diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/index.js | 2 | ||||
| -rw-r--r-- | server/lib/api.js | 24 | ||||
| -rw-r--r-- | server/lib/auth.js | 6 | ||||
| -rw-r--r-- | server/lib/schemas/User.js | 8 | ||||
| -rw-r--r-- | server/lib/upload.js | 72 | ||||
| -rw-r--r-- | server/lib/util.js | 11 |
6 files changed, 121 insertions, 2 deletions
diff --git a/server/index.js b/server/index.js index fc77660..34d5989 100644 --- a/server/index.js +++ b/server/index.js @@ -71,6 +71,8 @@ app.get('/auth/facebook', auth.login('facebook')); app.get('/auth/facebook/callback', auth.loggedIn('facebook')); app.get('/profile', views.profile) app.get('/profile/edit', views.profile) +app.get('/api/profile', middleware.ensureAuthenticated, api.profile.show) +app.put('/api/profile', middleware.ensureAuthenticated, api.profile.update) app.get('/project/new', views.modal); diff --git a/server/lib/api.js b/server/lib/api.js index d9934ab..9ff9f38 100644 --- a/server/lib/api.js +++ b/server/lib/api.js @@ -3,10 +3,32 @@ var passport = require('passport'), _ = require('lodash'), Entities = require('html-entities').XmlEntities, - entities = new Entities(); + entities = new Entities(), + crypto = require('crypto'), + _ = require('lodash'), + util = require('./util'), + config = require('../../config.json'), + User = require('./schemas/User'); var api = { + + profile: { + show: function(req, res){ + User.findOne({ _id: req.user._id }, function(err, user){ + res.json(err || user) + }) + }, + update: function(req, res){ + var data = req.cleanQuery(req.body) + if (data.new_password.length && req.user.checkPassword(data.old_password)) { + data.password = data.new_password + } + delete data.old_password + delete data.new_password + } + } + } diff --git a/server/lib/auth.js b/server/lib/auth.js index ede52b6..e7b7a75 100644 --- a/server/lib/auth.js +++ b/server/lib/auth.js @@ -5,6 +5,7 @@ var passport = require('passport'), TwitterStrategy = require('passport-twitter').Strategy, LocalStrategy = require('passport-local').Strategy, passportSocketIo = require("passport.socketio"), + crypto = require('crypto'), _ = require('lodash'), util = require('./util'), config = require('../../config.json'), @@ -91,6 +92,10 @@ var auth = { var username = util.trim(req.body.username) var password = req.body.password var email = util.trim(req.body.email) + + var shasum = crypto.createHash('sha1') + shasum.update(password) + password = shasum.digest('hex'); User.findOne({ username: username }, function (err, user) { if (user) { @@ -156,6 +161,7 @@ var auth = { username: profile.username || profile.displayName.toLowerCase().replace(/ /g,'-'), displayName: profile.displayName, photo: "http://graph.facebook.com/" + profile.id + "/picture?type=large", + facebookUrl: profile.username ? "https://facebook.com/" + profile.username : "" }; User.findOne({facebook_id: profile.id}, function(err, data){ diff --git a/server/lib/schemas/User.js b/server/lib/schemas/User.js index d78bfd2..24b0adf 100644 --- a/server/lib/schemas/User.js +++ b/server/lib/schemas/User.js @@ -4,6 +4,7 @@ var NONALPHANUMERICS_REGEX = new RegExp('[^-_a-zA-Z0-9]', 'g') var mongoose = require('mongoose'), _ = require('lodash'), + crypto = require('crypto'), config = require('../../../config.json'); var UserSchema = new mongoose.Schema({ @@ -28,6 +29,8 @@ var UserSchema = new mongoose.Schema({ case 'assets': case 'admin': case 'terms': + case 'api': + case 'vvalls': case 'assets': case '': return false @@ -53,11 +56,14 @@ var UserSchema = new mongoose.Schema({ bio: { type: String, default: "" }, website: { type: String, default: "" }, twitterName: { type: String, default: "" }, + facebookUrl: { type: String, default: "" }, isAdmin: { type: Boolean, default: false } }); UserSchema.methods.validPassword = function (pw) { - return this.password === pw + var shasum = crypto.createHash('sha1') + shasum.update(pw) + return this.password === shasum.digest('hex'); } module.exports = exports = mongoose.model('user', UserSchema); diff --git a/server/lib/upload.js b/server/lib/upload.js new file mode 100644 index 0000000..5c130a2 --- /dev/null +++ b/server/lib/upload.js @@ -0,0 +1,72 @@ + +var config = require('../../config.json'), + util = require('./util'), + knox = require('knox'), + moment = require('moment'); + +var s3 = module.exports.s3 = knox.createClient({ + key: process.env.OKFOCUS_S3_KEY, + secret: process.env.OKFOCUS_S3_SECRET, + bucket: 'vvalls' +}); + +var acceptableuploadTypes = { + 'image/gif': 'gif', + 'image/jpeg': 'jpg', + 'image/png': 'png' +} + +module.exports.put = function (key, image, opt) { + var imageSize, imageType, filename + var err + var now = new Date() + + var ts = moment().format('YYYYMMDD') + + var extension = acceptableuploadTypes[image.type] + filename = (+now) + "-" + + image.name.replace(/\..*$/,"") + .replace(/[^0-9a-zA-Z]+/g,"-") + .substr(-64) + + "." + extension; + + var remote_path = "/images/" + key + "/" + ts + "/" + filename + + if (! extension) { + err = "unacceptable filetype" + } + else if (image.size < 10) { + err = "file too small" + } + else if (image.size > 2097152) { // 2mb limit + err = "file too large" + } + + if (err) { + console.error(">>>", err) + opt.unacceptable && opt.unacceptable(err) + return + } + + opt.acceptable && opt.acceptable(err) + + console.log("upload > ", remote_path) + s3.putFile(image.path, remote_path, { + 'Content-Length': image.size, + 'Content-Type': image.type, + 'x-amz-acl': 'public-read' + }, function(err, s3res) { + if (err || s3res.statusCode !== 200) { + console.error(err); + s3res.resume() + return; + } + + var image_url = s3res.url || s3res.req.url + + opt.success && opt.success(image_url) + }).on('error', function(err, s3res){ + console.error(err) + s3res && s3res.resume && s3res.resume() + }) +} diff --git a/server/lib/util.js b/server/lib/util.js index 45902f3..7a63507 100644 --- a/server/lib/util.js +++ b/server/lib/util.js @@ -5,4 +5,15 @@ var whitespaceTail = /\s+$/ var util = {} util.trim = function (s){ return s.replace(whitespaceHead,"").replace(whitespaceTail,"") } +util.cleanQuery = function (query) { + var update = _.extend({}, query); + delete update._id; + delete update.created_at; + delete update.modified_at; + delete update.modified_by; + delete update.created_by; + return update; +} + + module.exports = util |