npm - nitro-web - Versions diffs - 0.0.29 → 0.0.30 - Mend

nitro-web 0.0.29 → 0.0.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/components/auth/auth.api.js +296 -292
package/components/auth/signup.tsx +2 -2
package/components/billing/stripe.api.js +231 -229
package/components/settings/settings.api.js +40 -40
package/package.json +1 -1
package/server/index.js +1 -1
package/server/models/user.js +1 -1

package/components/auth/auth.api.js CHANGED Viewed

@@ -12,7 +12,6 @@ let config = {}
 const JWT_SECRET = process.env.JWT_SECRET || 'replace_this_with_secure_env_secret'
 export default {
   routes: {
     'get     /api/store': ['store'],
     'get     /api/signout': ['signout'],
@@ -22,336 +21,341 @@ export default {
     'post    /api/reset-password': ['resetPassword'],
     'delete  /api/account/:uid': ['isUser', 'remove'],
   },
+  setup: setup,
+  store: store,
+  signup: signup,
+  signin: signin,
+  signout: signout,
+  resetInstructions: resetInstructions,
+  resetPassword: resetPassword,
+  remove: remove,
+}
-  setup: function (middleware, _config) {
-    const that = this
-    global.passport = passport
-    // Set config values
-    config = { env: _config.env, masterPassword: _config.masterPassword }
-    if (!config.env) throw new Error('Missing config value for: config.env')
-    passport.use(
-      new passportLocal.Strategy(
-        { usernameField: 'email' },
-        async (email, password, next) => {
-          try {
-            const user = await that._findUserFromProvider('email', { email, password })
-            next(null, user)
-          } catch (err) {
-            next(err.message)
-          }
+function setup(middleware, _config) {
+  // Set config values
+  config = { env: _config.env, masterPassword: _config.masterPassword }
+  if (!config.env) throw new Error('Missing config value for: config.env')
+  passport.use(
+    new passportLocal.Strategy(
+      { usernameField: 'email' },
+      async (email, password, next) => {
+        try {
+          const user = await findUserFromProvider({ email }, password)
+          next(null, user)
+        } catch (err) {
+          next(err.message)
         }
-      )
+      }
     )
+  )
-    passport.use(
-      new JwtStrategy(
-        {
-          jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
-          secretOrKey: JWT_SECRET,
-        },
-        async (payload, done) => {
-          try {
-            const user = await that._findUserFromProvider('deserialize', { _id: payload._id })
-            if (!user) return done(null, false)
-            return done(null, user)
-          } catch (err) {
-            return done(err, false)
-          }
+  passport.use(
+    new JwtStrategy(
+      {
+        jwtFromRequest: ExtractJwt.fromAuthHeaderAsBearerToken(),
+        secretOrKey: JWT_SECRET,
+      },
+      async (payload, done) => {
+        try {
+          const user = await findUserFromProvider({ _id: payload._id })
+          if (!user) return done(null, false)
+          return done(null, user)
+        } catch (err) {
+          return done(err, false)
         }
-      )
+      }
     )
+  )
-    middleware.order.splice(3, 0, 'passport', 'passportError', 'jwtAuth', 'blocked')
+  middleware.order.splice(3, 0, 'passport', 'passportError', 'jwtAuth', 'blocked')
-    Object.assign(middleware, {
-      blocked: function (req, res, next) {
-        if (req.user && req.user.loginActive === false) {
-          res.status(403).error('This user is not available.')
-        } else {
-          next()
-        }
-      },
-      jwtAuth: function(req, res, next) {
-        passport.authenticate('jwt', { session: false }, function(err, user) {
-          if (user) req.user = user
-          next()
-        })(req, res, next)
-      },
-      passport: passport.initialize(),
-      passportError: function (err, req, res, next) {
-        if (!err) return next()
-        res.error(err)
-      },
-    })
-  },
-  store: async function (req, res) {
-    res.json(await this._getStore(req.user))
-  },
-  signup: async function (req, res) {
-    try {
-      let user = await this._userCreate(req.body)
-      sendEmail({
-        config: config,
-        template: 'welcome',
-        to: `${util.ucFirst(user.firstName)}<${user.email}>`,
-      }).catch(console.error)
-      res.send(await this._signinAndGetState(user, req.query.desktop))
-    } catch (err) {
+  Object.assign(middleware, {
+    blocked: function (req, res, next) {
+      if (req.user && req.user.loginActive === false) {
+        res.status(403).error('This user is not available.')
+      } else {
+        next()
+      }
+    },
+    jwtAuth: function(req, res, next) {
+      passport.authenticate('jwt', { session: false }, function(err, user) {
+        if (user) req.user = user
+        next()
+      })(req, res, next)
+    },
+    passport: passport.initialize(),
+    passportError: function (err, req, res, next) {
+      if (!err) return next()
       res.error(err)
-    }
-  },
+    },
+  })
+}
-  signin: function (req, res) {
-    if (!req.body.email) return res.error('email', 'The email you entered is incorrect.')
-    if (!req.body.password) return res.error('password', 'The password you entered is incorrect.')
