2018-02-04 01:23:59 +10:00
|
|
|
const express = require('express');
|
2018-02-06 04:20:30 +10:00
|
|
|
const common = require('../lib/common');
|
2019-06-15 14:46:08 +10:00
|
|
|
const { restrict, checkAccess } = require('../lib/auth');
|
2018-02-04 01:23:59 +10:00
|
|
|
const escape = require('html-entities').AllHtmlEntities;
|
|
|
|
const colors = require('colors');
|
2018-02-04 22:04:32 +10:00
|
|
|
const bcrypt = require('bcryptjs');
|
2020-01-21 17:36:46 +10:00
|
|
|
const moment = require('moment');
|
2018-02-04 22:04:32 +10:00
|
|
|
const fs = require('fs');
|
|
|
|
const path = require('path');
|
|
|
|
const multer = require('multer');
|
2018-06-01 21:31:23 +10:00
|
|
|
const mime = require('mime-type/with-db');
|
2020-02-23 13:40:35 +10:00
|
|
|
const csrf = require('csurf');
|
2020-01-21 17:36:46 +10:00
|
|
|
const { validateJson } = require('../lib/schema');
|
2019-06-15 10:54:41 +10:00
|
|
|
const ObjectId = require('mongodb').ObjectID;
|
2018-02-04 01:23:59 +10:00
|
|
|
const router = express.Router();
|
2020-02-23 13:40:35 +10:00
|
|
|
const csrfProtection = csrf({ cookie: true });
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2020-01-07 20:45:23 +10:00
|
|
|
// Regex
|
|
|
|
const emailRegex = /\S+@\S+\.\S+/;
|
|
|
|
const numericRegex = /^\d*\.?\d*$/;
|
|
|
|
|
2018-01-07 04:55:48 +10:00
|
|
|
// Admin section
|
2019-06-15 14:46:08 +10:00
|
|
|
router.get('/admin', restrict, (req, res, next) => {
|
2019-12-30 22:28:37 +10:00
|
|
|
res.redirect('/admin/dashboard');
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2018-02-04 01:23:59 +10:00
|
|
|
// logout
|
2018-02-06 05:51:04 +10:00
|
|
|
router.get('/admin/logout', (req, res) => {
|
2018-02-04 01:23:59 +10:00
|
|
|
req.session.user = null;
|
|
|
|
req.session.message = null;
|
|
|
|
req.session.messageType = null;
|
|
|
|
res.redirect('/');
|
|
|
|
});
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2020-02-23 13:40:35 +10:00
|
|
|
// Used for tests only
|
|
|
|
if(process.env.NODE_ENV === 'test'){
|
|
|
|
router.get('/admin/csrf', csrfProtection, (req, res, next) => {
|
|
|
|
res.json({
|
|
|
|
csrf: req.csrfToken()
|
|
|
|
});
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
2018-02-04 01:23:59 +10:00
|
|
|
// login form
|
2019-10-26 11:08:53 +10:00
|
|
|
router.get('/admin/login', async (req, res) => {
|
2019-07-12 18:06:34 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-10-29 18:26:30 +10:00
|
|
|
const userCount = await db.users.countDocuments({});
|
2019-10-26 11:08:53 +10:00
|
|
|
// we check for a user. If one exists, redirect to login form otherwise setup
|
|
|
|
if(userCount && userCount > 0){
|
|
|
|
// set needsSetup to false as a user exists
|
|
|
|
req.session.needsSetup = false;
|
|
|
|
res.render('login', {
|
|
|
|
title: 'Login',
|
|
|
|
referringUrl: req.header('Referer'),
|
|
|
|
config: req.app.config,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
showFooter: 'showFooter'
|
|
|
|
});
|
|
|
|
}else{
|
|
|
|
// if there are no users set the "needsSetup" session
|
|
|
|
req.session.needsSetup = true;
|
|
|
|
res.redirect('/admin/setup');
|
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2018-02-04 01:23:59 +10:00
|
|
|
// login the user and check the password
|
2019-10-26 11:08:53 +10:00
|
|
|
router.post('/admin/login_action', async (req, res) => {
|
2019-07-12 18:06:34 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
const user = await db.users.findOne({ userEmail: common.mongoSanitize(req.body.email) });
|
|
|
|
if(!user || user === null){
|
|
|
|
res.status(400).json({ message: 'A user with that email does not exist.' });
|
|
|
|
return;
|
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
// we have a user under that email so we compare the password
|
|
|
|
bcrypt.compare(req.body.password, user.userPassword)
|
2019-12-30 22:28:37 +10:00
|
|
|
.then((result) => {
|
|
|
|
if(result){
|
|
|
|
req.session.user = req.body.email;
|
|
|
|
req.session.usersName = user.usersName;
|
|
|
|
req.session.userId = user._id.toString();
|
|
|
|
req.session.isAdmin = user.isAdmin;
|
|
|
|
res.status(200).json({ message: 'Login successful' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
// password is not correct
|
|
|
|
res.status(400).json({ message: 'Access denied. Check password and try again.' });
|
|
|
|
});
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2018-02-04 01:23:59 +10:00
|
|
|
// setup form is shown when there are no users setup in the DB
|
2019-10-26 11:08:53 +10:00
|
|
|
router.get('/admin/setup', async (req, res) => {
|
2019-07-12 18:06:34 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-10-29 18:26:30 +10:00
|
|
|
const userCount = await db.users.countDocuments({});
|
2019-10-26 11:08:53 +10:00
|
|
|
// dont allow the user to "re-setup" if a user exists.
