10 files changed, 203 insertions, 24 deletions

diff --git a/server/lib/api/collaborator.js b/server/lib/api/collaborator.js
new file mode 100644
index 0000000..1fda01b
--- /dev/null
+++ b/server/lib/api/collaborator.js
@@ -0,0 +1,89 @@
+/* jshint node: true */
+
+var _ = require('lodash'),
+  auth = require('../auth'),
+	util = require('../util'),
+	upload = require('../upload'),
+	config = require('../../../config.json'),
+	User = require('../schemas/User'),
+	Collaborator = require('../schemas/Collaborator'),
+	Project = require('../schemas/Project');
+
+var collaborator = {
+
+	join: function(req, res){
+	  var nonce = req.params.nonce
+	  if (! nonce || ! nonce.length) { return res.json({ error: "invalid invite code" }) }
+	  Collaborator.findOne({ nonce: nonce }, function(err, collaborator){
+	    if (err || ! collaborator) { return res.json({ error: "can't find collaborator" }) }
+	    collaborator.user_id = req.user._id
+	    collaborator.nonce = ""
+			collaborator.save(function(err, collaborator){
+        Project.findOne({ _id: collaborator.project_id }, function(err, project){
+          if (err || ! project) { return res.json({ error: err }) }
+          res.redirect("/project/" + project.slug + "/edit")
+        })
+      })
+	  })
+	},
+
+  //
+
+  index: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+    if (String(req.project.user_id) !== String(req.user._id)) { return res.json({ error: "insufficient permission" }) }
+    Collaborator.find({ project_id: req.project._id }, function(err, collaborators){
+      var user_ids = _.pluck(collaborators, "user_id").filter(function(id){ return !! id })
+      User.find({ _id: user_ids }, "username displayName photo", function(err, users){
+        if (! user_ids) {
+          return res.json(collaborators)          
+        }
+        var userIndex = _.indexBy(users, '_id')
+        collaborators = collaborators.map(function(collaborator){
+          var obj = collaborator.toObject()
+          obj.user = userIndex[ obj.user_id ]
+          return obj
+        })
+        collaborators.unshift( { user: req.user.toObject(), owner: true } )
+        res.json(collaborators)
+      })
+    })
+  },
+
+	create: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+		var data = util.cleanQuery(req.body)
+    data.email = util.trim( util.sanitize( data.email ) )
+		data.project_id = req.project._id
+		delete data.user_id
+
+    Collaborator.makeNonce(function(nonce){
+      data.nonce = nonce
+
+      new Collaborator(data).save(function(err, collaborator){
+        if (err || ! collaborator) { return res.json({ error: err }) }
+        console.log(collaborator)
+        res.json(collaborator)
+				auth.mail.collaborator(req.project, req.user, collaborator, function(){})
+      })
+    })
+	},
+	
+	destroy: function(req, res){
+    if (! req.project) {
+      return res.json({ error: "can't find project" })
+    }
+    if (String(req.project.user_id) !== String(req.user._id)) {
+      return res.json({ error: "insufficient permission" })
+    }
+    Collaborator.remove({ _id: req.body._id }, function(err){
+      res.json({ status: "OK" })
+    })
+	}
+}
+
+module.exports = collaborator
diff --git a/server/lib/api/index.js b/server/lib/api/index.js
index bfe3632..ad86daa 100644
--- a/server/lib/api/index.js
+++ b/server/lib/api/index.js
@@ -6,6 +6,7 @@ var api = {
 	media: require('./media'),
 	profile: require('./profile'),
 	projects: require('./projects'),
+	collaborator: require('./collaborator'),
 }
 
 module.exports = api
diff --git a/server/lib/api/media.js b/server/lib/api/media.js
index 16f9d41..1eb08c1 100644
--- a/server/lib/api/media.js
+++ b/server/lib/api/media.js
@@ -8,8 +8,13 @@ var _ = require('lodash'),
 	Media = require('../schemas/Media');
 
 var media = {
+
 	user: function(req, res){
-		Media.find({ user_id: req.user._id }, function(err, media){
+	  var query = { user_id: req.user._id }
+	  if (req.query.tag) {
+	    query.tag = req.query.tag
+	  }
+		Media.find(query, function(err, media){
 			res.json(media || [])
 		})
 	},
@@ -18,10 +23,14 @@ var media = {
 		var data = util.cleanQuery(req.body)
 		data.user_id = req.user._id
 		data.created_at = new Date ()
+		
+		if (data.tag) {
+		  data.tag = util.sanitize(data.tag)
+		}
 
