makise/todo
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

remove js backend

Browse source
This commit is contained in:
jane 2021-07-09 23:02:31 -04:00
parent 4d32a3e146
commit b018c0e367
13 changed files with 0 additions and 971 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
backend/.prettierrc.yaml
View file

@ -1,16 +0,0 @@
arrowParens: 'always'
bracketSpacing: true
endOfLine: 'lf'
htmlWhitespaceSensitivity: 'css'
insertPragma: false
jsxBracketSameLine: true
jsxSingleQuote: true
printWidth: 120
proseWrap: 'preserve'
quoteProps: 'consistent'
requirePragma: false
semi: true
singleQuote: true
tabWidth: 2
trailingComma: 'none'
useTabs: false

2
backend/README.md
View file

@ -1,2 +0,0 @@
# todo

16
backend/config.json.example
View file

@ -1,16 +0,0 @@
{
"secret": "TEST_SECRET",
"https": true,
"alter_db": true,
"port": 8080,
"frontend_url": "localhost:3000",
"db_url": "postgres://postgres:@127.0.0.1/todo",
"cert": "",
"cert_key": "",
"mail_host": "",
"mail_port": 465,
"mail_username": "",
"mail_password": "",
"discord_id": "",
"discord_secret": ""
}

36
backend/package.json
View file

@ -1,36 +0,0 @@
{
"name": "todo",
"version": "1.0.0",
"description": "todo list app (because it hasnt been done before)",
"main": "src/index.js",
"scripts": {
"who": "pwd",
"start": "node src/index.js",
"test": "mocha"
},
"repository": {
"type": "git",
"url": "git@ssh.gitdab.com:jane/todo.git"
},
"author": "jane <jane@j4.pm>",
"license": "SEE LICENSE IN LICENSE",
"dependencies": {
"cookie-parser": "^1.4.5",
"cors": "^2.8.5",
"express": "^4.17.1",
"express-paginate": "^1.0.2",
"http-proxy": "^1.18.1",
"node-fetch": "^2.6.1",
"nodemailer": "^6.6.2",
"pg": "^8.6.0",
"sequelize": "^6.6.5"
},
"devDependencies": {
"chai": "^4.3.4",
"mocha": "^9.0.2",
"proxyrequire": "^1.0.21",
"sequelize-cli": "^6.2.0",
"sequelize-test-helpers": "^1.3.3",
"sinon": "^11.1.1"
}
}

21
backend/src/config.js
View file

@ -1,21 +0,0 @@
const fs = require('fs');
if (!global.config) {
global.config = {}
const cfg = JSON.parse(fs.readFileSync('./config.json'));
if (cfg) {
global.config = cfg;
}
}
class Config {
get config() {
return global.config;
}
set config(dat) {
global.config = dat;
}
}
module.exports = new Config();

20
backend/src/db_interface.js
View file

@ -1,20 +0,0 @@
const Sequelize = require('sequelize');
const Config = require('./config.js');
const Models = require('./models');
if (!Config.config.db_url) {
console.error('No database url found. please set `db_url` in config.json');
process.exit();
}
const db = new Sequelize(Config.config.db_url);
module.exports = {
db: db,
constructors: {
user: () => {
return User.build();
}
},
schemas: Models(db, Sequelize)
};