|
|
|
|
// set needsSetup to false as a user exists
|
|
|
|
req.session.needsSetup = false;
|
2019-11-06 18:31:25 +10:00
|
|
|
if(userCount === 0){
|
2019-10-26 11:08:53 +10:00
|
|
|
req.session.needsSetup = true;
|
|
|
|
res.render('setup', {
|
|
|
|
title: 'Setup',
|
|
|
|
config: req.app.config,
|
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
showFooter: 'showFooter'
|
|
|
|
});
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
res.redirect('/admin/login');
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// insert a user
|
2019-10-26 11:08:53 +10:00
|
|
|
router.post('/admin/setup_action', async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-07-12 18:06:34 +10:00
|
|
|
const doc = {
|
2018-01-07 04:55:48 +10:00
|
|
|
usersName: req.body.usersName,
|
|
|
|
userEmail: req.body.userEmail,
|
2018-02-04 22:04:32 +10:00
|
|
|
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
|
2019-11-07 16:36:20 +10:00
|
|
|
isAdmin: true,
|
|
|
|
isOwner: true
|
2018-01-07 04:55:48 +10:00
|
|
|
};
|
|
|
|
|
|
|
|
// check for users
|
2019-10-29 18:26:30 +10:00
|
|
|
const userCount = await db.users.countDocuments({});
|
2019-11-06 18:31:25 +10:00
|
|
|
if(userCount === 0){
|
2019-10-26 11:08:53 +10:00
|
|
|
// email is ok to be used.
|
|
|
|
try{
|
2019-10-29 18:26:30 +10:00
|
|
|
await db.users.insertOne(doc);
|
2019-12-16 14:22:27 +10:00
|
|
|
res.status(200).json({ message: 'User account inserted' });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
|
|
|
}catch(ex){
|
|
|
|
console.error(colors.red('Failed to insert user: ' + ex));
|
2019-12-16 14:22:27 +10:00
|
|
|
res.status(200).json({ message: 'Setup failed' });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
2019-10-26 11:08:53 +10:00
|
|
|
}
|
2019-12-16 14:22:27 +10:00
|
|
|
res.status(200).json({ message: 'Already setup.' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2019-12-30 22:28:37 +10:00
|
|
|
// dashboard
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/dashboard', csrfProtection, restrict, async (req, res) => {
|
2019-12-30 22:28:37 +10:00
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
// Collate data for dashboard
|
|
|
|
const dashboardData = {
|
|
|
|
productsCount: await db.products.countDocuments({
|
|
|
|
productPublished: true
|
|
|
|
}),
|
|
|
|
ordersCount: await db.orders.countDocuments({}),
|
|
|
|
ordersAmount: await db.orders.aggregate([{ $match: {} },
|
|
|
|
{ $group: { _id: null, sum: { $sum: '$orderTotal' } }
|
|
|
|
}]).toArray(),
|
|
|
|
productsSold: await db.orders.aggregate([{ $match: {} },
|
|
|
|
{ $group: { _id: null, sum: { $sum: '$orderProductCount' } }
|
|
|
|
}]).toArray(),
|
|
|
|
topProducts: await db.orders.aggregate([
|
|
|
|
{ $project: { _id: 0 } },
|
|
|
|
{ $project: { o: { $objectToArray: '$orderProducts' } } },
|
|
|
|
{ $unwind: '$o' },
|
|
|
|
{ $group: {
|
2020-03-19 20:35:46 +10:00
|
|
|
_id: '$o.v.title',
|
2019-12-30 22:28:37 +10:00
|
|
|
productImage: { $last: '$o.v.productImage' },
|
2019-12-30 22:36:06 +10:00
|
|
|
count: { $sum: '$o.v.quantity' }
|
2019-12-30 22:28:37 +10:00
|
|
|
} },
|
|
|
|
{ $sort: { count: -1 } },
|
|
|
|
{ $limit: 5 }
|
|
|
|
]).toArray()
|
|
|
|
};
|
|
|
|
|
|
|
|
// Fix aggregate data
|
2019-12-30 22:36:06 +10:00
|
|
|
if(dashboardData.ordersAmount.length > 0){
|
|
|
|
dashboardData.ordersAmount = dashboardData.ordersAmount[0].sum;
|
|
|
|
}
|
|
|
|
if(dashboardData.productsSold.length > 0){
|
|
|
|
dashboardData.productsSold = dashboardData.productsSold[0].sum;
|
|
|
|
}else{
|
|
|
|
dashboardData.productsSold = 0;
|
|
|
|
}
|
2019-12-30 22:28:37 +10:00
|
|
|
|
|
|
|
res.render('dashboard', {
|
|
|
|
title: 'Cart dashboard',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
dashboardData,
|
|
|
|
themes: common.getThemes(),
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2020-02-23 13:40:35 +10:00
|
|
|
config: req.app.config,
|
|
|
|
csrfToken: req.csrfToken()
|
2019-12-30 22:28:37 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// settings
