underpost 2.8.86 → 2.8.88

package/src/api/document/document.controller.js

@@ -0,0 +1,66 @@
+import { loggerFactory } from '../../server/logger.js';
+import { DocumentService } from './document.service.js';
+const logger = loggerFactory(import.meta);
+
+const DocumentController = {
+  post: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await DocumentService.post(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  get: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await DocumentService.get(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  delete: async (req, res, options) => {
+    try {
+      const result = await DocumentService.delete(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  put: async (req, res, options) => {
+    try {
+      const result = await DocumentService.put(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+};
+
+export { DocumentController };

package/src/api/document/document.model.js

@@ -0,0 +1,51 @@
+import { Schema, model, Types } from 'mongoose';
+
+// https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
+
+const DocumentSchema = new Schema(
+  {
+    userId: {
+      type: Schema.Types.ObjectId,
+      ref: 'User',
+    },
+    location: { type: String },
+    title: { type: String },
+    tags: [{ type: String }],
+    fileId: {
+      type: Schema.Types.ObjectId,
+      ref: 'File',
+    },
+    mdFileId: {
+      type: Schema.Types.ObjectId,
+      ref: 'File',
+    },
+  },
+  {
+    timestamps: true,
+  },
+);
+
+const DocumentModel = model('Document', DocumentSchema);
+
+const ProviderSchema = DocumentSchema;
+
+const DocumentDto = {
+  populate: {
+    file: () => {
+      return {
+        path: 'fileId',
+        model: 'File',
+        select: '_id name mimetype',
+      };
+    },
+    user: () => {
+      return {
+        path: 'userId',
+        model: 'User',
+        select: '_id email username',
+      };
+    },
+  },
+};
+
+export { DocumentSchema, DocumentModel, ProviderSchema, DocumentDto };

package/src/api/document/document.router.js

@@ -0,0 +1,24 @@
+import { loggerFactory } from '../../server/logger.js';
+import { DocumentController } from './document.controller.js';
+import express from 'express';
+import fs from 'fs-extra';
+const logger = loggerFactory(import.meta);
+
+const DocumentRouter = (options) => {
+  const router = express.Router();
+  const authMiddleware = options.authMiddleware;
+  router.post(`/:id`, authMiddleware, async (req, res) => await DocumentController.post(req, res, options));
+  router.post(`/`, authMiddleware, async (req, res) => await DocumentController.post(req, res, options));
+  router.get(`/public`, async (req, res) => await DocumentController.get(req, res, options));
+  router.get(`/:id`, authMiddleware, async (req, res) => await DocumentController.get(req, res, options));
+  router.get(`/`, authMiddleware, async (req, res) => await DocumentController.get(req, res, options));
+  router.put(`/:id`, authMiddleware, async (req, res) => await DocumentController.put(req, res, options));
+  router.put(`/`, authMiddleware, async (req, res) => await DocumentController.put(req, res, options));
+  router.delete(`/:id`, authMiddleware, async (req, res) => await DocumentController.delete(req, res, options));
+  router.delete(`/`, authMiddleware, async (req, res) => await DocumentController.delete(req, res, options));
+  return router;
+};
+
+const ApiRouter = DocumentRouter;
+
+export { ApiRouter, DocumentRouter };

