r/p5.js-web-editor
1
0
Fork 0
Code Issues 1 Pull requests Releases 1 Wiki Activity
p5.js-web-editor/server/models/user.js

227 lines
6.6 KiB
JavaScript
Raw Normal View History

add session and cookie and passport config for server
2016-05-13 20:04:16 +00:00
import mongoose from 'mongoose';
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused
2017-02-22 19:29:35 +00:00
add sign up server side, still working on client side
2016-06-09 20:28:21 +00:00
const bcrypt = require('bcrypt-nodejs');
add session and cookie and passport config for server
2016-05-13 20:04:16 +00:00
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 16:48:28 +00:00
const EmailConfirmationStates = {
Verified: 'verified',
Sent: 'sent',
Resent: 'resent',
};
fix even more linting errors
2018-05-05 00:59:43 +00:00
const { Schema } = mongoose;
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused
2017-02-22 19:29:35 +00:00
Added DB schema and backend logic for API keys creation and deletion
2018-10-14 19:08:36 +00:00
const apiKeySchema = new Schema({
label: { type: String, default: 'API Key' },
lastUserAt should be null if the key has never been used
2019-05-15 10:28:18 +00:00
lastUsedAt: { type: Date },
Added DB schema and backend logic for API keys creation and deletion
2018-10-14 19:08:36 +00:00
hashedKey: { type: String, required: true },
}, { timestamps: true, _id: true });
Removes hashedKey from APIKey data when serialising This ensures it's not accidentally exposed to the client when returning the key metadata
2019-05-15 11:07:20 +00:00
apiKeySchema.virtual('id').get(function getApiKeyId() {
return this._id.toHexString();
});
/**
* When serialising an APIKey instance, the `hashedKey` field
* should never be exposed to the client. So we only return
* a safe list of fields when toObject and toJSON are called.
*/
function apiKeyMetadata(doc, ret, options) {
Displays all API keys in a table, including new token information
2019-05-14 17:50:33 +00:00
return {
Removes hashedKey from APIKey data when serialising This ensures it's not accidentally exposed to the client when returning the key metadata
2019-05-15 11:07:20 +00:00
id: doc.id, label: doc.label, lastUsedAt: doc.lastUsedAt, createdAt: doc.createdAt
Displays all API keys in a table, including new token information
2019-05-14 17:50:33 +00:00
};
Removes hashedKey from APIKey data when serialising This ensures it's not accidentally exposed to the client when returning the key metadata
2019-05-15 11:07:20 +00:00
}
Do not return any keys in API
2019-05-14 10:26:25 +00:00
Removes hashedKey from APIKey data when serialising This ensures it's not accidentally exposed to the client when returning the key metadata
2019-05-15 11:07:20 +00:00
apiKeySchema.set('toObject', {
transform: apiKeyMetadata
Added DB schema and backend logic for API keys creation and deletion
2018-10-14 19:08:36 +00:00
});
apiKeySchema.set('toJSON', {
Removes hashedKey from APIKey data when serialising This ensures it's not accidentally exposed to the client when returning the key metadata
2019-05-15 11:07:20 +00:00
virtuals: true,
transform: apiKeyMetadata
Added DB schema and backend logic for API keys creation and deletion
2018-10-14 19:08:36 +00:00
});
add session and cookie and passport config for server
2016-05-13 20:04:16 +00:00
const userSchema = new Schema({
fix a ton of eslint errors
2016-06-23 22:29:55 +00:00
name: { type: String, default: '' },
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
username: { type: String, required: true, unique: true },
fix a ton of eslint errors
2016-06-23 22:29:55 +00:00
password: { type: String },
start to add mailgun and nodemailer
2016-10-12 16:02:46 +00:00
resetPasswordToken: String,
resetPasswordExpires: Date,
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 16:48:28 +00:00
verified: { type: String },
verifiedToken: String,
verifiedTokenExpires: Date,
fix a ton of eslint errors
2016-06-23 22:29:55 +00:00
github: { type: String },
email: { type: String, unique: true },
tokens: Array,
Added DB schema and backend logic for API keys creation and deletion
2018-10-14 19:08:36 +00:00
apiKeys: { type: [apiKeySchema] },
remove code bloat from preferences, add preferences to user schema
2016-08-04 03:45:49 +00:00
preferences: {
fix preferences font size text size bug
2016-08-09 22:45:59 +00:00
fontSize: { type: Number, default: 18 },
add ability to toggle line numbers to accessibility settings. Fixes #1138 (#1146) * Added SET_LINE_NUMBERS constant * Added setLineNumbers() * Added lineNumber prop * Added functionality to Preferences * Passing props * handle case SET_LINE_NUMBERS * add lineNumber default value to the schema
2019-08-30 16:36:34 +00:00
lineNumbers: { type: Boolean, default: true },
remove code bloat from preferences, add preferences to user schema
2016-08-04 03:45:49 +00:00
indentationAmount: { type: Number, default: 2 },
isTabIndent: { type: Boolean, default: false },
add preferences to include text output
2016-08-12 19:50:33 +00:00