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings', csrfProtection, restrict, (req, res) => {
|
2018-01-07 04:55:48 +10:00
|
|
|
res.render('settings', {
|
|
|
|
title: 'Cart settings',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
themes: common.getThemes(),
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2018-02-23 03:41:24 +10:00
|
|
|
config: req.app.config,
|
|
|
|
footerHtml: typeof req.app.config.footerHtml !== 'undefined' ? escape.decode(req.app.config.footerHtml) : null,
|
2020-02-23 13:40:35 +10:00
|
|
|
googleAnalytics: typeof req.app.config.googleAnalytics !== 'undefined' ? escape.decode(req.app.config.googleAnalytics) : null,
|
|
|
|
csrfToken: req.csrfToken()
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// create API key
|
2019-06-15 14:46:08 +10:00
|
|
|
router.post('/admin/createApiKey', restrict, checkAccess, async (req, res) => {
|
2019-06-15 10:54:41 +10:00
|
|
|
const db = req.app.db;
|
2019-07-12 18:06:34 +10:00
|
|
|
const result = await db.users.findOneAndUpdate({
|
2019-06-15 10:54:41 +10:00
|
|
|
_id: ObjectId(req.session.userId),
|
|
|
|
isAdmin: true
|
|
|
|
}, {
|
|
|
|
$set: {
|
|
|
|
apiKey: new ObjectId()
|
|
|
|
}
|
|
|
|
}, {
|
|
|
|
returnOriginal: false
|
|
|
|
});
|
|
|
|
|
|
|
|
if(result.value && result.value.apiKey){
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(200).json({ message: 'API Key generated', apiKey: result.value.apiKey });
|
2019-06-15 10:54:41 +10:00
|
|
|
return;
|
|
|
|
}
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(400).json({ message: 'Failed to generate API Key' });
|
2019-06-15 10:54:41 +10:00
|
|
|
});
|
|
|
|
|
2018-01-07 04:55:48 +10:00
|
|
|
// settings update
|
2019-06-15 14:46:08 +10:00
|
|
|
router.post('/admin/settings/update', restrict, checkAccess, (req, res) => {
|
2019-06-15 16:05:31 +10:00
|
|
|
const result = common.updateConfig(req.body);
|
2018-01-07 04:55:48 +10:00
|
|
|
if(result === true){
|
2019-11-01 22:30:40 +10:00
|
|
|
req.app.config = common.getConfig();
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(200).json({ message: 'Settings successfully updated' });
|
2018-01-07 04:55:48 +10:00
|
|
|
return;
|
|
|
|
}
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(400).json({ message: 'Permission denied' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// settings menu
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/menu', csrfProtection, restrict, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2020-01-01 19:26:21 +10:00
|
|
|
res.render('settings-menu', {
|
2018-01-07 04:55:48 +10:00
|
|
|
title: 'Cart menu',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2018-02-23 03:41:24 +10:00
|
|
|
config: req.app.config,
|
2020-02-23 13:40:35 +10:00
|
|
|
menu: common.sortMenu(await common.getMenu(db)),
|
|
|
|
csrfToken: req.csrfToken()
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// page list
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/pages', csrfProtection, restrict, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2019-10-26 11:08:53 +10:00
|
|
|
const pages = await db.pages.find({}).toArray();
|
2018-01-15 03:02:10 +10:00
|
|
|
|
2020-01-01 19:26:21 +10:00
|
|
|
res.render('settings-pages', {
|
2019-10-26 11:08:53 +10:00
|
|
|
title: 'Static pages',
|
|
|
|
pages: pages,
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
config: req.app.config,
|
2020-02-23 13:40:35 +10:00
|
|
|
menu: common.sortMenu(await common.getMenu(db)),
|
|
|
|
csrfToken: req.csrfToken()
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// pages new
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/pages/new', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2018-01-15 03:02:10 +10:00
|
|
|
|
2020-01-01 19:26:21 +10:00
|
|
|
res.render('settings-page', {
|
2018-01-07 04:55:48 +10:00
|
|
|
title: 'Static pages',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
button_text: 'Create',
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2018-02-23 03:41:24 +10:00
|
|
|
config: req.app.config,
|
2020-02-23 13:40:35 +10:00
|
|
|
