123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573 |
- const express = require("express");
- const bodyParser = require("body-parser");
- const app = express();
- const bcrypt = require("bcrypt");
- const Datastore = require("nedb");
- const session = require("express-session");
- const NedbSessionStore = require("nedb-session-store")(session);
-
- app.listen(8080, () => {
- console.log("Server online on port 8080");
- })
-
- app.use(session({
- secret: process.env.SECRET || 'ENTER YOUR SECRET KEY IN ENV VARIABLES!',
- resave: false,
- saveUninitialized: false,
- unset: "destroy",
- cookie: {
- path: '/',
- httpOnly: true,
- maxAge: 3600000 //cookie time in ms (=1h)
- },
- store: new NedbSessionStore({
- filename: 'db/sessions.db'
- })
- }))
-
- app.use(express.static("public"));
- app.use(bodyParser.json());
- app.use(bodyParser.urlencoded({ extended: true }));
-
-
-
- /*--------------------------------------------------PAGE REQUESTS--------------------------------------------------*/
-
- app.get("/", (req, res) => {
- res.send("index.html");
- });
-
- app.get("/info", (req, res) => {
- res.sendFile(__dirname + '/public/info-page.html')
- });
-
- app.get("/main", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "admin"){
- res.sendFile(__dirname + '/public/admin-login.html')
- }else if(req.session.isLoggedIn && req.session.userRole === "mod") {
- res.sendFile(__dirname + '/public/mod-login.html')
- }else if(req.session.isLoggedIn && req.session.userRole === "user") {
- res.sendFile(__dirname + '/public/user-login.html')
- }else {
- req.session = null;
- res.redirect("/");
- }
- });
-
- app.get("/newPost", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "user"){
- res.sendFile(__dirname + '/public/new-Postv2.html')
- } else {
- req.session = null;
- res.redirect("/");
- }
- });
-
- app.get("/manage-posts", (req, res) => {
- if(req.session.isLoggedIn && (req.session.userRole === "mod" || req.session.userRole === "admin")){
- res.sendFile(__dirname + '/public/manage-post.html')
- } else {
- req.session = null;
- res.redirect("/");
- }
- });
-
- app.get("/new-password", (req, res) => {
- if(req.session.isLoggedIn){
- res.sendFile(__dirname + '/public/change-pw.html')
- } else {
- req.session = null;
- res.redirect("/");
- }
- });
-
- app.post("/updatePostID", (req, res) => {
-
- if(req.session.isLoggedIn){
- req.session.revpost = req.body.postid;
- res.json({suc:true});
- //res.sendFile(__dirname + '/public/post-review.html')
- } else {
- res.json({suc:false});
- }
- });
-
- app.get("/post-review", (req, res) => {
- if(req.session.isLoggedIn ){
- res.sendFile(__dirname + '/public/post-review.html')
- } else {
- req.session = null;
- res.redirect("/");
- }
- });
-
- /*--------------------------------------------------GETTER FUNCTIONS--------------------------------------------------*/
-
- app.get("/getmods", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "admin"){
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({role:"mod"}, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- resArray.push({
- username:element.username,
- suspended:element.suspended
- })
- });
- res.json({suc:true, users:resArray})
- } else {
- res.json({suc:false});
- }
-
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.get("/getusers", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "mod"){
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({role:"user" , group: req.session.userid }, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- resArray.push({
- username:element.username,
- suspended:element.suspended
- })
- });
- res.json({suc:true, users:resArray})
- } else {
- res.json({suc:false});
- }
-
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.get("/getReviewPost", (req, res) => {
- if(req.session.isLoggedIn){
- const db = new Datastore("db/posts.db");
- db.loadDatabase();
- db.find({_id:req.session.revpost}, (err, docs) => {
- if(docs.length === 1) {
- let post = [];
- post.push({
- postid:docs[0]._id,
- username:docs[0].creatorName,
- showpost:docs[0].showpost,
- title:docs[0].title,
- text:docs[0].text,
- bcolor:docs[0].bcolor,
- startdate:docs[0].startDate,
- enddate:docs[0].endDate,
- })
- res.json({suc:true, post:post})
- } else {
- res.json({suc:false});
- }
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.get("/getposts", (req, res) => {
- if(req.session.isLoggedIn){
- const db_post = new Datastore("db/posts.db");
- db_post.loadDatabase();
- switch(req.session.userRole)
- {
- case "admin":
- db_post.find({}, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- resArray.push({
- creator: element.creatorName,