autosave: { type: Boolean, default: true },
Added softwrap preference for users. (#970) * Client and server side code added for Linewrap option * Linked linewrap prop with the Editor.jsx property * linewrap defaults to true * Renamed 'LineWrap' to 'WordWrap'
2019-03-26 19:37:44 +00:00
linewrap: { type: Boolean, default: true },
add preferences to include text output
2016-08-12 19:50:33 +00:00
lintWarning: { type: Boolean, default: false },
Accessibility (#361) * add p5 interceptor submodule * update package * remoce interceptor * update interceptor; * merge scripts * change postinstall script * refactor interceptor files * remove merge conflicts * change source files * add registry class * provide seperate outputs for text and grid * switch textOutput to boolean * make both modules usable together * update interceptor for safari * fix grid label * add sound output as well * change file strucure * change constants * change input lables * switch submodule branch * change variable name * change grid to table * remove role from table elements * switch submodule branch
2017-05-31 19:23:30 +00:00
textOutput: { type: Boolean, default: false },
gridOutput: { type: Boolean, default: false },
soundOutput: { type: Boolean, default: false },
auto autorefresh to preferences, save autorefresh server side
2016-09-28 18:12:01 +00:00
theme: { type: String, default: 'light' },
temporarily remote autorefresh and loop protect
2016-10-04 19:35:23 +00:00
autorefresh: { type: Boolean, default: false }
add script to add total size to all user accounts, add totalSize to user model, return totalSize from user api request
2019-08-08 21:34:49 +00:00
},
totalSize: { type: Number, default: 0 }
attempt to fix error in mongo logs
2019-05-02 23:10:14 +00:00
}, { timestamps: true, usePushEach: true });
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
/**
* Password hash middleware.
*/
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
userSchema.pre('save', function checkPassword(next) { // eslint-disable-line consistent-return
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
const user = this;
if (!user.isModified('password')) { return next(); }
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
bcrypt.genSalt(10, (err, salt) => { // eslint-disable-line consistent-return
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
if (err) { return next(err); }
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
bcrypt.hash(user.password, salt, null, (innerErr, hash) => {
if (innerErr) { return next(innerErr); }
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
user.password = hash;
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
return next();
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
});
});
add session and cookie and passport config for server
2016-05-13 20:04:16 +00:00
});
Hashing keys before storing them
2018-11-06 12:36:19 +00:00
/**
* API keys hash middleware
*/
Added Basic Auth using passport-http
2018-11-06 16:28:17 +00:00
userSchema.pre('save', function checkApiKey(next) { // eslint-disable-line consistent-return
Hashing keys before storing them
2018-11-06 12:36:19 +00:00
const user = this;
if (!user.isModified('apiKeys')) { return next(); }
let hasNew = false;
user.apiKeys.forEach((k) => {
if (k.isNew) {
hasNew = true;
Added Basic Auth using passport-http
2018-11-06 16:28:17 +00:00
bcrypt.genSalt(10, (err, salt) => { // eslint-disable-line consistent-return
Hashing keys before storing them
2018-11-06 12:36:19 +00:00
if (err) { return next(err); }
bcrypt.hash(k.hashedKey, salt, null, (innerErr, hash) => {
if (innerErr) { return next(innerErr); }
k.hashedKey = hash;
return next();
});
});
}
});
if (!hasNew) return next();
});
update eslint to latest version, fix lots of linting errors (#308) * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * update eslint and dependencies, fix linting errors that can be fixed with --fix * fix lots of linting errors * update eslintrc, fix some linting errors * fix all server side linting errors, untested * fix errors that fixing linting errors had caused * fix client side eslint errors * fix client side linting errors * fix refs lint errors * fix more linting errors * fix some accessibility linting errors * fix a lot of linting errors * fix a billion more linting errors * hopefully fix all linting errors, still need to test * fix bugs that fixing linting had caused
2017-02-22 19:29:35 +00:00
userSchema.virtual('id').get(function idToString() {
fix linting errors that are fixable with --fix in server side code
2016-11-17 16:15:35 +00:00
return this._id.toHexString();
fix preferences font size text size bug
2016-08-09 22:45:59 +00:00
});
userSchema.set('toJSON', {
fix linting errors that are fixable with --fix in server side code
2016-11-17 16:15:35 +00:00
virtuals: true
fix preferences font size text size bug
2016-08-09 22:45:59 +00:00
});
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
/**
* Helper method for validating user's password.