menu: common.sortMenu(await common.getMenu(db)),
|
|
|
|
csrfToken: req.csrfToken()
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// pages editor
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/pages/edit/:page', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2019-10-26 11:08:53 +10:00
|
|
|
const page = await db.pages.findOne({ _id: common.getId(req.params.page) });
|
|
|
|
const menu = common.sortMenu(await common.getMenu(db));
|
|
|
|
if(!page){
|
|
|
|
res.status(404).render('error', {
|
|
|
|
title: '404 Error - Page not found',
|
|
|
|
config: req.app.config,
|
|
|
|
message: '404 Error - Page not found',
|
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
showFooter: 'showFooter',
|
|
|
|
menu
|
|
|
|
});
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-01-01 19:26:21 +10:00
|
|
|
res.render('settings-page', {
|
2019-10-26 11:08:53 +10:00
|
|
|
title: 'Static pages',
|
|
|
|
page: page,
|
|
|
|
button_text: 'Update',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
config: req.app.config,
|
2020-02-23 13:40:35 +10:00
|
|
|
menu,
|
|
|
|
csrfToken: req.csrfToken()
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// insert/update page
|
|
|
|
router.post('/admin/settings/page', restrict, checkAccess, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-07-12 18:06:34 +10:00
|
|
|
const doc = {
|
2018-01-07 04:55:48 +10:00
|
|
|
pageName: req.body.pageName,
|
|
|
|
pageSlug: req.body.pageSlug,
|
|
|
|
pageEnabled: req.body.pageEnabled,
|
|
|
|
pageContent: req.body.pageContent
|
|
|
|
};
|
|
|
|
|
2019-12-07 17:22:46 +10:00
|
|
|
if(req.body.pageId){
|
2018-01-07 04:55:48 +10:00
|
|
|
// existing page
|
2019-12-07 17:22:46 +10:00
|
|
|
const page = await db.pages.findOne({ _id: common.getId(req.body.pageId) });
|
2019-10-26 11:08:53 +10:00
|
|
|
if(!page){
|
|
|
|
res.status(400).json({ message: 'Page not found' });
|
2019-12-07 17:25:51 +10:00
|
|
|
return;
|
2019-10-26 11:08:53 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
try{
|
2019-12-07 17:22:46 +10:00
|
|
|
const updatedPage = await db.pages.findOneAndUpdate({ _id: common.getId(req.body.pageId) }, { $set: doc }, { returnOriginal: false });
|
|
|
|
res.status(200).json({ message: 'Page updated successfully', pageId: req.body.pageId, page: updatedPage.value });
|
2019-10-26 11:08:53 +10:00
|
|
|
}catch(ex){
|
|
|
|
res.status(400).json({ message: 'Error updating page. Please try again.' });
|
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
}else{
|
|
|
|
// insert page
|
2019-10-26 11:08:53 +10:00
|
|
|
try{
|
2019-10-29 18:26:30 +10:00
|
|
|
const newDoc = await db.pages.insertOne(doc);
|
2019-12-07 17:22:46 +10:00
|
|
|
res.status(200).json({ message: 'New page successfully created', pageId: newDoc.insertedId });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
|
|
|
}catch(ex){
|
|
|
|
res.status(400).json({ message: 'Error creating page. Please try again.' });
|
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2019-12-30 12:48:45 +10:00
|
|
|
// delete a page
|
2019-12-07 09:41:18 +10:00
|
|
|
router.post('/admin/settings/page/delete', restrict, checkAccess, async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2019-12-07 17:25:51 +10:00
|
|
|
|
|
|
|
const page = await db.pages.findOne({ _id: common.getId(req.body.pageId) });
|
|
|
|
if(!page){
|
|
|
|
res.status(400).json({ message: 'Page not found' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
try{
|
2019-12-07 09:41:18 +10:00
|
|
|
await db.pages.deleteOne({ _id: common.getId(req.body.pageId) }, {});
|
|
|
|
res.status(200).json({ message: 'Page successfully deleted' });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
|
|
|
}catch(ex){
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(400).json({ message: 'Error deleting page. Please try again.' });
|
2019-10-26 11:08:53 +10:00
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// new menu item
|
2019-06-15 14:46:08 +10:00
|
|
|
router.post('/admin/settings/menu/new', restrict, checkAccess, (req, res) => {
|
2019-12-07 09:41:18 +10:00