70
backend/src/index.js
View file

@ -1,70 +0,0 @@
const http = require('http');
const https = require('https');
const httpProxy = require('http-proxy');
const cors = require('cors');
const express = require('express');
const cookieParser = require('cookie-parser');
const fs = require('fs');
const Config = require('./config.js');
const UserInterface = require('./user.js');
const TodoInterface = require('./todo.js');
let credentials = {};
if (Config.config.https) {
if (fs.existsSync(Config.config.cert) && fs.existsSync(Config.config.cert_key)) {
credentials.key = fs.readFileSync(Config.config.cert_key);
credentials.cert = fs.readFileSync(Config.config.cert);
}
else {
console.error('could not load certs')
process.exit()
}
}
let app = express();
app.use(cors());
app.use(cookieParser());
// force https
app.use((req, res, next) => {
if (Config.config.https) {
if (req.headers['x-forwarded-proto'] !== 'https') {
return res.redirect(`https://${req.headers.host}${req.url}`);
}
}
return next();
});
if (!Config.config.secret) {
console.error('No password secret found. please set `secret` in config.json');
process.exit();
} else if (Config.config.https && Config.config.secret == 'TEST_SECRET') {
console.error('please do not use the testing secret in production.');
process.exit();
}
app.use('/api/user', UserInterface.router);
app.use('/api/todo', TodoInterface.router);
if (Config.config.frontend_url) {
const proxy = httpProxy.createProxyServer({})
app.use('/', (req, res) => {
return proxy.web(req, res, {
target: Config.config.frontend_url
})
});
}
if (Config.config.https) {
var server = https.createServer(credentials, app);
server.listen(Config.config.port || 8080);
} else {
var server = http.createServer(app);
server.listen(Config.config.port || 8080);
}
console.log(
`listening on port ${Config.config.port || 8080}` + ` with https ${Config.config.https ? 'enabled' : 'disabled'}`
);

52
backend/src/mail.js
View file

@ -1,52 +0,0 @@
const Config = require('./config.js');
const nodemailer = require('nodemailer');
class Mailer {
sender;
started = false;
mailer;
constructor(host, port, email, password) {
this.mailer = nodemailer.createTransport({
host: host,
port: port,
secure: true,
auth: {
user: email,
pass: password
}
});
this.sender = email;
this.started = true;
}
async sendMail(recipients, subject, content, contentStripped) {
console.log(`sending mail to ${recipients}`);
let info = await this.mailer.sendMail({
from: `"Todo App" <${this.sender}>`,
to: Array.isArray(recipients) ? recipients.join(', ') : recipients,
subject: subject,
text: contentStripped,
html: content
});
}
}
if (!global.mailer || !global.mailer.started) {
if (
!Config.config['mail_host'] ||
!Config.config['mail_port'] ||
!Config.config['mail_username'] ||
!Config.config['mail_password']
) {
console.error(`could not create email account as
mail_host, mail_port, mail_username or mail_password is not set.`);
process.exit();
}
global.mailer = new Mailer(
Config.config['mail_host'],
Config.config['mail_port'],
Config.config['mail_username'],
Config.config['mail_password']
);
}
module.exports = global.mailer;

141
backend/src/models.js
View file

@ -1,141 +0,0 @@
const Sequelize = require('sequelize');
const Config = require('./config.js');
const models = (db) => {
const UnverifiedUser = db.define('UnverifiedUser', {
id: {
type: Sequelize.DataTypes.UUID,
defaultValue: Sequelize.UUIDV4,
allowNull: false,
primaryKey: true,
unique: true
},
verificationToken: {
type: Sequelize.DataTypes.STRING,
allowNull: false
},
email: {
type: Sequelize.DataTypes.STRING,
allowNull: false,
unique: true
},
discord_only_account: {
type: Sequelize.DataTypes.BOOLEAN,
allowNull: false,
defaultValue: false
},
discord_id: {
type: Sequelize.DataTypes.STRING,
allowNull: true
},
password_hash: {
type: Sequelize.DataTypes.STRING,
allowNull: true
}
});
const User = db.define('User', {
id: {
type: Sequelize.DataTypes.UUID,
defaultValue: Sequelize.UUIDV4,
allowNull: false,
primaryKey: true,
unique: true
},
email: {
type: Sequelize.DataTypes.STRING,
allowNull: false,
unique: true
},
discord_only_account: {
type: Sequelize.DataTypes.BOOLEAN,
allowNull: false,
defaultValue: false
},
discord_id: {
type: Sequelize.DataTypes.STRING,
allowNull: true
},
password_hash: {
type: Sequelize.DataTypes.STRING,
allowNull: true
}
});
const Todo = db.define('Todo', {
id: {
type: Sequelize.DataTypes.UUID,
defaultValue: Sequelize.UUIDV4,
allowNull: false,
primaryKey: true,
unique: true
},
user: {
type: Sequelize.DataTypes.UUID,
allowNull: false
},
content: {
type: Sequelize.DataTypes.TEXT,
allowNull: false
},
tags: {
type: Sequelize.DataTypes.ARRAY(Sequelize.DataTypes.STRING),
allowNull: true
},
complete: {
type: Sequelize.DataTypes.BOOLEAN,
allowNull: false,
defaultValue: false
},
deadline: {
type: Sequelize.DataTypes.DATE,
allowNull: true
}
});
const Grouping = db.define('Grouping', {
id: {
type: Sequelize.DataTypes.UUID,
defaultValue: Sequelize.UUIDV4,
allowNull: false,
primaryKey: true,
unique: true
},
complete: {
type: Sequelize.DataTypes.BOOLEAN,
allowNull: true
},
manually_added: {
type: Sequelize.DataTypes.ARRAY(Sequelize.DataTypes.UUID),
allowNull: true
},
required: {
type: Sequelize.DataTypes.ARRAY(Sequelize.DataTypes.STRING),
allowNull: true
},
exclusions: {
type: Sequelize.DataTypes.ARRAY(Sequelize.DataTypes.STRING),
allowNull: true
}
});
let options = {
alter: false
};
if (Config.config.alter_db) {
options.alter = true;
}
UnverifiedUser.sync(options);
User.sync(options);
Todo.sync(options);
Grouping.sync(options);
return {
user: User,
unverifiedUser: UnverifiedUser,
todo: Todo,
grouping: Grouping
};
};
module.exports = models;