package/src/api/document/document.service.js

@@ -0,0 +1,125 @@
+import { loggerFactory } from '../../server/logger.js';
+import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { DocumentDto } from './document.model.js';
+import { uniqueArray } from '../../client/components/core/CommonJs.js';
+import { getBearerToken, verifyJWT } from '../../server/auth.js';
+import { isValidObjectId } from 'mongoose';
+
+const logger = loggerFactory(import.meta);
+
+const DocumentService = {
+  post: async (req, res, options) => {
+    /** @type {import('./document.model.js').DocumentModel} */
+    const Document = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Document;
+
+    switch (req.params.id) {
+      default:
+        req.body.userId = req.auth.user._id;
+        return await new Document(req.body).save();
+    }
+  },
+  get: async (req, res, options) => {
+    /** @type {import('./document.model.js').DocumentModel} */
+    const Document = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Document;
+    /** @type {import('../user/user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
+
+    if (req.path.startsWith('/public') && req.query['tags']) {
+      const publisherUsers = await User.find({ $or: [{ role: 'admin' }, { role: 'moderator' }] });
+
+      const token = getBearerToken(req);
+      let user;
+      if (token) user = verifyJWT(token, options);
+
+      const queryPayload = {
+        userId: {
+          $in: publisherUsers.map((p) => p._id).concat(user?.role && user.role !== 'guest' ? [user._id] : []),
+        },
+        tags: {
+          // $in: uniqueArray(['public'].concat(req.query['tags'].split(','))),
+          $all: uniqueArray(['public'].concat(req.query['tags'].split(','))),
+        },
+        ...(req.query.cid
+          ? {
+              _id: {
+                $in: req.query.cid.split(',').filter((cid) => isValidObjectId(cid)),
+              },
+            }
+          : undefined),
+      };
+      logger.info('queryPayload', queryPayload);
+      // sort in descending (-1) order by length
+      const sort = { createdAt: -1 };
+      const limit = req.query.limit ? parseInt(req.query.limit, 10) : 6;
+      const skip = req.query.skip ? parseInt(req.query.skip, 10) : 0;
+
+      return await Document.find(queryPayload)
+        .sort(sort)
+        .limit(limit)
+        .skip(skip)
+        .populate(DocumentDto.populate.file())
+        .populate(user && user.role !== 'guest' ? DocumentDto.populate.user() : null);
+    }
+
+    switch (req.params.id) {
+      default:
+        return await Document.find({
+          userId: req.auth.user._id,
+          ...(req.params.id ? { _id: req.params.id } : undefined),
+        }).populate(DocumentDto.populate.file());
+    }
+  },
+  delete: async (req, res, options) => {
+    /** @type {import('./document.model.js').DocumentModel} */
+    const Document = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Document;
+    /** @type {import('../file/file.model.js').FileModel} */
+    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
+
+    switch (req.params.id) {
+      default: {
+        const document = await Document.findOne({ _id: req.params.id });
+        if (!document) throw new Error('document not found');
+
+        if (document.userId.toString() !== req.auth.user._id) throw new Error('invalid user');
+
+        if (document.mdFileId) {
+          const file = await File.findOne({ _id: document.mdFileId });
+          if (file) await File.findByIdAndDelete(document.mdFileId);
+        }
+
+        if (document.fileId) {
+          const file = await File.findOne({ _id: document.fileId });
+          if (file) await File.findByIdAndDelete(document.fileId);
+        }
+
+        return await Document.findByIdAndDelete(req.params.id);
+      }
+    }
+  },
+  put: async (req, res, options) => {
+    /** @type {import('./document.model.js').DocumentModel} */
+    const Document = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Document;
+    /** @type {import('../file/file.model.js').FileModel} */
+    const File = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.File;
+
+    switch (req.params.id) {
+      default: {
+        const document = await Document.findOne({ _id: req.params.id });
+        if (!document) throw new Error(`Document not found`);
+
+        if (document.mdFileId) {
+          const file = await File.findOne({ _id: document.mdFileId });
+          if (file) await File.findByIdAndDelete(document.mdFileId);
+        }
+
+        if (document.fileId) {
+          const file = await File.findOne({ _id: document.fileId });
+          if (file) await File.findByIdAndDelete(document.fileId);
+        }
+        return await Document.findByIdAndUpdate(req.params.id, req.body);
+      }
+    }
+  },
+};
+
+export { DocumentService };

package/src/api/file/file.controller.js

@@ -20,7 +20,21 @@ const FileController = {
   get: async (req, res, options) => {
     try {
       const result = await FileService.get(req, res, options);
-      if (result instanceof Buffer) return res.status(200).end(result);
+      if (result instanceof Buffer) {
+        if (
+          process.env.NODE_ENV === 'development' ||
+          req.hostname === options.host ||
+          (options.origins && options.origins.find((o) => o.match(req.hostname)))
+        ) {
+          res.set('Cross-Origin-Resource-Policy', 'cross-origin');
+          return res.status(200).end(result);
+        }
+        return res.status(403).json({
+          status: 'error',
+          message: 'Forbidden',
+        });
+      }
+
       return res.status(200).json({
         status: 'success',
         data: result,

package/src/api/file/file.router.js

@@ -1,4 +1,4 @@
-import { adminGuard, authMiddleware } from '../../server/auth.js';
+import { adminGuard } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { FileController } from './file.controller.js';
 import express from 'express';
@@ -6,6 +6,7 @@ const logger = loggerFactory(import.meta);
 