|
|
|
const result = common.newMenu(req);
|
2018-01-07 04:55:48 +10:00
|
|
|
if(result === false){
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(400).json({ message: 'Failed creating menu.' });
|
|
|
|
return;
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(200).json({ message: 'Menu created successfully.' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// update existing menu item
|
2019-06-15 14:46:08 +10:00
|
|
|
router.post('/admin/settings/menu/update', restrict, checkAccess, (req, res) => {
|
2019-12-07 09:41:18 +10:00
|
|
|
const result = common.updateMenu(req);
|
2018-01-07 04:55:48 +10:00
|
|
|
if(result === false){
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(400).json({ message: 'Failed updating menu.' });
|
|
|
|
return;
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(200).json({ message: 'Menu updated successfully.' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// delete menu item
|
2019-12-07 09:41:18 +10:00
|
|
|
router.post('/admin/settings/menu/delete', restrict, checkAccess, (req, res) => {
|
|
|
|
const result = common.deleteMenu(req, req.body.menuId);
|
2018-01-07 04:55:48 +10:00
|
|
|
if(result === false){
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(400).json({ message: 'Failed deleting menu.' });
|
|
|
|
return;
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(200).json({ message: 'Menu deleted successfully.' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// We call this via a Ajax call to save the order from the sortable list
|
2020-01-21 17:36:46 +10:00
|
|
|
router.post('/admin/settings/menu/saveOrder', restrict, checkAccess, (req, res) => {
|
2019-07-12 18:06:34 +10:00
|
|
|
const result = common.orderMenu(req, res);
|
2018-01-07 04:55:48 +10:00
|
|
|
if(result === false){
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(400).json({ message: 'Failed saving menu order' });
|
2018-01-07 04:55:48 +10:00
|
|
|
return;
|
|
|
|
}
|
2019-12-26 13:23:21 +10:00
|
|
|
res.status(200).json({});
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// validate the permalink
|
2020-01-21 17:36:46 +10:00
|
|
|
router.post('/admin/validatePermalink', async (req, res) => {
|
2018-01-07 04:55:48 +10:00
|
|
|
// if doc id is provided it checks for permalink in any products other that one provided,
|
|
|
|
// else it just checks for any products with that permalink
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
|
|
|
let query = {};
|
|
|
|
if(typeof req.body.docId === 'undefined' || req.body.docId === ''){
|
2019-06-15 14:46:08 +10:00
|
|
|
query = { productPermalink: req.body.permalink };
|
2018-01-07 04:55:48 +10:00
|
|
|
}else{
|
2019-06-15 14:46:08 +10:00
|
|
|
query = { productPermalink: req.body.permalink, _id: { $ne: common.getId(req.body.docId) } };
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
|
|
|
|
2019-10-29 18:26:30 +10:00
|
|
|
const products = await db.products.countDocuments(query);
|
2019-10-26 11:08:53 +10:00
|
|
|
if(products && products > 0){
|
|
|
|
res.status(400).json({ message: 'Permalink already exists' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
res.status(200).json({ message: 'Permalink validated successfully' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2020-01-21 17:36:46 +10:00
|
|
|
// Discount codes
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/discounts', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2020-01-21 17:36:46 +10:00
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
const discounts = await db.discounts.find({}).toArray();
|
|
|
|
|
|
|
|
res.render('settings-discounts', {
|
|
|
|
title: 'Discount code',
|
|
|
|
config: req.app.config,
|
|
|
|
session: req.session,
|
|
|
|
discounts,
|
|
|
|
admin: true,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
2020-02-23 13:40:35 +10:00
|
|
|
helpers: req.handlebars.helpers,
|
|
|
|
csrfToken: req.csrfToken()
|
2020-01-21 17:36:46 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
// Edit a discount code