*/
fix some minor eslint errors
2016-06-27 17:09:18 +00:00
userSchema.methods.comparePassword = function comparePassword(candidatePassword, cb) {
fix some linting errors
2016-06-24 22:18:22 +00:00
// userSchema.methods.comparePassword = (candidatePassword, cb) => {
add a lot of server side libraries, preemptively, still hooking everything up
2016-05-17 19:50:37 +00:00
bcrypt.compare(candidatePassword, this.password, (err, isMatch) => {
cb(err, isMatch);
});
};
Added Basic Auth using passport-http
2018-11-06 16:28:17 +00:00
/**
* Helper method for validating a user's api key
*/
userSchema.methods.findMatchingKey = function findMatchingKey(candidateKey, cb) {
let foundOne = false;
this.apiKeys.forEach((k) => {
if (bcrypt.compareSync(candidateKey, k.hashedKey)) {
foundOne = true;
Fixes bug where lastUsedAt timestamp wasn't set when access token used
2019-05-15 12:07:46 +00:00
cb(null, true, k);
Added Basic Auth using passport-http
2018-11-06 16:28:17 +00:00
}
});
if (!foundOne) cb('Matching API key not found !', false, null);
};
[#1314][#1489] Add static methods to user model - Add new static methods to user model - `findByEmailAndUsername` - renames `findByMailOrName` to `findByEmailOrUsername` - `findByUsername` - `findByEmail` - Reverts case insensitive behavior for username
2020-07-15 21:33:11 +00:00
/**
*
* Queries User collection by email and returns one User document.
*
* @param {string|string[]} email - Email string or array of email strings
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmail = function findByEmail(email, cb) {
let query;
if (Array.isArray(email)) {
query = {
email: { $in: email }
[#1314][#1489] Use collation instead of RegEx - Add case insensitive indexes for User.email and User.username - Update user queries by username or email so that they are case insensitive
2020-07-14 22:16:17 +00:00
};
[#1314][#1489] Add static methods to user model - Add new static methods to user model - `findByEmailAndUsername` - renames `findByMailOrName` to `findByEmailOrUsername` - `findByUsername` - `findByEmail` - Reverts case insensitive behavior for username
2020-07-15 21:33:11 +00:00
} else {
query = {
email
};
}
// Email addresses should be case-insensitive unique
// In MongoDB, you must use collation in order to do a case-insensitive query
return this.findOne(query).collation({ locale: 'en', strength: 2 }).exec(cb);
};
/**
*
* Queries User collection by username and returns one User document.
*
* @param {string} username - Username string
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByUsername = function findByUsername(username, cb) {
const query = {
username
};
return this.findOne(query, cb);
};
/**
*
* Queries User collection using email or username with optional callback.
* This function will determine automatically whether the data passed is
* a username or email.
*
* @param {string} value - Email or username
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmailOrUsername = function findByEmailOrUsername(value, cb) {
const isEmail = value.indexOf('@') > -1;
if (isEmail) {
return this.findByEmail(value, cb);
[#1314][#1489] Use collation instead of RegEx - Add case insensitive indexes for User.email and User.username - Update user queries by username or email so that they are case insensitive
2020-07-14 22:16:17 +00:00
}
[#1314][#1489] Add static methods to user model - Add new static methods to user model - `findByEmailAndUsername` - renames `findByMailOrName` to `findByEmailOrUsername` - `findByUsername` - `findByEmail` - Reverts case insensitive behavior for username
2020-07-15 21:33:11 +00:00
return this.findByUsername(value, cb);
};
/**
*
* Queries User collection, performing a MongoDB logical or with the email
* and username (i.e. if either one matches, will return the first document).
*
* @param {string} email
* @param {string} username
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmailAndUsername = function findByEmailAndUsername(email, username, cb) {
Use username also to log in (#250) * Use username also to log in * Minor changes
2017-01-06 23:14:42 +00:00
const query = {
[#1314][#1489] Add static methods to user model - Add new static methods to user model - `findByEmailAndUsername` - renames `findByMailOrName` to `findByEmailOrUsername` - `findByUsername` - `findByEmail` - Reverts case insensitive behavior for username
2020-07-15 21:33:11 +00:00
$or: [
{ email },
{ username }
]
Use username also to log in (#250) * Use username also to log in * Minor changes
2017-01-06 23:14:42 +00:00
};
[#1314][#1489] Add static methods to user model - Add new static methods to user model - `findByEmailAndUsername` - renames `findByMailOrName` to `findByEmailOrUsername` - `findByUsername` - `findByEmail` - Reverts case insensitive behavior for username
2020-07-15 21:33:11 +00:00
return this.findOne(query).collation({ locale: 'en', strength: 2 }).exec(cb);
Use username also to log in (#250) * Use username also to log in * Minor changes
2017-01-06 23:14:42 +00:00
};
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 16:48:28 +00:00
userSchema.statics.EmailConfirmation = EmailConfirmationStates;
[#1314][#1489] Use collation instead of RegEx - Add case insensitive indexes for User.email and User.username - Update user queries by username or email so that they are case insensitive
2020-07-14 22:16:17 +00:00
userSchema.index({ username: 1 }, { collation: { locale: 'en', strength: 2 } });
userSchema.index({ email: 1 }, { collation: { locale: 'en', strength: 2 } });
fix some linting errors
2016-06-24 22:18:22 +00:00
export default mongoose.model('User', userSchema);
Reference in a new issue Copy permalink