 const FileRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, authMiddleware, async (req, res) => await FileController.post(req, res, options));
   router.post(`/`, authMiddleware, async (req, res) => await FileController.post(req, res, options));
   router.get(`/blob/:id`, async (req, res) => await FileController.get(req, res, options));

package/src/api/file/file.service.js

@@ -5,14 +5,18 @@ import crypto from 'crypto';
 const logger = loggerFactory(import.meta);
 
 const FileFactory = {
-  upload: async function (req, File) {
-    const results = [];
-    if (!req.files) throw { message: 'not file found' };
-    if (Array.isArray(req.files.file)) for (const file of req.files.file) results.push(await new File(file).save());
+  filesExtract: (req) => {
+    const files = [];
+    if (Array.isArray(req.files.file)) for (const file of req.files.file) files.push(file);
     else if (Object.keys(req.files).length > 0)
-      for (const keyFile of Object.keys(req.files)) results.push(await new File(req.files[keyFile]).save());
+      for (const keyFile of Object.keys(req.files)) files.push(req.files[keyFile]);
+    return files;
+  },
+  upload: async function (req, File) {
+    const results = FileFactory.filesExtract(req);
     let index = -1;
-    for (const file of results) {
+    for (let file of results) {
+      file = await new File(file).save();
       index++;
       const [result] = await File.find({
         _id: file._id,
@@ -25,7 +29,23 @@ const FileFactory = {
     return Buffer.from(raw, 'utf8').toString('hex');
     // reverse hexValue.toString()
   },
-  svg: (data = new Buffer(), name = '') => {
+  getMymeTypeFromPath: (path) => {
+    switch (path.split('.').pop()) {
+      case 'png':
+        return 'image/png';
+      case 'jpg':
+        return 'image/jpeg';
+      case 'jpeg':
+        return 'image/jpeg';
+      case 'gif':
+        return 'image/gif';
+      case 'svg':
+        return 'image/svg+xml';
+      default:
+        return 'application/octet-stream';
+    }
+  },
+  create: (data = Buffer.from([]), name = '') => {
     return {
       name: name,
       data: data,
@@ -33,7 +53,7 @@ const FileFactory = {
       encoding: '7bit',
       tempFilePath: '',
       truncated: false,
-      mimetype: 'image/svg+xml',
+      mimetype: FileFactory.getMymeTypeFromPath(name),
       md5: crypto.createHash('md5').update(data).digest('hex'),
       cid: undefined,
     };

package/src/api/test/test.router.js

@@ -1,4 +1,3 @@
-import { authMiddleware } from '../../server/auth.js';
 import { loggerFactory } from '../../server/logger.js';
 import { TestController } from './test.controller.js';
 import express from 'express';
@@ -7,6 +6,7 @@ const logger = loggerFactory(import.meta);
 
 const TestRouter = (options) => {
   const router = express.Router();
+  const authMiddleware = options.authMiddleware;
   router.post(`/:id`, async (req, res) => await TestController.post(req, res, options));
   router.post(`/`, authMiddleware, async (req, res) => await TestController.post(req, res, options));
   router.get(`/:id`, async (req, res) => await TestController.get(req, res, options));