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/discount/edit/:id', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2020-01-21 17:36:46 +10:00
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
const discount = await db.discounts.findOne({ _id: common.getId(req.params.id) });
|
|
|
|
|
|
|
|
res.render('settings-discount-edit', {
|
|
|
|
title: 'Discount code edit',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
discount,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2020-02-23 13:40:35 +10:00
|
|
|
config: req.app.config,
|
|
|
|
csrfToken: req.csrfToken()
|
2020-01-21 17:36:46 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
// Update discount code
|
|
|
|
router.post('/admin/settings/discount/update', restrict, checkAccess, async (req, res) => {
|
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
// Doc to insert
|
|
|
|
const discountDoc = {
|
|
|
|
discountId: req.body.discountId,
|
|
|
|
code: req.body.code,
|
|
|
|
type: req.body.type,
|
|
|
|
value: parseInt(req.body.value),
|
|
|
|
start: moment(req.body.start, 'DD/MM/YYYY HH:mm').toDate(),
|
|
|
|
end: moment(req.body.end, 'DD/MM/YYYY HH:mm').toDate()
|
|
|
|
};
|
|
|
|
|
|
|
|
// Validate the body again schema
|
|
|
|
const schemaValidate = validateJson('editDiscount', discountDoc);
|
|
|
|
if(!schemaValidate.result){
|
|
|
|
res.status(400).json(schemaValidate.errors);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check start is after today
|
|
|
|
if(moment(discountDoc.start).isBefore(moment())){
|
|
|
|
res.status(400).json({ message: 'Discount start date needs to be after today' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check end is after the start
|
|
|
|
if(!moment(discountDoc.end).isAfter(moment(discountDoc.start))){
|
|
|
|
res.status(400).json({ message: 'Discount end date needs to be after start date' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if code exists
|
|
|
|
const checkCode = await db.discounts.countDocuments({
|
|
|
|
code: discountDoc.code,
|
|
|
|
_id: { $ne: common.getId(discountDoc.discountId) }
|
|
|
|
});
|
|
|
|
if(checkCode){
|
|
|
|
res.status(400).json({ message: 'Discount code already exists' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Remove discountID
|
|
|
|
delete discountDoc.discountId;
|
|
|
|
|
|
|
|
try{
|
|
|
|
await db.discounts.updateOne({ _id: common.getId(req.body.discountId) }, { $set: discountDoc }, {});
|
|
|
|
res.status(200).json({ message: 'Successfully saved', discount: discountDoc });
|
|
|
|
}catch(ex){
|
|
|
|
res.status(400).json({ message: 'Failed to save. Please try again' });
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
// Create a discount code
|
2020-02-23 13:40:35 +10:00
|
|
|
router.get('/admin/settings/discount/new', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2020-01-21 17:36:46 +10:00
|
|
|
res.render('settings-discount-new', {
|
|
|
|
title: 'Discount code create',
|
|
|
|
session: req.session,
|
|
|
|
admin: true,
|
|
|
|
message: common.clearSessionValue(req.session, 'message'),
|
|
|
|
messageType: common.clearSessionValue(req.session, 'messageType'),
|
|
|
|
helpers: req.handlebars.helpers,
|
2020-02-23 13:40:35 +10:00
|
|
|
config: req.app.config,
|
|
|
|
csrfToken: req.csrfToken()
|
2020-01-21 17:36:46 +10:00
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
// Create a discount code
|
2020-02-23 13:40:35 +10:00
|
|
|
router.post('/admin/settings/discount/create', csrfProtection, restrict, checkAccess, async (req, res) => {
|
2020-01-21 17:36:46 +10:00
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
// Doc to insert
|
|
|
|
const discountDoc = {
|
|
|
|
code: req.body.code,
|
|
|
|
type: req.body.type,
|
|
|
|
value: parseInt(req.body.value),
|
|
|
|
start: moment(req.body.start, 'DD/MM/YYYY HH:mm').toDate(),
|
|
|
|
end: moment(req.body.end, 'DD/MM/YYYY HH:mm').toDate()
|
|
|
|
};
|
|
|
|
|
|
|
|
// Validate the body again schema
|
|
|
|
const schemaValidate = validateJson('newDiscount', discountDoc);
|
|
|
|
if(!schemaValidate.result){
|
|
|
|