146
backend/src/todo.js
View file

@ -1,146 +0,0 @@
const express = require('express');
const paginate = require('express-paginate');
const Database = require('./db_interface.js');
const User = require('./user.js');
const { Op } = require('sequelize');
let router = express.Router();
router.use(express.json());
function map_todo(result) {
return {
id: result.id,
content: result.content,
tags: result.tags
};
}
function parse_tags(tags) {
result = {
complete: undefined,
required: [],
excluded: []
};
tags.map((tag) => {
if (tag === 'complete') {
complete = true;
} else if (tag === '~complete') {
complete = false;
} else if (tag.startsWith('~')) {
excluded.push(tag);
} else {
required.push(tag);
}
});
return result;
}
const todo_fields = ['currentPage', 'limit'];
router.use(paginate.middleware(10, 50));
router.use('/todos', User.enforce_session_login);
router.get('/todos', async (req, res) => {
if (!req.query) {
return res.status(400).json({
error: `query must include the fields: ${todo_fields.join(', ')}}`
});
} else {
let error = [];
for (let field of todo_fields) {
if (!req.query[field]) {
error.push(field);
}
}
if (error.length > 0) {
return res.status(400).json({
error: `query must include the fields: ${error.join(', ')}}`
});
}
}
let tag_options = {};
if (req.query.tags) {
let parsed = parse_tags(req.query.tags.split(','));
tag_options['tags'] = {
[Op.and]: parsed.required,
[Op.not]: parsed.excluded
};
if (parsed.complete !== undefined) {
tag_options['complete'] = {
[Op.is]: parsed.complete
};
}
}
console.log(tag_options);
let all_todos = await Database.schemas.todo.findAndCountAll({
where: {
user: req.get('id'),
...tag_options
},
limit: req.query.limit,
offset: req.skip
});
const item_count = all_todos.count;
const page_count = Math.ceil(item_count / req.query.limit);
res.json({
result: all_todos.map(map_todo),
currentPage: req.query.currentPage,
pageCount: page_count,
itemCount: item_count,
pages: paginate.getArrayPages(req)(5, page_count, req.query.currentPage)
});
});
router.use('/todo', User.enforce_session_login);
router.get('/todo/:id([a-f0-9-]+)', async (req, res) => {
let userid = req.get('id');
let id = req.params?.id;
let match = await Database.schemas.todo.findOne({
where: {
user: userid,
id: id
}
});
if (!match) {
return res.sendStatus(404);
}
return res.json({
result: map_todo(match),
tags: get_tags(match.id)
});
});
router.use('/todo', User.enforce_session_login);
router.post('/todo/:id([a-f0-9-]+)', async (req, res) => {
let userid = req.get('id');
let id = req.params?.id;
let body = req.body;
if (!body) {
return res.sendStatus(400);
}
let match = await Database.schemas.todo.findOne({
where: {
user: userid,
id: id
}
});
if (!match) {
return res.sendStatus(404);
}
//
return res.json({
result: map_todo(match),
tags: get_tags(match.id)
});
});
module.exports = {
router: router
};