 		new Media(data).save(function(err, rec){
 			if (err || ! rec) { return res.json({ error: err }) }
-			return res.json(rec) 
+			return res.json(rec)
 		})
 	},
 	
diff --git a/server/lib/api/projects.js b/server/lib/api/projects.js
index bd3cb81..2a5beff 100644
--- a/server/lib/api/projects.js
+++ b/server/lib/api/projects.js
@@ -39,6 +39,7 @@ var projects = {
 		data.rooms = JSON.parse(data.rooms)
 		data.walls = JSON.parse(data.walls)
 		data.media = JSON.parse(data.media)
+		data.colors = JSON.parse(data.colors)
 		data.startPosition = JSON.parse(data.startPosition)
 
 		upload.put("projects", req.files.thumbnail, {
@@ -91,8 +92,10 @@ var projects = {
 			Project.findOne({ _id: _id }, function(err, doc){
 				if (err || ! doc) { return res.json({ error: err }) }
 				_.extend(doc, data)
+				
 				doc.rooms = JSON.parse(data.rooms)
 				doc.walls = JSON.parse(data.walls)
+				doc.colors = JSON.parse(data.colors)
 				doc.media = JSON.parse(data.media)
 				doc.startPosition = JSON.parse(data.startPosition)
 
diff --git a/server/lib/auth/mail.js b/server/lib/auth/mail.js
index a4abccd..0ba6d5d 100644
--- a/server/lib/auth/mail.js
+++ b/server/lib/auth/mail.js
@@ -10,7 +10,7 @@ var mail = {
 	templates: {},
 	
 	init: function(){
-		var names = ["welcome","password"].forEach(function(name){
+		var names = ["welcome","password","collaborator"].forEach(function(name){
 			mail.templates[name] = {};
 			var types = ["text","html"].forEach(function(type){
 				fs.readFile("views/mail/" + name + "." + type + ".ejs", function(err, data){
@@ -62,6 +62,28 @@ var mail = {
 		mail.send(message, cb)
 		console.log("sent password email to", user.email)
 	},
+
+	collaborator: function(project, user, collaborator, cb){
+    var data = {
+      projectSlug: project.slug,
+      projectName: project.name,
+      nonce: collaborator.nonce,
+      username: user.username,
+    }
+
+		var message = {
+			 text:    mail.templates.collaborator.text(data),
+			 from:    mail.from, 
+			 to:      collaborator.email,
+			 subject: "Join " + data.username + " on " + data.projectName,
+			 attachment: [
+					{ data: mail.templates.collaborator.html(data), alternative: true },
+			 ]
+		}
+		mail.send(message, cb)
+		console.log("sent collaborator email to", collaborator.email)
+	},
+
 }
 
 module.exports = mail
diff --git a/server/lib/middleware.js b/server/lib/middleware.js
index 27b9c04..9d6236a 100644
--- a/server/lib/middleware.js
+++ b/server/lib/middleware.js
@@ -5,6 +5,7 @@ var passport = require('passport'),
 	_ = require('lodash'),
 	config = require('../../config.json'),
 	User = require('./schemas/User'),
+	Collaborator = require('./schemas/Collaborator'),
 	Project = require('./schemas/Project');
 
 
@@ -36,7 +37,7 @@ var middleware = {
 	ensureLocals: function (req, res, next) {
 		res.locals.token = req.csrfToken();
 		res.locals.logged_in = req.isAuthenticated()
-		res.locals.user = req.user || { id: undefined }
+		res.locals.user = req.user || { _id: undefined }
 		res.locals.config = config
 		res.locals.profile = null
 		res.locals.opt = {}
@@ -63,8 +64,32 @@ var middleware = {
 			req.project = null
 			next()
 		}
-	}
+	},
+
+  ensureIsCollaborator: function(req, res, next) {
+    req.isCollaborator = false
+    req.isOwner = false
 