res.status(400).json(schemaValidate.errors);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if code exists
|
|
|
|
const checkCode = await db.discounts.countDocuments({
|
|
|
|
code: discountDoc.code
|
|
|
|
});
|
|
|
|
if(checkCode){
|
|
|
|
res.status(400).json({ message: 'Discount code already exists' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check start is after today
|
|
|
|
if(moment(discountDoc.start).isBefore(moment())){
|
|
|
|
res.status(400).json({ message: 'Discount start date needs to be after today' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check end is after the start
|
|
|
|
if(!moment(discountDoc.end).isAfter(moment(discountDoc.start))){
|
|
|
|
res.status(400).json({ message: 'Discount end date needs to be after start date' });
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Insert discount code
|
|
|
|
const discount = await db.discounts.insertOne(discountDoc);
|
|
|
|
res.status(200).json({ message: 'Discount code created successfully', discountId: discount.insertedId });
|
|
|
|
});
|
|
|
|
|
|
|
|
// Delete discount code
|
|
|
|
router.delete('/admin/settings/discount/delete', restrict, checkAccess, async (req, res) => {
|
|
|
|
const db = req.app.db;
|
|
|
|
|
|
|
|
try{
|
|
|
|
await db.discounts.deleteOne({ _id: common.getId(req.body.discountId) }, {});
|
|
|
|
res.status(200).json({ message: 'Discount code successfully deleted' });
|
|
|
|
return;
|
|
|
|
}catch(ex){
|
|
|
|
res.status(400).json({ message: 'Error deleting discount code. Please try again.' });
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
2018-01-07 04:55:48 +10:00
|
|
|
// upload the file
|
2019-07-12 18:06:34 +10:00
|
|
|
const upload = multer({ dest: 'public/uploads/' });
|
2019-12-07 09:41:18 +10:00
|
|
|
router.post('/admin/file/upload', restrict, checkAccess, upload.single('uploadFile'), async (req, res) => {
|
2018-01-22 07:20:33 +10:00
|
|
|
const db = req.app.db;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
|
|
|
if(req.file){
|
2019-07-12 18:06:34 +10:00
|
|
|
const file = req.file;
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2018-06-01 21:31:23 +10:00
|
|
|
// Get the mime type of the file
|
|
|
|
const mimeType = mime.lookup(file.originalname);
|
2019-06-11 15:12:14 +10:00
|
|
|
|
2018-06-01 21:31:23 +10:00
|
|
|
// Check for allowed mime type and file size
|
|
|
|
if(!common.allowedMimeType.includes(mimeType) || file.size > common.fileSizeLimit){
|
|
|
|
// Remove temp file
|
|
|
|
fs.unlinkSync(file.path);
|
2018-01-07 04:55:48 +10:00
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// Return error
|
|
|
|
res.status(400).json({ message: 'File type not allowed or too large. Please try again.' });
|
2018-06-01 21:31:23 +10:00
|
|
|
return;
|
|
|
|
}
|
2018-01-07 04:55:48 +10:00
|
|
|
|
|
|
|
// get the product form the DB
|
2019-10-26 11:08:53 +10:00
|
|
|
const product = await db.products.findOne({ _id: common.getId(req.body.productId) });
|
|
|
|
if(!product){
|
|
|
|
// delete the temp file.
|
|
|
|
fs.unlinkSync(file.path);
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-12-07 09:41:18 +10:00
|
|
|
// Return error
|
|
|
|
res.status(400).json({ message: 'File upload error. Please try again.' });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
|
|
|
}
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:33:39 +10:00
|
|
|
const productPath = product._id.toString();
|
2019-10-26 11:08:53 +10:00
|
|
|
const uploadDir = path.join('public/uploads', productPath);
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
// Check directory and create (if needed)
|
|
|
|
common.checkDirectorySync(uploadDir);
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
const source = fs.createReadStream(file.path);
|
|
|
|
const dest = fs.createWriteStream(path.join(uploadDir, file.originalname.replace(/ /g, '_')));
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
// save the new file
|
|
|
|
source.pipe(dest);
|
|
|
|
source.on('end', () => { });
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
// delete the temp file.