424
backend/src/user.js
View file

@ -1,424 +0,0 @@
const express = require('express');
const crypto = require('crypto');
const fetch = require('node-fetch');
const Config = require('./config.js');
const Database = require('./db_interface.js');
const Mail = require('./mail.js');
let router = express.Router();
router.use(express.json());
let session_entropy = {};
user_cache = {};
email_cache = {};
discord_cache = {};
discord_user_cache = {};
async function fetch_user(where) {
let user = await Database.schemas.user.findOne({ where: where });
if (user === null) {
return undefined;
}
user_cache[user.id] = {
id: user.id,
email: user.email,
discord_id: user.discord_id,
password_hash: user.password_hash
};
email_cache[user.email] = user.id;
if (user.discord_id) {
discord_cache[user.discord_id] = user.id
}
return user_cache[user.id]
}
async function fetch_discord_user(auth) {
const result = await fetch(`https://discord.com/api/v8/users/@me`, {
headers: {
'Authorization': auth.token_type + ' ' + auth.access_token
}
});
const json = result.json();
discord_user_cache[json.id] = {
user: json,
auth: auth,
expires: (new Date().getTime()) + (json.expires_in * 1000)
}
return discord_user_cache[id];
}
async function acquire_discord_token(code, redirect) {
let data = {
client_id: Config.config.discord_id,
client_secret: Config.config.discord_secret,
grant_type: 'authorization_code',
code: code,
redirect_uri: redirect
}
const result = await fetch(`https://discord.com/api/oauth2/token`, {
method: 'POST',
body: data,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).catch(err => console.error(err));
if (!result.ok) {
return res.status(500).json({error: "could not fetch user details"})
}
const json = result.json();
return fetch_discord_user(json);
}
async function refresh_discord_token(id) {
let data = {
client_id: Config.config.discord_id,
client_secret: Config.config.discord_secret,
grant_type: 'refresh_token',
refresh_token: discord_user_cache[id].auth.refresh_token
}
const result = await fetch(`https://discord.com/api/oauth2/token`, {
method: 'POST',
body: data,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).catch(err => console.error(err));
if (!result.ok) {
return false;
}
const json = result.json();
discord_user_cache[id].auth.access_token = json.access_token;
discord_user_cache[id].expires = (new Date().getTime()) + (json.expires_in * 1000);
return true;
}
async function get_user_details(id) {
if (!id || id === 'undefined') {
return undefined;
}
console.log(`search for user with id ${id}`);
if (!user_cache[id]) {
return await fetch_user({ id: id })
}
// console.log(`returning ${JSON.stringify(user_cache[id])}`);
return user_cache[id];
}
async function get_user_details_by_email(email) {
if (!email || email === 'undefined') {
return undefined;
}
console.log(`search for user with email ${email}}`);
if (!email_cache[email] || !user_cache[email_cache[email]]) {
return await fetch_user({ email: email })
}
// console.log(`returning ${JSON.stringify(user_cache[email_cache[email]])}`);
return user_cache[email_cache[email]];
}
async function get_user_details_by_discord_id(id) {
if (!id || id === 'undefined') {
return undefined;
}
if (!discord_cache[id] || !user_cache[discord_cache[id]]) {
return await fetch_user({ discord_id: id })
}
return user_cache[discord_cache[id]];
}
function hash(secret, password, base64 = true) {
let pw_hash = crypto.pbkdf2Sync(
password,
secret,
Config.config.key?.iterations || 1000,
Config.config.key?.length || 64,
'sha512'
);
return pw_hash.toString(base64 ? 'base64' : 'hex');
}
function verify(secret, password, hash) {
let pw_hash = crypto.pbkdf2Sync(
password,
secret,
Config.config.key?.iterations || 1000,
Config.config.key?.length || 64,
'sha512'
);
return hash === pw_hash.toString('base64');
}
function hash_password(password) {
return hash(Config.config.secret, password);
}
function verify_password(password, hash) {
return verify(Config.config.secret, password, hash);