-    passport.authenticate('local', { session: false }, async (err, user, info) => {
-      if (err) return res.error(err)
-      if (!user && info) return res.error('email', info.message)
-      try {
-        const response = await this._signinAndGetState(user, req.query.desktop)
-        res.send(response)
-      } catch (err) {
-        res.error(err)
-      }
-    })(req, res)
-  },
+async function store(req, res) {
+  res.json(await getStore(req.user))
+}
-  signout: function (req, res) {
-    res.json('{}')
-  },
+async function signup(req, res) {
+  try {
+    let user = await userCreate(req.body)
+    sendEmail({
+      config: config,
+      template: 'welcome',
+      to: `${util.ucFirst(user.firstName)}<${user.email}>`,
+    }).catch(console.error)
+    res.send(await signinAndGetState(user, req.query.desktop))
+  } catch (err) {
+    res.error(err)
+  }
+}
-  resetInstructions: async function (req, res) {
-    try {
-      let email = (req.body.email || '').trim().toLowerCase()
-      if (!email || !util.isString(email)) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-      let user = await db.user.findOne({ query: { email }, _privateData: true })
-      if (!user) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-      let resetToken = await this._tokenCreate(user._id)
-      await db.user.update({ query: { email }, $set: { resetToken }})
-      res.json({})
-      sendEmail({
-        config: config,
-        template: 'reset-password',
-        to: `${util.ucFirst(user.firstName)}<${email}>`,
-        data: {
-          token: resetToken + (req.query.hasOwnProperty('desktop') ? '?desktop' : ''),
-        },
-      }).catch(err => console.error('sendEmail(..) mailgun error', err))
-    } catch (err) {
-      res.error(err)
-    }
-  },
+function signin(req, res) {
+  if (!req.body.email) return res.error('email', 'The email you entered is incorrect.')
+  if (!req.body.password) return res.error('password', 'The password you entered is incorrect.')
-  resetPassword: async function (req, res) {
+  passport.authenticate('local', { session: false }, async (err, user, info) => {
+    if (err) return res.error(err)
+    if (!user && info) return res.error('email', info.message)
     try {
-      const { token, password, password2 } = req.body
-      const id = this._tokenParse(token)
-      this._validatePassword(password, password2)
-      let user = await db.user.findOne({ query: id, blacklist: ['-resetToken'], _privateData: true })
-      if (!user || user.resetToken !== token) throw new Error('Sorry your email token is invalid or has already been used.')
-      await db.user.update({
-        query: user._id,
-        data: {
-          password: await (await import('bcrypt')).hash(password, 10),
-          resetToken: '',
-        },
-        blacklist: ['-resetToken', '-password'],
-      })
-      res.send(await this._signinAndGetState({ ...user, resetToken: undefined }, req.query.desktop))
+      const response = await signinAndGetState(user, req.query.desktop)
+      res.send(response)
     } catch (err) {
       res.error(err)
     }
-  },
+  })(req, res)
+}
-  remove: async function (req, res) {
-    try {
-      const uid = db.id(req.params.uid || 'badid')
+function signout(req, res) {
+  res.json('{}')
+}
-      // Get companies owned by user
-      const companyIdsOwned = (await db.company.find({
-        query: { users: { $elemMatch: { _id: uid, role: 'owner' } } },
-        project: { _id: 1 },
-      })).map(o => o._id)
+async function resetInstructions(req, res) {
+  try {
+    let email = (req.body.email || '').trim().toLowerCase()
+    if (!email || !util.isString(email)) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-      // Check for active subscription first...
-      if (req.user.stripeSubscription?.status == 'active') {
-        throw { title: 'subscription', detail: 'You need to cancel your subscription first.' }
-      }
-      if (companyIdsOwned.length) {
-        await db.transaction.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.statement.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.account.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.document.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.contact.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.product.remove({ query: { company: { $in: companyIdsOwned }}})
-        await db.company.remove({ query: { _id: { $in: companyIdsOwned }}})
-      }
-      await db.user.remove({ query: { _id: uid }})
-      // Logout now so that an error doesn't throw when naviating to /signout
-      req.logout()
-      res.send(`User: '${uid}' and companies: '${companyIdsOwned.join(', ')}' removed successfully`)
-    } catch (err) {
-      res.error(err)
-    }
-  },
+    let user = await db.user.findOne({ query: { email }, _privateData: true })
+    if (!user) throw { title: 'email', detail: 'The email you entered is incorrect.' }
-  /* ---- Private fns ---------------- */
+    let resetToken = await tokenCreate(user._id)
+    await db.user.update({ query: { email }, $set: { resetToken }})
-  _getStore: async function (user) {
-    // Initial store
-    return {
-      user: user || undefined,
-    }
-  },
+    res.json({})
+    sendEmail({
+      config: config,
+      template: 'reset-password',
+      to: `${util.ucFirst(user.firstName)}<${email}>`,
+      data: {
+        token: resetToken + (req.query.hasOwnProperty('desktop') ? '?desktop' : ''),
+      },
+    }).catch(err => console.error('sendEmail(..) mailgun error', err))
+  } catch (err) {
+    res.error(err)
+  }
+}
-  _signinAndGetState: async function (user, isDesktop) {
-    if (user.loginActive === false) throw 'This user is not available.'
-    user.desktop = isDesktop
+async function resetPassword(req, res) {
+  try {
+    const { token, password, password2 } = req.body
+    const id = tokenParse(token)
+    await validatePassword(password, password2)
-    const jwt = jsonwebtoken.sign({ _id: user._id }, JWT_SECRET, { expiresIn: '30d' })
-    const store = await this._getStore(user)
-    return { ...store, jwt }
-  },
+    let user = await db.user.findOne({ query: id, blacklist: ['-resetToken'], _privateData: true })
+    if (!user || user.resetToken !== token) throw new Error('Sorry your email token is invalid or has already been used.')