- postid: element._id,
- title:element.title,
- text:element.text,
- showpost:element.showpost,
- startDate:element.startDate,
- endDate:element.endDate,
- })
- });
- res.json({suc:true, users:resArray})
- } else {
- res.json({suc:false});
- }
- });
- break;
- case "mod":
- db_post.find({creatorGroup:req.session.userid}, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- resArray.push({
- creator: element.creatorName,
- postid: element._id,
- title:element.title,
- text:element.text,
- showpost:element.showpost,
- startDate:element.startDate,
- endDate:element.endDate,
- })
- });
- res.json({suc:true, users:resArray})
- } else {
- res.json({suc:false});
- }
- });
- break;
- case "user":
- db_post.find({creatorId:req.session.userid}, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- resArray.push({
- title:element.title,
- showpost:element.showpost,
- postid:element._id
- })
- });
- res.json({suc:true, users:resArray})
- } else {
- res.json({suc:false});
- }});
- break;
- }
- }
- });
-
- app.get("/getliveposts", (req, res) => {
- const now = new Date();
- const db_post = new Datastore("db/posts.db");
- db_post.loadDatabase();
- const db_users = new Datastore("db/users.db");
- db_users.loadDatabase();
- db_post.find({}, (err, docs) => {
- if(docs.length > 0) {
- let resArray = [];
- docs.forEach(element => {
- if(element.showpost){
-
- var start = new Date(element.startDate) - now;
- var end = new Date(element.endDate) - now;
- if(start < 0 && end > 0){
- db_users.find({_id:element.creatorId}, (err2, docs2) =>{
- docs2.forEach(element2 => {
- if(!element2.suspended)
- {
- db_users.find({_id:element.creatorGroup}, (err3, docs3) =>{
- docs3.forEach(element3 => {
- if(!element3.suspended)
- {
- resArray.push({
- title:element.title,
- text:element.text,
- bcolor:element.bcolor
- })
- }
- })
- })
- }
- })
- })
- }
- }
- });
- setTimeout(function(){ res.json({suc:true, posts:resArray}); }, 100); //delay to resolve timing issue
- } else {
- res.json({suc:false});
- }
- });
- });
-
- /*--------------------------------------------------FUNCTIONS--------------------------------------------------*/
-
- app.post("/login", (req, res) => {
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- const un = req.body.username;
- const pw = req.body.password;
- if(un && pw){
- db.find({username:un}, (err, docs) => {
- if(docs.length === 1){
- const userRole = docs[0].role;
- bcrypt.compare(pw, docs[0].password, (err2, result) => {
- if(result){
- req.session.userRole = userRole;
- req.session.userid = docs[0]._id;
- req.session.gr = docs[0].group;
- req.session.un = docs[0].username;
- req.session.revpost = 0;
- req.session.isLoggedIn = true;
- if(userRole === "admin") {
- res.json({suc:true, redirect:"admin"}) //login to admin page
- } else if(userRole === "mod"){
- res.json({suc:true, redirect:"mod"}) //login to mod page
- } else if(userRole === "user"){
- res.json({suc:true, redirect:"user"}) //login to user page
- }
- } else { res.json({suc:false}); }
- })
- } else { res.json({suc:false}); }
- })
- } else { res.json({suc:false}); }
- });
-
- app.get("/logout", (req, res) => {
- req.session = null;
- res.redirect("/");
- });
-
- app.post("/changepw", (req, res) => {
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- const old_pw = req.body.old_password;
- const new_pw_1 = req.body.new_password_1;
- const new_pw_2 = req.body.new_password_2;
- if(old_pw && (new_pw_1 === new_pw_2)){
- db.find({_id:req.session.userid}, (err, docs) => {
- if(docs.length === 1){
- bcrypt.compare(old_pw, docs[0].password, (err2, result) => {
- if(result){
- bcrypt.hash(new_pw_1, 10, (err3, hash) => {
- db.update({_id: docs[0]._id}, {$set: {password: hash}}, (err4, num) =>{
- res.json({suc:true});
- });
- })
- } else { res.json({suc:false}); }
- })
- } else { res.json({suc:false}); }
- })
- } else { res.json({suc:false}); }
- })
-
- app.post("/newmod", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "admin"){
- const nun = req.body.username;
- const nemail = req.body.email;
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({username:nun}, (err, docs) => {
- if(docs.length === 0){
- db.find({email:nemail}, (err2, docs2) => {
- if(docs2.length === 0){
- bcrypt.hash(nun, 10, (err3, hash) => {
- db.insert({email: nemail,
- username: nun,
- password: hash,
- role: "mod",
- suspended: false
- }, (err4, doc) => {
- res.json({suc:true});
- });
- });
- } else {
- res.json({suc:false});
- }
- });
- } else {
- res.json({suc:false});
- }
- });
- } else {
- res.json({suc:false});
- }
- })
-
- app.post("/newuser", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "mod"){
