expressCart/routes/admin.js

447 lines
15 KiB
JavaScript
Raw Normal View History

2018-02-04 01:23:59 +10:00
const express = require('express');
const common = require('../lib/common');
2019-06-15 14:46:08 +10:00
const { restrict, checkAccess } = require('../lib/auth');
2018-02-04 01:23:59 +10:00
const escape = require('html-entities').AllHtmlEntities;
const colors = require('colors');
2018-02-04 22:04:32 +10:00
const bcrypt = require('bcryptjs');
const fs = require('fs');
const path = require('path');
const multer = require('multer');
2018-06-01 21:31:23 +10:00
const mime = require('mime-type/with-db');
2019-06-15 10:54:41 +10:00
const ObjectId = require('mongodb').ObjectID;
2018-02-04 01:23:59 +10:00
const router = express.Router();
2018-01-07 04:55:48 +10:00
// Admin section
2019-06-15 14:46:08 +10:00
router.get('/admin', restrict, (req, res, next) => {
2018-01-07 04:55:48 +10:00
res.redirect('/admin/orders');
});
2018-02-04 01:23:59 +10:00
// logout
router.get('/admin/logout', (req, res) => {
2018-02-04 01:23:59 +10:00
req.session.user = null;
req.session.message = null;
req.session.messageType = null;
res.redirect('/');
});
2018-01-07 04:55:48 +10:00
2018-02-04 01:23:59 +10:00
// login form
2019-10-26 11:08:53 +10:00
router.get('/admin/login', async (req, res) => {
2019-07-12 18:06:34 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
2019-10-29 18:26:30 +10:00
const userCount = await db.users.countDocuments({});
2019-10-26 11:08:53 +10:00
// we check for a user. If one exists, redirect to login form otherwise setup
if(userCount && userCount > 0){
// set needsSetup to false as a user exists
req.session.needsSetup = false;
res.render('login', {
title: 'Login',
referringUrl: req.header('Referer'),
config: req.app.config,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
showFooter: 'showFooter'
});
}else{
// if there are no users set the "needsSetup" session
req.session.needsSetup = true;
res.redirect('/admin/setup');
}
2018-01-07 04:55:48 +10:00
});
2018-02-04 01:23:59 +10:00
// login the user and check the password
2019-10-26 11:08:53 +10:00
router.post('/admin/login_action', async (req, res) => {
2019-07-12 18:06:34 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
2019-10-26 11:08:53 +10:00
const user = await db.users.findOne({ userEmail: common.mongoSanitize(req.body.email) });
if(!user || user === null){
res.status(400).json({ message: 'A user with that email does not exist.' });
return;
}
2018-01-07 04:55:48 +10:00
2019-10-26 11:08:53 +10:00
// we have a user under that email so we compare the password
bcrypt.compare(req.body.password, user.userPassword)
.then((result) => {
if(result){
req.session.user = req.body.email;
req.session.usersName = user.usersName;
req.session.userId = user._id.toString();
req.session.isAdmin = user.isAdmin;
res.status(200).json({ message: 'Login successful' });
return;
2018-01-07 04:55:48 +10:00
}
2019-10-26 11:08:53 +10:00
// password is not correct
res.status(400).json({ message: 'Access denied. Check password and try again.' });
2018-01-07 04:55:48 +10:00
});
});
2018-02-04 01:23:59 +10:00
// setup form is shown when there are no users setup in the DB
2019-10-26 11:08:53 +10:00
router.get('/admin/setup', async (req, res) => {
2019-07-12 18:06:34 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
2019-10-29 18:26:30 +10:00
const userCount = await db.users.countDocuments({});
2019-10-26 11:08:53 +10:00
// dont allow the user to "re-setup" if a user exists.
// set needsSetup to false as a user exists
req.session.needsSetup = false;
if(userCount === 0){
2019-10-26 11:08:53 +10:00
req.session.needsSetup = true;
res.render('setup', {
title: 'Setup',
config: req.app.config,
helpers: req.handlebars.helpers,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
showFooter: 'showFooter'
});
return;
}
res.redirect('/admin/login');
2018-01-07 04:55:48 +10:00
});
// insert a user
2019-10-26 11:08:53 +10:00
router.post('/admin/setup_action', async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
2019-07-12 18:06:34 +10:00
const doc = {
2018-01-07 04:55:48 +10:00
usersName: req.body.usersName,
userEmail: req.body.userEmail,
2018-02-04 22:04:32 +10:00
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
2019-11-07 16:36:20 +10:00
isAdmin: true,
isOwner: true
2018-01-07 04:55:48 +10:00
};
// check for users
2019-10-29 18:26:30 +10:00
const userCount = await db.users.countDocuments({});
if(userCount === 0){
2019-10-26 11:08:53 +10:00
// email is ok to be used.