package/src/api/user/postman_collection.json

@@ -0,0 +1,216 @@
+{
+  "info": {
+    "_postman_id": "a1b2c3d4-e5f6-7890-1234-567890abcdef",
+    "name": "User API",
+    "description": "A collection of requests for the User API.",
+    "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+  },
+  "item": [
+    {
+      "name": "user",
+      "item": [
+        {
+          "name": "Log in",
+          "request": {
+            "method": "POST",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"email\": \"user@example.com\",\n    \"password\": \"Password123\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user/auth",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", "auth"]
+            },
+            "description": "This endpoint get a JWT for authenticated user"
+          },
+          "response": [
+            {
+              "name": "User logged in successfully",
+              "originalRequest": {
+                "method": "POST",
+                "header": [],
+                "body": {
+                  "mode": "raw",
+                  "raw": ""
+                },
+                "url": {
+                  "raw": "{{baseUrl}}/user/auth",
+                  "host": ["{{baseUrl}}"],
+                  "path": ["user", "auth"]
+                }
+              },
+              "status": "OK",
+              "code": 200,
+              "_postman_previewlanguage": "json",
+              "header": [
+                {
+                  "key": "Content-Type",
+                  "value": "application/json"
+                }
+              ],
+              "cookie": [],
+              "body": "{\n    \"status\": \"success\",\n    \"data\": {\n        \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyIjp7Il9pZCI6IjY2YzM3N2Y1N2Y5OWU1OTY5YjgxZG...\",\n        \"user\": {\n            \"_id\": \"66c377f57f99e5969b81de89\",\n            \"email\": \"user@example.com\",\n            \"emailConfirmed\": false,\n            \"username\": \"user123\",\n            \"role\": \"user\",\n            \"profileImageId\": \"66c377f57f99e5969b81de87\"\n        }\n    }\n}"
+            }
+          ]
+        },
+        {
+          "name": "Create user",
+          "request": {
+            "method": "POST",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"username\": \"user123\",\n    \"password\": \"Password123\",\n    \"email\": \"user@example.com\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user",
+              "host": ["{{baseUrl}}"],
+              "path": ["user"]
+            },
+            "description": "This endpoint will create a new user account"
+          },
+          "response": []
+        },
+        {
+          "name": "Get user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "GET",
+            "header": [],
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint get user data by ID"
+          },
+          "response": []
+        },
+        {
+          "name": "Update user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "PUT",
+            "header": [
+              {
+                "key": "Content-Type",
+                "value": "application/json",
+                "type": "text"
+              }
+            ],
+            "body": {
+              "mode": "raw",
+              "raw": "{\n    \"username\": \"newuser123\",\n    \"password\": \"NewPassword123\",\n    \"email\": \"newuser@example.com\"\n}",
+              "options": {
+                "raw": {
+                  "language": "json"
+                }
+              }
+            },
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint will update user data by ID"
+          },
+          "response": []
+        },
+        {
+          "name": "Delete user data by ID",
+          "request": {
+            "auth": {
+              "type": "bearer",
+              "bearer": [
+                {
+                  "key": "token",
+                  "value": "{{authToken}}",
+                  "type": "string"
+                }
+              ]
+            },
+            "method": "DELETE",
+            "header": [],
+            "url": {
+              "raw": "{{baseUrl}}/user/:id",
+              "host": ["{{baseUrl}}"],
+              "path": ["user", ":id"],
+              "variable": [
+                {
+                  "key": "id",
+                  "value": "your_user_id"
+                }
+              ]
+            },
+            "description": "This endpoint deletes user data by ID, the path ID must match with the ID of the authenticated user"
+          },
+          "response": []
+        }
+      ]
+    }
+  ],
+  "variable": [
+    {
+      "key": "baseUrl",
+      "value": "http://localhost:3000/api"
+    },
+    {
+      "key": "authToken",
+      "value": ""
+    }
+  ]
+}

package/src/api/user/user.controller.js

@@ -3,68 +3,33 @@ import { UserService } from './user.service.js';
 
 const logger = loggerFactory(import.meta);
 
-const UserController = {
-  post: async (req, res, options) => {
-    try {
-      const result = await UserService.post(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
-    }
-  },
-  get: async (req, res, options) => {
-    try {
-      const result = await UserService.get(req, res, options);
-      if (result instanceof Buffer) return res.status(200).end(result);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
-    }
-  },
-  delete: async (req, res, options) => {
-    try {
-      const result = await UserService.delete(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
+const handleRequest = (serviceMethod) => async (req, res, options) => {
+  try {
+    const result = await serviceMethod(req, res, options);
+    if (res.headersSent) {
+      return;
     }
-  },
-  put: async (req, res, options) => {
-    try {
-      const result = await UserService.put(req, res, options);
-      return res.status(200).json({
-        status: 'success',
-        data: result,
-      });
-    } catch (error) {
-      logger.error(error, error.stack);
-      return res.status(400).json({
-        status: 'error',
-        message: error.message,
-      });
+    if (result instanceof Buffer) {
+      return res.status(200).end(result);
     }
-  },
+    return res.status(200).json({
+      status: 'success',
+      data: result,
+    });
+  } catch (error) {
+    logger.error(error, error.stack);
+    return res.status(400).json({
+      status: 'error',
+      message: error.message,
+    });
+  }
+};
+
+const UserController = {
+  post: handleRequest(UserService.post),
+  get: handleRequest(UserService.get),
+  delete: handleRequest(UserService.delete),
+  put: handleRequest(UserService.put),
 };
 
 export { UserController };