|
|
|
|
fs.unlinkSync(file.path);
|
2018-06-01 21:31:23 +10:00
|
|
|
|
2019-10-26 11:08:53 +10:00
|
|
|
const imagePath = path.join('/uploads', productPath, file.originalname.replace(/ /g, '_'));
|
|
|
|
|
|
|
|
// if there isn't a product featured image, set this one
|
|
|
|
if(!product.productImage){
|
2019-10-29 18:26:30 +10:00
|
|
|
await db.products.updateOne({ _id: common.getId(req.body.productId) }, { $set: { productImage: imagePath } }, { multi: false });
|
2019-10-26 11:08:53 +10:00
|
|
|
}
|
2019-12-30 22:28:37 +10:00
|
|
|
// Return success message
|
2019-12-07 09:41:18 +10:00
|
|
|
res.status(200).json({ message: 'File uploaded successfully' });
|
2019-10-26 11:08:53 +10:00
|
|
|
return;
|
2018-01-07 04:55:48 +10:00
|
|
|
}
|
2019-12-07 09:41:18 +10:00
|
|
|
// Return error
|
|
|
|
res.status(400).json({ message: 'File upload error. Please try again.' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
|
|
|
// delete a file via ajax request
|
2019-06-15 14:46:08 +10:00
|
|
|
router.post('/admin/testEmail', restrict, (req, res) => {
|
2019-07-12 18:06:34 +10:00
|
|
|
const config = req.app.config;
|
2018-01-22 07:20:33 +10:00
|
|
|
// TODO: Should fix this to properly handle result
|
2018-01-07 04:55:48 +10:00
|
|
|
common.sendEmail(config.emailAddress, 'expressCart test email', 'Your email settings are working');
|
2019-06-15 14:46:08 +10:00
|
|
|
res.status(200).json({ message: 'Test email sent' });
|
2018-01-07 04:55:48 +10:00
|
|
|
});
|
|
|
|
|
2020-01-07 20:45:23 +10:00
|
|
|
router.post('/admin/searchall', restrict, async (req, res, next) => {
|
|
|
|
const db = req.app.db;
|
|
|
|
const searchValue = req.body.searchValue;
|
|
|
|
const limitReturned = 5;
|
|
|
|
|
|
|
|
// Empty arrays
|
|
|
|
let customers = [];
|
|
|
|
let orders = [];
|
|
|
|
let products = [];
|
|
|
|
|
|
|
|
// Default queries
|
|
|
|
const customerQuery = {};
|
|
|
|
const orderQuery = {};
|
|
|
|
const productQuery = {};
|
|
|
|
|
|
|
|
// If an ObjectId is detected use that
|
|
|
|
if(ObjectId.isValid(req.body.searchValue)){
|
|
|
|
// Get customers
|
|
|
|
customers = await db.customers.find({
|
|
|
|
_id: ObjectId(searchValue)
|
|
|
|
})
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ created: 1 })
|
|
|
|
.toArray();
|
|
|
|
|
|
|
|
// Get orders
|
|
|
|
orders = await db.orders.find({
|
|
|
|
_id: ObjectId(searchValue)
|
|
|
|
})
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ orderDate: 1 })
|
|
|
|
.toArray();
|
|
|
|
|
|
|
|
// Get products
|
|
|
|
products = await db.products.find({
|
|
|
|
_id: ObjectId(searchValue)
|
|
|
|
})
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ productAddedDate: 1 })
|
|
|
|
.toArray();
|
|
|
|
|
|
|
|
return res.status(200).json({
|
|
|
|
customers,
|
|
|
|
orders,
|
|
|
|
products
|
|
|
|
});
|
|
|
|
}
|
|
|
|
|
|
|
|
// If email address is detected
|
|
|
|
if(emailRegex.test(req.body.searchValue)){
|
|
|
|
customerQuery.email = searchValue;
|
|
|
|
orderQuery.orderEmail = searchValue;
|
|
|
|
}else if(numericRegex.test(req.body.searchValue)){
|
|
|
|
// If a numeric value is detected
|
2020-01-08 18:28:29 +10:00
|
|
|
orderQuery.amount = req.body.searchValue;
|
|
|
|
productQuery.productPrice = req.body.searchValue;
|
2020-01-07 20:45:23 +10:00
|
|
|
}else{
|
|
|
|
// String searches
|
|
|
|
customerQuery.$or = [
|
|
|
|
{ firstName: { $regex: new RegExp(searchValue, 'img') } },
|
|
|
|
{ lastName: { $regex: new RegExp(searchValue, 'img') } }
|
|
|
|
];
|
|
|
|
orderQuery.$or = [
|
|
|
|
{ orderFirstname: { $regex: new RegExp(searchValue, 'img') } },
|
|
|
|
{ orderLastname: { $regex: new RegExp(searchValue, 'img') } }
|
|
|
|
];
|
|
|
|
productQuery.$or = [
|
|
|
|
{ productTitle: { $regex: new RegExp(searchValue, 'img') } },
|
|
|
|
{ productDescription: { $regex: new RegExp(searchValue, 'img') } }
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get customers
|
|
|
|
if(Object.keys(customerQuery).length > 0){
|
|
|
|
customers = await db.customers.find(customerQuery)
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ created: 1 })
|
|
|
|
.toArray();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get orders
|
|
|
|
if(Object.keys(orderQuery).length > 0){
|
|
|
|
orders = await db.orders.find(orderQuery)
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ orderDate: 1 })
|
|
|
|
.toArray();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get products
|
|
|
|
if(Object.keys(productQuery).length > 0){
|
|
|
|
products = await db.products.find(productQuery)
|
|
|
|
.limit(limitReturned)
|
|
|
|
.sort({ productAddedDate: 1 })
|
|
|
|
.toArray();
|
|
|
|
}
|
|
|
|
|
|
|
|
return res.status(200).json({
|
|
|
|
customers,
|
|
|
|
orders,
|
|
|
|
products
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
2018-01-07 04:55:48 +10:00
|
|
|
module.exports = router;
|