}
function get_session_token(id, password_hash, base64 = true) {
session_entropy[id] = crypto.randomBytes(Config.config.session_entropy || 32);
return hash(session_entropy[id], password_hash, base64);
}
function verify_session_token(id, hash, token) {
if (session_entropy[id]) {
return verify(session_entropy[id], hash, token);
} else {
return false;
}
}
async function enforce_session_login(req, res, next) {
let userid = req.get('id');
let session_token = req.get('authorization');
console.log('a', userid, session_token);
if (!userid || !session_token) {
return res.sendStatus(401);
}
let user = await get_user_details(userid);
if (!user) {
return res.sendStatus(401);
}
let verified_session = verify_session_token(userid, user.password_hash, session_token);
if (!verified_session) {
return res.sendStatus(401);
}
return next();
}
router.post('/signup', async (req, res) => {
if (!req.body?.email || !req.body?.password) {
return res.status(400).json({
error: 'must have email and password fields'
});
}
let user = await get_user_details_by_email(req.body?.email);
if (user !== undefined && user !== {}) {
console.warn(`user already found: ${JSON.stringify(user)}`);
return res.status(403).json({
error: `email ${req.body.email} is already in use.`
});
} else {
let match = await Database.schemas.unverifiedUser.findOne({ where: { email: req.body.email } });
if (!!match) {
await Database.schemas.unverifiedUser.destroy({ where: { email: match.email } });
}
let randomString = 'Signup';
for (let i = 0; i < 16; i++) {
randomString += Math.floor(Math.random() * 10);
}
let password_hash = hash_password(req.body.password);
let user = await Database.schemas.unverifiedUser.create({
email: String(req.body.email),
password_hash: password_hash,
verificationToken: get_session_token(randomString, password_hash, false)
});
const link = `${Config.config.https ? 'https://' : 'http://'}${req.headers.host}/api/user/verify?verification=${user.verificationToken
}`;
const content = `Click here to verify your sign-up:
${link}`;
const contentHtml = `<h1>Click here to verify your sign-up:</h1>
<p><a href=${link}>${link}</a></p>`;
await Mail.sendMail([String(req.body.email)], 'Verify Your Account', contentHtml, content);
return res.sendStatus(204);
}
});
router.get('/verify', async (req, res) => {
if (!req.query?.verification) {
return res.status(400).send(
`<html>
<body>
<h1>No Verification Link</h1>
</body>
</html>`
);
}
let verification = req.query?.verification;
let user = await Database.schemas.unverifiedUser.findOne({ where: { verificationToken: verification } });
if (user !== undefined && user !== {}) {
if (user.verificationToken != verification) {
return res.status(404).send(
`<html>
<body>
<h1>Unknown Verification Link</h1>
</body>
</html>`
);
}
let newUser = await Database.schemas.user.create({
email: user.email,
password_hash: user.password_hash
});
return res.send(`<html>
<body>
<h1>Sign up complete.</h1>
</body>
</html>`);
} else {
return res.status(404).send(`<html>
<body>
<h1>Unknown Verification Link</h1>
</body>
</html>`);
}
});
router.get('/login/discord', async (req, res) => {
if (!Config.config.discord_id || !Config.config.discord_secret) {
return res.status(403).send("discord login is not enabled.");
}
const url = encodeURIComponent(`${req.headers.host}discord`);
return res.send(`https://discord.com/api/oauth2/authorize?client_id=${Config.config.discord_id}&redirect_uri=${url}&response_type=code&scope=identify%20email%20guilds`);
});
router.post('/login/discord', async (req, res) => {
if (!Config.config.discord_id || !Config.config.discord_secret) {
return res.status(403).json({ error: "discord login is not enabled." });
}
if (!req.params.code || !req.headers.host) {
return res.status(400).json({error: "invalid oauth request"});
}
const result = await acquire_discord_token(req.params.code, req.headers.host);
const matching_account = await get_user_details_by_discord_id(result.user.id);
if (!matching_account) {