-  _tokenCreate: function (id) {
-    return new Promise((resolve) => {
-      crypto.randomBytes(16, (err, buff) => {
-        let hash = buff.toString('hex') // 32 chars
-        resolve(`${hash}${id || ''}:${Date.now()}`)
-      })
+    await db.user.update({
+      query: user._id,
+      data: {
+        password: await (await import('bcrypt')).hash(password, 10),
+        resetToken: '',
+      },
+      blacklist: ['-resetToken', '-password'],
     })
-  },
+    res.send(await signinAndGetState({ ...user, resetToken: undefined }, req.query.desktop))
+  } catch (err) {
+    res.error(err)
+  }
+}
-  _tokenParse: function (token) {
-    let split = (token  ||  '').split(':')
-    let hash = split[0].slice(0, 32)
-    let userId = split[0].slice(32)
-    let time = split[1]
-    if (!hash || !userId || !time) {
-      throw { title: 'error', detail: 'Sorry your code is invalid.' }
-    } else if (parseFloat(time) + 1000 * 60 * 60 * 24 < Date.now()) {
-      throw { title: 'error', detail: 'Sorry your code has timed out.' }
-    } else {
-      return userId
-    }
-  },
+async function remove(req, res) {
+  try {
+    const uid = db.id(req.params.uid || 'badid')
+    // Get companies owned by user
+    const companyIdsOwned = (await db.company.find({
+      query: { users: { $elemMatch: { _id: uid, role: 'owner' } } },
+      project: { _id: 1 },
+    })).map(o => o._id)
-  _validatePassword: async function (password='', password2) {
-    // let hasLowerChar = password.match(/[a-z]/)
-    // let hasUpperChar = password.match(/[A-Z]/)
-    // let hasNumber = password.match(/\d/)
-    // let hasSymbol = password.match(/\W/)
-    if (!password) {
-      throw [{ title: 'password', detail: 'This field is required.' }]
-    } else if (config.env !== 'development' && password.length < 8) {
-      throw [{ title: 'password', detail: 'Your password needs to be atleast 8 characters long' }]
-      // } else if (!hasLowerChar || !hasUpperChar || !hasNumber || !hasSymbol) {
-      //   throw {
-      //     title: 'password',
-      //     detail: 'You need to include uppercase and lowercase letters, and a number'
-      //   }
-    } else if (typeof password2 != 'undefined' && password !== password2) {
-      throw [{ title: 'password2', detail: 'Your passwords need to match.' }]
+    // Check for active subscription first...
+    if (req.user.stripeSubscription?.status == 'active') {
+      throw { title: 'subscription', detail: 'You need to cancel your subscription first.' }
     }
-  },
+    if (companyIdsOwned.length) {
+      await db.transaction.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.statement.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.account.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.document.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.contact.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.product.remove({ query: { company: { $in: companyIdsOwned }}})
+      await db.company.remove({ query: { _id: { $in: companyIdsOwned }}})
+    }
+    await db.user.remove({ query: { _id: uid }})
+    // Logout now so that an error doesn't throw when naviating to /signout
+    req.logout()
+    res.send(`User: '${uid}' and companies: '${companyIdsOwned.join(', ')}' removed successfully`)
+  } catch (err) {
+    res.error(err)
+  }
+}
-  _userCreate: async function ({ name, business, email, password }) {
-    try {
-      const options = { skipValidation: ['business.address', 'tax'], blacklist: ['-_id'] }
-      const userId = db.id()
-      const companyData = {
-        _id: db.id(),
-        business: business,
-        email: email,
-        users: [{ _id: userId, role: 'owner', status: 'active' }],
-      }
-      const userData = {
-        _id: userId,
-        company: companyData._id,
-        email: email,
-        firstName: util.fullNameSplit(name)[0],
-        lastName: util.fullNameSplit(name)[1],
-        password: await (await import('bcrypt')).hash(password || 'temp', 10),
-      }
+/* ---- Private fns ---------------- */
-      // First validate the data so we don't have to create a transaction
-      const results = await Promise.allSettled([
-        db.user.validate(userData, options),
-        db.company.validate(companyData, options),
-        this._validatePassword(password),
-      ])
+async function getStore(user) {
+  // Initial store
+  return {
+    user: user || undefined,
+  }
+}
-      // Throw all the errors from at once
-      const errors = results.filter(o => o.status == 'rejected').reduce((acc, o) => {
-        if (util.isArray(o.reason)) acc.push(...o.reason)
-        else throw o.reason
-        return acc
-      }, [])
-      if (errors.length) throw errors
+export async function signinAndGetState(user, isDesktop) {
+  if (user.loginActive === false) throw 'This user is not available.'