try{
2019-10-29 18:26:30 +10:00
await db.users.insertOne(doc);
res.status(200).json({ message: 'User account inserted' });
2019-10-26 11:08:53 +10:00
return;
}catch(ex){
console.error(colors.red('Failed to insert user: ' + ex));
res.status(200).json({ message: 'Setup failed' });
2019-10-26 11:08:53 +10:00
return;
2018-01-07 04:55:48 +10:00
}
2019-10-26 11:08:53 +10:00
}
res.status(200).json({ message: 'Already setup.' });
2018-01-07 04:55:48 +10:00
});
2019-12-07 09:41:18 +10:00
// settings
2019-06-15 14:46:08 +10:00
router.get('/admin/settings', restrict, (req, res) => {
2018-01-07 04:55:48 +10:00
res.render('settings', {
title: 'Cart settings',
session: req.session,
admin: true,
themes: common.getThemes(),
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
footerHtml: typeof req.app.config.footerHtml !== 'undefined' ? escape.decode(req.app.config.footerHtml) : null,
googleAnalytics: typeof req.app.config.googleAnalytics !== 'undefined' ? escape.decode(req.app.config.googleAnalytics) : null
2018-01-07 04:55:48 +10:00
});
});
2019-12-07 09:41:18 +10:00
// create API key
2019-06-15 14:46:08 +10:00
router.post('/admin/createApiKey', restrict, checkAccess, async (req, res) => {
2019-06-15 10:54:41 +10:00
const db = req.app.db;
2019-07-12 18:06:34 +10:00
const result = await db.users.findOneAndUpdate({
2019-06-15 10:54:41 +10:00
_id: ObjectId(req.session.userId),
isAdmin: true
}, {
$set: {
apiKey: new ObjectId()
}
}, {
returnOriginal: false
});
if(result.value && result.value.apiKey){
2019-06-15 14:46:08 +10:00
res.status(200).json({ message: 'API Key generated', apiKey: result.value.apiKey });
2019-06-15 10:54:41 +10:00
return;
}
2019-06-15 14:46:08 +10:00
res.status(400).json({ message: 'Failed to generate API Key' });
2019-06-15 10:54:41 +10:00
});
2018-01-07 04:55:48 +10:00
// settings update
2019-06-15 14:46:08 +10:00
router.post('/admin/settings/update', restrict, checkAccess, (req, res) => {
const result = common.updateConfig(req.body);
2018-01-07 04:55:48 +10:00
if(result === true){
2019-11-01 22:30:40 +10:00
req.app.config = common.getConfig();
2019-06-15 14:46:08 +10:00
res.status(200).json({ message: 'Settings successfully updated' });
2018-01-07 04:55:48 +10:00
return;
}
2019-06-15 14:46:08 +10:00
res.status(400).json({ message: 'Permission denied' });
2018-01-07 04:55:48 +10:00
});
2019-12-07 09:41:18 +10:00
// settings menu
2019-06-15 14:46:08 +10:00
router.get('/admin/settings/menu', restrict, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
res.render('settings_menu', {
title: 'Cart menu',
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
2019-12-07 09:41:18 +10:00
// page list
2019-10-26 11:08:53 +10:00
router.get('/admin/settings/pages', restrict, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2019-10-26 11:08:53 +10:00
const pages = await db.pages.find({}).toArray();
2019-10-26 11:08:53 +10:00
res.render('settings_pages', {
title: 'Static pages',
pages: pages,
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
2019-12-07 09:41:18 +10:00
// pages new
2019-06-15 14:46:08 +10:00
router.get('/admin/settings/pages/new', restrict, checkAccess, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2019-12-07 09:41:18 +10:00
res.render('settings_page', {
2018-01-07 04:55:48 +10:00
title: 'Static pages',
session: req.session,
admin: true,
button_text: 'Create',
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
2019-12-07 09:41:18 +10:00
// pages editor
2019-10-26 11:08:53 +10:00
router.get('/admin/settings/pages/edit/:page', restrict, checkAccess, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2019-10-26 11:08:53 +10:00
const page = await db.pages.findOne({ _id: common.getId(req.params.page) });
const menu = common.sortMenu(await common.getMenu(db));
if(!page){
res.status(404).render('error', {
title: '404 Error - Page not found',
config: req.app.config,
