($height_req$$,$res$$){let $code$$=$height_req$$.query.code||"code128",$data$$=$height_req$$.query.data;$height_req$$=Number($height_req$$.query.height||10);if(!$data$$)return $res$$.status(400).send({error:"Thi\u1ebfu c\u00e1c tham s\u1ed1 data"});$bwipjs$$.toBuffer({bcid:$code$$,text:$data$$,scale:3,height:$height_req$$,includetext:!0,textxalign:"center"},function($bufferStream_e$$,$png$$){$bufferStream_e$$?(Logger.error($bufferStream_e$$,$code$$,
55
- $data$$),$res$$.status(400).send({error:$bufferStream_e$$.message||$bufferStream_e$$.error||$bufferStream_e$$})):($bufferStream_e$$=new $stream$$.PassThrough,$bufferStream_e$$.end($png$$),$bufferStream_e$$.pipe($res$$))})})}}$cb$$()};
53
+ $limiter$jscomp$2_limiter$$,function($height_req$$,$res$$){let $code$$=$height_req$$.query.code||"code128",$data$$=$height_req$$.query.data;$height_req$$=Number($height_req$$.query.height||10);if(!$data$$)return $res$$.status(400).send({error:"Thi\u1ebfu c\u00e1c tham s\u1ed1 data"});$bwipjs$$.toBuffer({bcid:$code$$,text:$data$$,scale:3,height:$height_req$$,includetext:!0,textxalign:"center"},function($bufferStream_e$$,$png$$){$bufferStream_e$$?(Logger.error($bufferStream_e$$,$code$$,$data$$),$res$$.status(400).send({error:$bufferStream_e$$.message||
54
+ $bufferStream_e$$.error||$bufferStream_e$$})):($bufferStream_e$$=new $stream$$.PassThrough,$bufferStream_e$$.end($png$$),$bufferStream_e$$.pipe($res$$))})})}}$cb$$()};