+  user.desktop = isDesktop
-      // Insert company & user
-      await db.user.insert({ data: userData, ...options })
-      await db.company.insert({ data: companyData, ...options })
+  const jwt = jsonwebtoken.sign({ _id: user._id }, JWT_SECRET, { expiresIn: '30d' })
+  const store = await getStore(user)
+  return { ...store, jwt }
+}
-      // Return the user
-      return await this._findUserFromProvider('deserialize', { _id: userId })
+function tokenCreate(id) {
+  return new Promise((resolve) => {
+    crypto.randomBytes(16, (err, buff) => {
+      let hash = buff.toString('hex') // 32 chars
+      resolve(`${hash}${id || ''}:${Date.now()}`)
+    })
+  })
+}
-    } catch (err) {
-      if (!util.isArray(err)) throw err
-      throw err.map((o) => {
-        if (o.title == 'firstName') o.title = 'name'
-        return o
-      })
+function tokenParse(token) {
+  let split = (token  ||  '').split(':')
+  let hash = split[0].slice(0, 32)
+  let userId = split[0].slice(32)
+  let time = split[1]
+  if (!hash || !userId || !time) {
+    throw { title: 'error', detail: 'Sorry your code is invalid.' }
+  } else if (parseFloat(time) + 1000 * 60 * 60 * 24 < Date.now()) {
+    throw { title: 'error', detail: 'Sorry your code has timed out.' }
+  } else {
+    return userId
+  }
+}
+async function validatePassword(password='', password2) {
+  // let hasLowerChar = password.match(/[a-z]/)
+  // let hasUpperChar = password.match(/[A-Z]/)
+  // let hasNumber = password.match(/\d/)
+  // let hasSymbol = password.match(/\W/)
+  if (!password) {
+    throw [{ title: 'password', detail: 'This field is required.' }]
+  } else if (config.env !== 'development' && password.length < 8) {
+    throw [{ title: 'password', detail: 'Your password needs to be atleast 8 characters long' }]
+    // } else if (!hasLowerChar || !hasUpperChar || !hasNumber || !hasSymbol) {
+    //   throw {
+    //     title: 'password',
+    //     detail: 'You need to include uppercase and lowercase letters, and a number'
+    //   }
+  } else if (typeof password2 != 'undefined' && password !== password2) {
+    throw [{ title: 'password2', detail: 'Your passwords need to match.' }]
+  }
+}
+export async function userCreate({ name, businessName, email, password }) {
+  try {
+    const options = { blacklist: ['-_id'] }
+    const userId = db.id()
+    const companyData = {
+      _id: db.id(),
+      business: { name: businessName },
+      users: [{ _id: userId, role: 'owner', status: 'active' }],
+    }
+    const userData = {
+      _id: userId,
+      company: companyData._id,
+      email: email,
+      firstName: util.fullNameSplit(name)[0],
+      lastName: util.fullNameSplit(name)[1],
+      password: password ? await (await import('bcrypt')).hash(password, 10) : undefined,
     }
-  },
-  _findUserFromProvider: async function (type, { _id, email, password }) {
-    /**
-     * Find user for state (and verify password if signing in with email)
-     * @param {string} type - 'deserialize' or 'email' (jwt, google, etc)
-     * @param {string} data - req.data
-     */
-    const user = await db.user.findOne({
-      query: type == 'email' ? { email } : _id,
-      blacklist: ['-password'],
-      populate: db.user.loginPopulate(),
+    // First validate the data so we don't have to create a transaction
+    const results = await Promise.allSettled([
+      db.user.validate(userData, options),
+      db.company.validate(companyData, options),
+      typeof password === 'undefined' ? Promise.resolve() : validatePassword(password),
+    ])
+    // Throw all the errors from at once
+    const errors = results.filter(o => o.status == 'rejected').reduce((acc, o) => {
+      if (util.isArray(o.reason)) acc.push(...o.reason)
+      else throw o.reason
+      return acc
+    }, [])
+    if (errors.length) throw errors
+    // Insert company & user
+    await db.user.insert({ data: userData, ...options })
+    await db.company.insert({ data: companyData, ...options })
+    // Return the user
+    return await findUserFromProvider({ _id: userId })
+  } catch (err) {
+    if (!util.isArray(err)) throw err
+    throw err.map((o) => {
+      if (o.title == 'firstName') o.title = 'name'
+      return o
+    })
+  }
+}
+export async function findUserFromProvider(query, passwordToTest) {
+  /**
+   * Find user for state (and verify password if signing in with email)
+   * @param {object} query - e.g. { email: 'test@test.com' }
+   * @param {string} <passwordToTest> - password to test
+   */
+  const testPassword = arguments.length > 1
+  const user = await db.user.findOne({
+    query: query,
+    blacklist: ['-password'],
+    populate: db.user.loginPopulate(),
+    _privateData: true,
+  })
+  if (user?.company) {
+    user.company = await db.company.findOne({
+      query: user.company,
+      populate: db.company.loginPopulate(),
       _privateData: true,
     })
-    if (user?.company) {
-      user.company = await db.company.findOne({
-        query: user.company,
-        populate: db.company.loginPopulate(),
-        _privateData: true,
-      })
-    }
-    if (!user) {
-      throw new Error(type == 'email' ? 'Email or password is incorrect.' : 'Session user is invalid.')
-    } else if (!user.company) {
-      throw new Error('The current company is no longer associated with this user')
-    } else if (user.company.status != 'active') {
-      throw new Error('This user is not associated with an active company')
-    } else {
-      if (type == 'email') {
-        const match = await (await import('bcrypt')).compare(password, user.password || 'no-pass')
-        if (!match && !(config.masterPassword && password == config.masterPassword)) {
-          throw new Error('Email or password is incorrect.')
-        }
+  }
+  if (!user) {
+    throw new Error(testPassword ? 'Email or password is incorrect.' : 'Session-user is invalid.')
+  } else if (!user.company) {
+    throw new Error('The current company is no longer associated with this user')
+  } else if (user.company.status != 'active') {
+    throw new Error('This user is not associated with an active company')
+  } else {
+    if (testPassword) {
+      const match = user.password ? await (await import('bcrypt')).compare(passwordToTest, user.password) : false
+      if (!match && !(config.masterPassword && passwordToTest == config.masterPassword)) {
+        throw new Error('Email or password is incorrect.')