+    if (! req.user || ! req.project) {
+      next()
+    }
+    else if (String(req.user._id) === String(req.project.user_id)) {
+      req.isOwner = true
+      next()
+    }
+    else {
+      Collaborator.findOne({ user_id: req.user._id, project_id: req.project._id }, function(err, collab) {
+        if (err || ! collab) {
+          next()
+        }
+        else {
+          req.isCollaborator = true
+          next()
+        }
+      })
+    }
+  },
+  
 }
 
 module.exports = middleware
diff --git a/server/lib/schemas/Collaborator.js b/server/lib/schemas/Collaborator.js
new file mode 100644
index 0000000..6b3d452
--- /dev/null
+++ b/server/lib/schemas/Collaborator.js
@@ -0,0 +1,30 @@
+/* jshint node: true */
+
+var mongoose = require('mongoose'),
+	_ = require('lodash'),
+	crypto = require('crypto'),
+	config = require('../../../config.json'),
+	util = require('../util');
+
+var CollaboratorSchema = new mongoose.Schema({
+	email: { type: String, required: true},
+	project_id: { type: mongoose.Schema.ObjectId, index: true },
+	user_id: { type: mongoose.Schema.ObjectId, index: true },
+	nonce: {
+		type: String,
+		default: "",
+	},
+	created_at: { type: Date },
+	updated_at: { type: Date },
+})
+
+CollaboratorSchema.statics.makeNonce = function(cb){
+	crypto.pseudoRandomBytes(256, function (err, buf){
+		var shasum = crypto.createHash('sha1')
+		shasum.update(buf)
+		cb( shasum.digest('hex') )
+	})
+}
+
+module.exports = exports = mongoose.model('collaborator', CollaboratorSchema);
+exports.schema = CollaboratorSchema;
diff --git a/server/lib/schemas/Media.js b/server/lib/schemas/Media.js
index 1f26b8e..1de354d 100644
--- a/server/lib/schemas/Media.js
+++ b/server/lib/schemas/Media.js
@@ -41,7 +41,8 @@ var MediaSchema = new mongoose.Schema({
 	loop: { type: Boolean, default: false },
 	mute: { type: Boolean, default: true },
 	keyframe: { type: Number, default: 0.0 },
-
+	tag: { type: String, default: "" },
+	
 	widthDimension: { type: Number },
 	heightDimension: { type: Number },
 	units: { type: String },
diff --git a/server/lib/schemas/Project.js b/server/lib/schemas/Project.js
index 0f54eaa..abf34fb 100644
--- a/server/lib/schemas/Project.js
+++ b/server/lib/schemas/Project.js
@@ -30,6 +30,7 @@ var ProjectSchema = new mongoose.Schema({
 	rooms: [mongoose.Schema.Types.Mixed],
 	walls: [mongoose.Schema.Types.Mixed],
 	media: [mongoose.Schema.Types.Mixed],
+	colors: mongoose.Schema.Types.Mixed,
 	startPosition: mongoose.Schema.Types.Mixed,
 	user_id: { type: mongoose.Schema.ObjectId, index: true },
 	created_at: { type: Date },
diff --git a/server/lib/views.js b/server/lib/views.js
index b776582..b3c1d18 100644
--- a/server/lib/views.js
+++ b/server/lib/views.js
@@ -3,6 +3,7 @@
 var User = require('./schemas/User'),
 	Project = require('./schemas/Project'),
 	Documentation = require('./schemas/Documentation'),
+	Collaborator = require('./schemas/Collaborator'),
 	config = require('../../config'),
 	marked = require('marked'),
 	util = require('./util'),
@@ -19,29 +20,24 @@ marked.setOptions({
 
 var views = {}
 
+views.editor_new = function (req, res) {
+	if (! req.user) {
+		res.redirect('/')
+	}
+	else {
+		res.render('editor')
+	}
+}
+
 views.editor = function (req, res) {
-	if (! req.user && ! req.project) {
+	if (! req.project) {
 		res.redirect('/')
 	}
-	else if (! req.user || (req.project && String(req.user._id) !== String(req.project.user_id))) {
-		User.findOne({ _id: req.project.user_id }, function(err, user) {
-			if (err || ! user) {
-				console.error(err)
-				res.redirect('/')
-				return
-			}
-			res.render('reader', {
-				name: util.sanitize(req.project.name),
-				description: util.sanitize(req.project.description),
-				date: moment(req.project.updated_at).format("M/DD/YYYY"),
-				author: user.displayName,
-				authorlink: "/profile/" + user.username,
-				noui: !! (req.query.noui === '1'),
-			})
-		})
+	else if (req.isOwner || req.isCollaborator) {
+		res.render('editor')
 	}
 	else {
-		res.render('editor')
+	  views.reader(req, res)
 	}
 }
 
@@ -61,6 +57,8 @@ views.reader = function (req, res) {
 			date: moment(req.project.updated_at).format("M/DD/YYYY"),
 			author: user.displayName,
 			authorlink: "/profile/" + user.username,
+			canEdit: req.isOwner || req.isCollaborator,
+			editlink: "/project/" + req.project.slug + "/edit",
 			noui: !! (req.query.noui === '1'),
 		})
 	})