let user = await Database.schemas.unverifiedUser.create({
email: String(result.user.email),
discord_id: user.id,
verificationToken: get_session_token(randomString, result.auth.access_token, false)
});
return res.json({
type: 'unverified',
verificationToken: user.verificationToken
})
}
return res.json({
type: 'verified',
userid: matching_account.id,
session_token: get_session_token(matching_account.id, result.auth.access_token)
});
});
//TODO
router.post('/discord/create', async (req, res) =>{});
router.post('/discord/link', async (req, res) =>{});
router.post('/login', async (req, res) => {
if (!req.body?.email || !req.body?.password) {
return res.status(400).json({
error: 'must have email and password fields'
});
}
let user = await get_user_details_by_email(req.body.email);
if (!user) {
return res.status(401).json({
error: 'incorrect email or password'
});
}
let verified = verify_password(req.body.password, user.password_hash);
if (!verified) {
return res.status(401).json({
error: 'incorrect email or password'
});
}
return res.json({
userid: user.id,
session_token: get_session_token(user.id, user.password_hash)
});
});
router.use('/logout', enforce_session_login)
router.post('/logout', async (req, res) => {
let userid = req.get('id');
let session_token = req.get('authorization');
let user = await get_user_details(userid);
if (!user) {
return res.status(401).json({
error: 'invalid user data'
});
}
let verified = verify_session_token(user.id, user.password_hash, session_token);
if (!verified) {
return res.status(401).json({
error: 'invalid user data'
});
}
delete session_entropy[user.id];
return res.sendStatus(204);
});
router.use('/byEmail', enforce_session_login)
router.get('/byEmail/:email', async (req, res) => {
if (!req.params?.email) {
res.status(400).json({
error: 'email is a required parameter'
});
}
let user = get_user_details_by_email(req.params.email);
console.log(user);
if (user !== undefined && user !== {}) {
res.json({
id: user.id,
email: user.email
});
} else {
res.sendStatus(404);
}
});
router.use('/', enforce_session_login)
router.get('/:id([a-f0-9-]+)', async (req, res) => {
console.log(req.params);
if (!req.params?.id) {
return res.status(400).json({
error: 'must have id parameter'
});
}
let id = req.params?.id;
console.log(id);
let user = await get_user_details(id);
console.log(user);
if (user !== undefined && user !== {}) {
return res.json({
id: user.id,
email: user.email
});
} else {
return res.sendStatus(404);
}
});
router.use('/authorized', enforce_session_login);
router.get('/authorized', async (req, res) => {
let userid = req.get('id');
let user = await get_user_details(userid);
return res.json({
authorized: true,
user: {
id: user.id,
email: user.email
}
});
});
module.exports = {
router: router,
enforce_session_login: enforce_session_login,
get_user_details: get_user_details,
get_user_details_by_email: get_user_details_by_email
};

17
backend/test/db_interface.spec.js
View file

@ -1,17 +0,0 @@
const { expect } = require('chai');
const Models = require('../src/models');
const { sequelize, checkModelName, checkUniqueIndex, checkPropertyExists } = require('sequelize-test-helpers');
describe('Sequelize model tests', function () {
const models = Models(sequelize);
checkModelName(models.user)('User');
checkModelName(models.unverifiedUser)('UnverifiedUser');
checkModelName(models.grouping)('Grouping');
checkModelName(models.todo)('Todo');
context('user props', function () {
['id', 'email', 'discord_only_account'].forEach(checkPropertyExists(new models.user()));
});
});

10
backend/test/user.spec.js
View file

@ -1,10 +0,0 @@
const { expect } = require('chai');
const proxyrequire = require('proxyrequire');
const { match, stub, resetHistory } = require('sinon');
const { sequelize, Sequelize, makeMockModels } = require('sequelize-test-helpers');
describe('User Router Tests', function () {
const Database = proxyrequire('../src/db_interface', {
sequelize: Sequelize
});
});