       }
-      // Successful return user
-      delete user.password
-      return user
     }
-  },
+    // Successful return user
+    delete user.password
+    return user
+  }
 }

package/components/auth/signup.tsx CHANGED Viewed

@@ -35,8 +35,8 @@ export function Signup() {
             <Field name="name" placeholder="E.g. Bruce Wayne" state={state} onChange={onChange.bind(setState)} />
           </div>
           <div>
-            <label for="business.name">Company Name</label>
-            <Field name="business.name" placeholder="E.g. Wayne Enterprises" state={state} onChange={onChange.bind(setState)} />
+            <label for="businessName">Company Name</label>
+            <Field name="businessName" placeholder="E.g. Wayne Enterprises" state={state} onChange={onChange.bind(setState)} />
           </div>
         </div>
         <div>

package/components/billing/stripe.api.js CHANGED Viewed

@@ -13,256 +13,258 @@ export default {
     'post   /api/stripe/create-billing-portal-session': ['isUser', 'billingPortalSessionCreate'],
     'get    /api/stripe/upcoming-invoices': ['isUser', 'upcomingInvoicesFind'],
   },
+  setup: setup,
+  stripeWebhook: stripeWebhook,
+  billingPortalSessionCreate: billingPortalSessionCreate,
+  upcomingInvoicesFind: upcomingInvoicesFind,
+}
-  setup: function (middleware, _config) {
-    // Set config values
-    config = {
-      env: _config.env,
-      clientUrl: _config.clientUrl,
-      stripeSecretKey: _config.stripeSecretKey,
-      stripeWebhookSecret: _config.stripeWebhookSecret,
-    }
-    for (let key in config) {
-      if (!config[key]) {
-        throw new Error(`Missing config value for stripe.api.js: ${key}`)
-      }
-    }
-    stripe = new Stripe(config.stripeSecretKey)
-  },
-  stripeWebhook: async function (req, res) {
-    try {
-      var event = config.env == 'development' ? req.body : stripe.webhooks.constructEvent(
-        req.rawBody,
-        req.rawHeaders['stripe-signature'],
-        config.stripeWebhookSecret
-      )
-    } catch (err) {
-      if (err && err.message) console.log(err.message)
-      else console.log(err)
-      return res.error(err)
+function setup(middleware, _config) {
+  // Set config values
+  config = {
+    env: _config.env,
+    clientUrl: _config.clientUrl,
+    stripeSecretKey: _config.stripeSecretKey,
+    stripeWebhookSecret: _config.stripeWebhookSecret,
+  }
+  for (let key in config) {
+    if (!config[key]) {
+      throw new Error(`Missing config value for stripe.api.js: ${key}`)
     }
+  }
+  stripe = new Stripe(config.stripeSecretKey)
+}
-    if (!event.data || !event.data.object) {
-      return res.status(400).send(`Missing webhook data: ${event}.`)
-    }
+async function stripeWebhook(req, res) {
+  try {
+    var event = config.env == 'development' ? req.body : stripe.webhooks.constructEvent(
+      req.rawBody,
+      req.rawHeaders['stripe-signature'],
+      config.stripeWebhookSecret
+    )
+  } catch (err) {
+    if (err && err.message) console.log(err.message)
+    else console.log(err)
+    return res.error(err)
+  }
-    // useful for cleaning failed webhooks
-    if (req.query.success) return true
-    // console.log('event.type: ', event.type)
+  if (!event.data || !event.data.object) {
+    return res.status(400).send(`Missing webhook data: ${event}.`)
+  }
-    // Stripe cannot guarantee event order
-    switch (event.type) {
-      case 'customer.subscription.created':
-      case 'customer.subscription.updated':
-      case 'customer.subscription.deleted':
-        // Subscriptions can be renewed which resurrects cancelled subscriptions.. ignore this
-        console.log('Event: ' + event.type)
-        this._webhookSubUpdated(req, res, event)
-        break
-      case 'customer.created': // customer created by subscribing
-      case 'customer.updated': // payment method changes
-        console.log('Event: ' + event.type)
-        this._webhookCustomerCreatedUpdated(req, res, event)
-        break
-      default:
-        res.status(400).send(`Unsupported type: ${event}.`)
-        break
-    }
-  },
+  // useful for cleaning failed webhooks
+  if (req.query.success) return true
+  // console.log('event.type: ', event.type)
-  billingPortalSessionCreate: async function (req, res) {
-    try {
-      if (!req.user.stripeCustomer?.id) {
-        throw new Error('No stripe customer found for the user')
-      }
-      const session = await stripe.billingPortal.sessions.create({
-        customer: req.user.stripeCustomer.id,
-        return_url: config.clientUrl + '/subscriptions',
-      })
-      res.json(session.url)
-    } catch (err) {
-      this._error(req, res, err)
-    }
-  },
+  // Stripe cannot guarantee event order
+  switch (event.type) {
+    case 'customer.subscription.created':
+    case 'customer.subscription.updated':
+    case 'customer.subscription.deleted':