- const nun = req.body.username;
- const nemail = req.body.email;
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({username:nun}, (err, docs) => {
- if(docs.length === 0){
- db.find({email:nemail}, (err2, docs2) => {
- if(docs2.length === 0){
- bcrypt.hash(nun, 10, (err3, hash) => {
- db.insert({
- email: nemail,
- username: nun,
- password: hash,
- role: "user",
- group: req.session.userid,
- suspended: false
- }, (err4, doc) => {
- res.json({suc:true});
- });
- });
- } else {
- res.json({suc:false});
- }
- });
- } else {
- res.json({suc:false});
- }
- });
- } else {
- res.json({suc:false});
- }
- })
-
- app.post("/newpost", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "user"){
- const db = new Datastore("db/posts.db");
- db.loadDatabase();
- db.insert({
- creatorId:req.session.userid ,
- creatorName:req.session.un ,
- creatorGroup:req.session.gr ,
- showpost:false ,
- startDate:req.body.startDate ,
- endDate:req.body.endDate ,
- title:req.body.title ,
- text:req.body.text,
- bcolor:req.body.bcolor
- }, (err, doc) => {
- res.json({suc:true});
- });
- }
- });
-
- app.post("/toggleSus", (req, res) => {
- if(req.session.isLoggedIn && (req.session.userRole === "admin" || req.session.userRole === "mod")){
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({username:req.body.username}, (err, docs) => {
- if(docs.length === 1) {
- var now = !docs[0].suspended;
- db.update({_id: docs[0]._id}, {$set: {suspended: now}}, (err2, num) =>{
- res.json({suc:true});
- })
- } else {
- res.json({suc:false});
- }
-
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.post("/toggleShow", (req, res) => {
- if(req.session.isLoggedIn && (req.session.userRole === "mod" || req.session.userRole === "admin")){
- const db = new Datastore("db/posts.db");
- db.loadDatabase();
- db.find({_id:req.body.postid}, (err, docs) => {
- if(docs.length === 1) {
- var now = !docs[0].showpost;
- db.update({_id: docs[0]._id}, {$set: {showpost: now}}, (err2, num) =>{
- res.json({suc:true});
- })
- } else {
- res.json({suc:false});
- }
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.post("/deleteMod", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "admin") {
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({username:req.body.username}, (err, docs) => {
- if(docs.length === 1) {
- deleteMod(docs[0]._id);
- setTimeout(function(){ res.json({suc:true}); }, 1000); //delay to resolve timing issue
- } else {
- res.json({suc:false});
- }
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.post("/deleteUser", (req, res) => {
- if(req.session.isLoggedIn && req.session.userRole === "mod"){
- const db = new Datastore("db/users.db");
- db.loadDatabase();
- db.find({username:req.body.username}, (err, docs) => {
- if(docs.length === 1) {
- deleteUser(docs[0]._id);
- setTimeout(function(){ res.json({suc:true}); }, 1000); //delay to resolve timing issue
- } else {
- res.json({suc:false});
- }
- })
- } else {
- res.json({suc:false});
- }
- });
-
- app.post("/deletePost", (req, res) => {
- if(req.session.isLoggedIn){
- const db = new Datastore("db/posts.db");
- db.loadDatabase();
- db.find({_id:req.body.postid}, (err, docs) => {
- if(docs.length === 1) {
- deletePost(docs[0]._id);
- setTimeout(function(){ res.json({suc:true}); }, 1000); //delay to resolve timing issue
- } else {
- res.json({suc:false});
- }
- })
- } else {
- res.json({suc:false});
- }
- });
-
- /*--------------------------------------------------FUNCTIONS--------------------------------------------------*/
-
- function deleteMod(modID){
- const db_users = new Datastore("db/users.db");
- db_users.loadDatabase();
- db_users.find({group:modID}, (err, docs) => {
- docs.forEach(element => {
- deleteUser(element._id);
- if(docs.indexOf(element) === docs.length-1)
- db_users.find({_id:modID}, (err2, docs2) => {
- console.log("deleted mod: ", docs2[0]._id);
- db_users.remove({_id: docs2[0]._id});
- })
- });
- })
- }
-
- function deleteUser(userID){
- const db_posts = new Datastore("db/posts.db");
- db_posts.loadDatabase();
- db_posts.find({creatorId:userID}, (err, docs) => {
- docs.forEach(element => {
- deletePost(element._id);
- });
- })
- const db_users = new Datastore("db/users.db");
- db_users.loadDatabase();
- db_users.find({_id:userID}, (err, docs) => {
- console.log("deleted user: ", docs[0]._id);
- db_users.remove({_id: docs[0]._id})
-
- })
- }
-
- function deletePost(postID){
- const db_posts = new Datastore("db/posts.db");
- db_posts.loadDatabase();
- db_posts.find({_id:postID}, (err, docs) => {
- console.log("deleted post: ", docs[0]._id);
- db_posts.remove({_id: docs[0]._id});
- })
- }
|