+      // Subscriptions can be renewed which resurrects cancelled subscriptions.. ignore this
+      console.log('Event: ' + event.type)
+      webhookSubUpdated(req, res, event)
+      break
+    case 'customer.created': // customer created by subscribing
+    case 'customer.updated': // payment method changes
+      console.log('Event: ' + event.type)
+      webhookCustomerCreatedUpdated(req, res, event)
+      break
+    default:
+      res.status(400).send(`Unsupported type: ${event}.`)
+      break
+  }
+}
-  upcomingInvoicesFind: async function (req, res) {
-    try {
-      if (!req.user.stripeCustomer?.id) return res.json({})
-      const nextInvoice = await stripe.invoices.retrieveUpcoming({
-        customer: req.user.stripeCustomer.id,
-      })
-      res.json(nextInvoice)
-    } catch (err) {
-      if (err.code == 'invoice_upcoming_none') return res.json({})
-      this._error(req, res, err)
+async function billingPortalSessionCreate(req, res) {
+  try {
+    if (!req.user.stripeCustomer?.id) {
+      throw new Error('No stripe customer found for the user')
     }
-  },
-  /* Private webhook actions */
+    const session = await stripe.billingPortal.sessions.create({
+      customer: req.user.stripeCustomer.id,
+      return_url: config.clientUrl + '/subscriptions',
+    })
+    res.json(session.url)
+  } catch (err) {
+    error(req, res, err)
+  }
+}
-  _webhookCustomerCreatedUpdated: async function (req, res, event) {
-    try {
-      const customer = event.data.object
-      const user = await this._getUserFromEvent(event)
-      const customerExpanded = await stripe.customers.retrieve(
-        customer.id,
-        { expand: ['invoice_settings.default_payment_method'] }
-      )
-      await db.user.update({
-        query: user._id,
-        data: { stripeCustomer: customerExpanded },
-        blacklist: ['-stripeCustomer'],
-      })
-      res.json({})
-    } catch (err) {
-      console.log(err)
-      this._error(req, res, err)
-    }
-  },
+async function upcomingInvoicesFind(req, res) {
+  try {
+    if (!req.user.stripeCustomer?.id) return res.json({})
+    const nextInvoice = await stripe.invoices.retrieveUpcoming({
+      customer: req.user.stripeCustomer.id,
+    })
+    res.json(nextInvoice)
+  } catch (err) {
+    if (err.code == 'invoice_upcoming_none') return res.json({})
+    error(req, res, err)
+  }
+}
-  _webhookSubUpdated: async function (req, res, event) {
-    // Update the subscription on the company
-    try {
-      const subData = event.data.object
-       // webhook from deleting a company?
-      if (subData.cancellation_details.comment == 'company deleted') {
-        return res.json({})
-      }
+/* Private webhook actions */
-      const user = await this._getUserFromEvent(event)
-      if (!user.company) {
-        throw new Error(`Subscription user has no company to update the subscription (${subData.id}) onto`)
-      }
+async function webhookCustomerCreatedUpdated(req, res, event) {
+  try {
+    const customer = event.data.object
+    const user = await getUserFromEvent(event)
+    const customerExpanded = await stripe.customers.retrieve(
+      customer.id,
+      { expand: ['invoice_settings.default_payment_method'] }
+    )
+    await db.user.update({
+      query: user._id,
+      data: { stripeCustomer: customerExpanded },
+      blacklist: ['-stripeCustomer'],
+    })
+    res.json({})
+  } catch (err) {
+    console.log(err)
+    error(req, res, err)
+  }
+}
-      // Ignoring incomplete subscriptions
-      if (subData.status.match(/incomplete/)) {
-        return res.json({})
-      // Ignoring subscriptions without companyId (e.g. manual subscriptions)
-      } else if (!subData.metadata.companyId) {
-        return res.json({ ignoringManualSubscriptions: true })
-      // Ignoring old subscriptions
-      } else if (subData.created < (user.company.stripeSubscription?.created || 0)) {
-        return res.json({ ignoringOldSubscriptions: true })
-      }
-      // Update company with the updated subscription and users
-      const sub = await stripe.subscriptions.retrieve(
-        subData.id,
-        { expand: ['latest_invoice.payment_intent'] }
-      )
-      await db.company.update({
-        query: user.company._id,
-        data: { stripeSubscription: sub, users: user.company.users },
-        blacklist: ['-stripeSubscription', '-users'],
-      })
-      res.json({})
-    } catch (err) {
-      console.error(err)
-      this._error(req, res, err)
+async function webhookSubUpdated(req, res, event) {
+  // Update the subscription on the company
+  try {
+    const subData = event.data.object
+      // webhook from deleting a company?
+    if (subData.cancellation_details.comment == 'company deleted') {
+      return res.json({})
     }
-  },
-  /* Private */
-  _getUserFromEvent: async function (event) {
-    // User retreived from the event's customer.
-    // The customer is created before the paymentIntent and subscriptionIntent is set up
-    let object = event.data.object
-    let customerId = object.object == 'customer'? object.id : object.customer
-    if (customerId) {
-      var user = await db.user.findOne({
-        query: { 'stripeCustomer.id': customerId },
-        populate: db.user.populate({}),
-        blacklist: false, // ['-company.users.inviteToken'],
-      })
+    const user = await getUserFromEvent(event)
+    if (!user.company) {
+      throw new Error(`Subscription user has no company to update the subscription (${subData.id}) onto`)
     }
-    if (!user) {
-      await db.log.insert({ data: {
-        date: Date.now(),
-        event: event.type,
-        message: `Cannot find user with id: ${customerId}.`,
-      }})
-      throw new Error(`Cannot find user with id: ${customerId}.`)
-    }
-    // populate company owner with user data (handy for _addSubscriptionBillingChange)
-    if (user.company?.users) {
-      user.company.users = user.company.users.map(o => {
-        if (o.role == 'owner' && o._id.toString() == user._id.toString()) {
-          o.firstName = user.firstName
-          o.name = user.name
-          o.email = user.email
-        }
-        return o
-      })
+    // Ignoring incomplete subscriptions
+    if (subData.status.match(/incomplete/)) {
+      return res.json({})
+    // Ignoring subscriptions without companyId (e.g. manual subscriptions)
+    } else if (!subData.metadata.companyId) {
+      return res.json({ ignoringManualSubscriptions: true })
+    // Ignoring old subscriptions
+    } else if (subData.created < (user.company.stripeSubscription?.created || 0)) {
+      return res.json({ ignoringOldSubscriptions: true })
     }
-    return user
-  },
+    // Update company with the updated subscription and users
+    const sub = await stripe.subscriptions.retrieve(
+      subData.id,
+      { expand: ['latest_invoice.payment_intent'] }
+    )
+    await db.company.update({
+      query: user.company._id,
+      data: { stripeSubscription: sub, users: user.company.users },
+      blacklist: ['-stripeSubscription', '-users'],
+    })
+    res.json({})
+  } catch (err) {
+    console.error(err)
+    error(req, res, err)
+  }
+}
-  _getProducts: async function () {
-    /**
-     * Returns all products and caches it on the app
-     * @returns {Array} products
-     */
-    try {
-      if (stripeProducts) return stripeProducts
-      if (!config.stripeSecretKey) {
-        stripeProducts = []
-        throw new Error('Missing process.env.stripeSecretKey for retrieving products')
+async function getUserFromEvent(event) {
+  // User retreived from the event's customer.
+  // The customer is created before the paymentIntent and subscriptionIntent is set up
+  let object = event.data.object
+  let customerId = object.object == 'customer'? object.id : object.customer
+  if (customerId) {
+    var user = await db.user.findOne({
+      query: { 'stripeCustomer.id': customerId },
+      populate: db.user.populate({}),
+      blacklist: false, // ['-company.users.inviteToken'],
+    })
+  }
+  if (!user) {
+    await db.log.insert({ data: {
+      date: Date.now(),
+      event: event.type,
+      message: `Cannot find user with id: ${customerId}.`,
+    }})
+    throw new Error(`Cannot find user with id: ${customerId}.`)
+  }
+  // populate company owner with user data (handy for _addSubscriptionBillingChange)
+  if (user.company?.users) {
+    user.company.users = user.company.users.map(o => {
+      if (o.role == 'owner' && o._id.toString() == user._id.toString()) {
+        o.firstName = user.firstName
+        o.name = user.name
+        o.email = user.email
       }
+      return o
+    })
+  }
+  return user
+}
-      let products = (await stripe.products.list({ limit: 100, active: true })).data
-      let prices = (await stripe.prices.list({ limit: 100, active: true, expand: ['data.tiers'] })).data
-      return (stripeProducts = products.map((product) => ({
-        // remove default_price when new pricing is ready
-        ...util.pick(product, ['id', 'created', 'default_price', 'description', 'name', 'metadata']),
-        type: product.name.match(/housing/i) ? 'project' : 'subscription', // overwriting, was 'service'
-        prices: prices
-          .filter((price) => price.product == product.id)
-          .map((price) => ({
-            ...util.pick(price, ['id', 'product', 'nickname', 'recurring', 'unit_amount', 'tiers', 'tiers_mode']),
-            interval: price.recurring?.interval, // 'year', 'month', undefined
-          })),
-      })))
-    } catch (err) {
-      console.error(new Error(err)) // when stripe throws errors, the callstack is missing.
-      return []
+export async function getProducts() {
+  /**
+   * Returns all products and caches it on the app
+   * @returns {Array} products
+   */
+  try {
+    if (stripeProducts) return stripeProducts
+    if (!config.stripeSecretKey) {
+      stripeProducts = []
+      throw new Error('Missing process.env.stripeSecretKey for retrieving products')
     }
-  },
-  _createOrUpdateCustomer: async function (user, paymentMethod=null) {
-    /**
-     * Creates or updates a stripe customer and saves it to the user
-     * @param {Object} user - user
-     * @param {String} paymentMethod - stripe payment method id to save to the customer
-     * @called before paymentIntent and subscriptionIntent, and after completion with paymentMethod
-     * @returns mutates user
-     */
-    const data = {
-      email: user.email,
-      name: user.name,
-      address: { country: 'NZ' },
-      ...(!paymentMethod ? {} : { invoice_settings: { default_payment_method: paymentMethod }}),
-      expand: ['invoice_settings.default_payment_method', 'tax'], // expands card object
-    }
-    if (user.stripeCustomer) var customer = await stripe.customers.update(user.stripeCustomer.id, data)
-    else customer = await stripe.customers.create({ ...data })
+    let products = (await stripe.products.list({ limit: 100, active: true })).data
+    let prices = (await stripe.prices.list({ limit: 100, active: true, expand: ['data.tiers'] })).data
-    user.stripeCustomer = customer
-    await db.user.update({
-      query: user._id,
-      data: { stripeCustomer: customer },
-      blacklist: ['-stripeCustomer'],
-    })
-  },
+    return (stripeProducts = products.map((product) => ({
+      // remove default_price when new pricing is ready
+      ...util.pick(product, ['id', 'created', 'default_price', 'description', 'name', 'metadata']),
+      type: product.name.match(/housing/i) ? 'project' : 'subscription', // overwriting, was 'service'
+      prices: prices
+        .filter((price) => price.product == product.id)
+        .map((price) => ({
+          ...util.pick(price, ['id', 'product', 'nickname', 'recurring', 'unit_amount', 'tiers', 'tiers_mode']),
+          interval: price.recurring?.interval, // 'year', 'month', undefined
+        })),
+    })))
+  } catch (err) {
+    console.error(new Error(err)) // when stripe throws errors, the callstack is missing.
+    return []
+  }
+}
-  _error: async function (req, res, err) {
-    if (err && err.response && err.response.body) console.log(err.response.body)
-    if (util.isString(err) && err.match(/Cannot find company with id/)) {
-      res.json({ user: 'no company found' })
-    } else res.error(err)
-  },
+// async function createOrUpdateCustomer(user, paymentMethod=null) {
+//   /**
+//    * Creates or updates a stripe customer and saves it to the user
+//    * @param {Object} user - user
+//    * @param {String} paymentMethod - stripe payment method id to save to the customer
+//    * @called before paymentIntent and subscriptionIntent, and after completion with paymentMethod
+//    * @returns mutates user
+//    */
+//   const data = {
+//     email: user.email,
+//     name: user.name,
+//     address: { country: 'NZ' },
+//     ...(!paymentMethod ? {} : { invoice_settings: { default_payment_method: paymentMethod }}),
+//     expand: ['invoice_settings.default_payment_method', 'tax'], // expands card object
+//   }
+//   if (user.stripeCustomer) var customer = await stripe.customers.update(user.stripeCustomer.id, data)
+//   else customer = await stripe.customers.create({ ...data })
+//   user.stripeCustomer = customer
+//   await db.user.update({
+//     query: user._id,
+//     data: { stripeCustomer: customer },
+//     blacklist: ['-stripeCustomer'],
+//   })
+// }
+async function error(req, res, err) {
+  if (err && err.response && err.response.body) console.log(err.response.body)
+  if (util.isString(err) && err.match(/Cannot find company with id/)) {
+    res.json({ user: 'no company found' })
+  } else res.error(err)
 }

package/components/settings/settings.api.js CHANGED Viewed

@@ -2,54 +2,54 @@
 import db from 'monastery'
 export default {
   routes: {
     'put  /api/company/:cid': ['isCompanyUser', 'update'],
     'put  /api/user/:uid': ['isUser', 'updateUser'],
   },
+  update: update,
+  updateUser: updateUser,
+}
-  update: async function(req, res) {
-    try {
-      const update = await db.company.update({
-        query: req.params.cid,
-        data: req.body,
-        files: req.query.files ? req.files : undefined,
-      })
-      if (!update) {
-        throw new Error('Coudln\'t find the company to update')
-      }
-      const company = await db.company.findOne({
-        query: req.params.cid,
-        populate: db.company.loginPopulate(),
-        _privateData: true,
-      })
-      res.json(company)
-    } catch (errs) {
-      res.error(errs)
+async function update(req, res) {
+  try {
+    const update = await db.company.update({
+      query: req.params.cid,
+      data: req.body,
+      files: req.query.files ? req.files : undefined,
+    })
+    if (!update) {
+      throw new Error('Coudln\'t find the company to update')
     }
-  },
+    const company = await db.company.findOne({
+      query: req.params.cid,
+      populate: db.company.loginPopulate(),
+      _privateData: true,
+    })
+    res.json(company)
-  updateUser: async function(req, res) {
-    try {
-      const update = await db.user.update({
-        query: req.params.uid,
-        data: req.body,
-        files: req.query.files ? req.files : undefined,
-      })
-      if (!update) {
-        throw new Error('Coudln\'t find the user to update')
-      }
-      const user = await db.user.findOne({
-        query: req.params.uid,
-        _privateData: true,
-        blacklist: ['company'], // don't return the company id
-      })
-      res.json(user)
+  } catch (errs) {
+    res.error(errs)
+  }
+}
-    } catch (errs) {
-      res.error(errs)
+async function updateUser(req, res) {
+  try {
+    const update = await db.user.update({
+      query: req.params.uid,
+      data: req.body,
+      files: req.query.files ? req.files : undefined,
+    })
+    if (!update) {
+      throw new Error('Coudln\'t find the user to update')
     }
-  },
+    const user = await db.user.findOne({
+      query: req.params.uid,
+      _privateData: true,
+      blacklist: ['company'], // don't return the company id
+    })
+    res.json(user)
+  } catch (errs) {
+    res.error(errs)
+  }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nitro-web",
-  "version": "0.0.29",
+  "version": "0.0.30",
   "repository": "github:boycce/nitro-web",
   "homepage": "https://boycce.github.io/nitro-web/",
   "description": "Nitro is a battle-tested, modular base project to turbocharge your projects, styled using Tailwind 🚀",

package/server/index.js CHANGED Viewed

@@ -19,6 +19,6 @@ export { setupRouter } from './router.js'
 export { sendEmail } from './email/index.js'
 // Export api default controllers
-export { default as auth } from '../components/auth/auth.api.js'
+export { default as auth, findUserFromProvider, signinAndGetState, userCreate } from '../components/auth/auth.api.js'
 export { default as settings } from '../components/settings/settings.api.js'
 export { default as stripe } from '../components/billing/stripe.api.js'

package/server/models/user.js CHANGED Viewed

@@ -9,7 +9,7 @@ export default {
     email: { type: 'email', required: true, index: 'unique' },
     firstName: { type: 'string', required: true },
     lastName: { type: 'string' },
-    password: { type: 'string', minLength: 6, required: true },
+    password: { type: 'string', minLength: 6 },
     resetToken: { type: 'string' },
     status: { type: 'string', default: 'active', enum: ['active', 'deleted', 'inactive'] },
     stripeCustomer: { type: 'any' },