message: '404 Error - Page not found',
helpers: req.handlebars.helpers,
showFooter: 'showFooter',
menu
});
return;
}
2019-12-07 09:41:18 +10:00
res.render('settings_page', {
2019-10-26 11:08:53 +10:00
title: 'Static pages',
page: page,
button_text: 'Update',
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
config: req.app.config,
menu
2018-01-07 04:55:48 +10:00
});
});
2019-12-07 09:41:18 +10:00
// insert/update page
router.post('/admin/settings/page', restrict, checkAccess, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
2019-07-12 18:06:34 +10:00
const doc = {
2018-01-07 04:55:48 +10:00
pageName: req.body.pageName,
pageSlug: req.body.pageSlug,
pageEnabled: req.body.pageEnabled,
pageContent: req.body.pageContent
};
2019-12-07 17:22:46 +10:00
if(req.body.pageId){
2018-01-07 04:55:48 +10:00
// existing page
2019-12-07 17:22:46 +10:00
const page = await db.pages.findOne({ _id: common.getId(req.body.pageId) });
2019-10-26 11:08:53 +10:00
if(!page){
res.status(400).json({ message: 'Page not found' });
2019-12-07 17:25:51 +10:00
return;
2019-10-26 11:08:53 +10:00
}
try{
2019-12-07 17:22:46 +10:00
const updatedPage = await db.pages.findOneAndUpdate({ _id: common.getId(req.body.pageId) }, { $set: doc }, { returnOriginal: false });
res.status(200).json({ message: 'Page updated successfully', pageId: req.body.pageId, page: updatedPage.value });
2019-10-26 11:08:53 +10:00
}catch(ex){
res.status(400).json({ message: 'Error updating page. Please try again.' });
}
2018-01-07 04:55:48 +10:00
}else{
// insert page
2019-10-26 11:08:53 +10:00
try{
2019-10-29 18:26:30 +10:00
const newDoc = await db.pages.insertOne(doc);
2019-12-07 17:22:46 +10:00
res.status(200).json({ message: 'New page successfully created', pageId: newDoc.insertedId });
2019-10-26 11:08:53 +10:00
return;
}catch(ex){
res.status(400).json({ message: 'Error creating page. Please try again.' });
}
2018-01-07 04:55:48 +10:00
}
});
2019-12-07 09:41:18 +10:00
// delete page
router.post('/admin/settings/page/delete', restrict, checkAccess, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2019-12-07 17:25:51 +10:00
const page = await db.pages.findOne({ _id: common.getId(req.body.pageId) });
if(!page){
res.status(400).json({ message: 'Page not found' });
return;
}
2019-10-26 11:08:53 +10:00
try{
2019-12-07 09:41:18 +10:00
await db.pages.deleteOne({ _id: common.getId(req.body.pageId) }, {});
res.status(200).json({ message: 'Page successfully deleted' });
2019-10-26 11:08:53 +10:00
return;
}catch(ex){
2019-12-07 09:41:18 +10:00
res.status(400).json({ message: 'Error deleting page. Please try again.' });
2019-10-26 11:08:53 +10:00
}
2018-01-07 04:55:48 +10:00
});
// new menu item
2019-06-15 14:46:08 +10:00
router.post('/admin/settings/menu/new', restrict, checkAccess, (req, res) => {
2019-12-07 09:41:18 +10:00
const result = common.newMenu(req);
2018-01-07 04:55:48 +10:00
if(result === false){
2019-12-07 09:41:18 +10:00
res.status(400).json({ message: 'Failed creating menu.' });
return;
2018-01-07 04:55:48 +10:00
}
2019-12-07 09:41:18 +10:00
res.status(200).json({ message: 'Menu created successfully.' });
2018-01-07 04:55:48 +10:00
});
// update existing menu item
2019-06-15 14:46:08 +10:00
router.post('/admin/settings/menu/update', restrict, checkAccess, (req, res) => {
2019-12-07 09:41:18 +10:00
const result = common.updateMenu(req);
2018-01-07 04:55:48 +10:00
if(result === false){
2019-12-07 09:41:18 +10:00
res.status(400).json({ message: 'Failed updating menu.' });
return;
2018-01-07 04:55:48 +10:00
}
2019-12-07 09:41:18 +10:00
res.status(200).json({ message: 'Menu updated successfully.' });
2018-01-07 04:55:48 +10:00
});
// delete menu item
2019-12-07 09:41:18 +10:00
router.post('/admin/settings/menu/delete', restrict, checkAccess, (req, res) => {
const result = common.deleteMenu(req, req.body.menuId);
2018-01-07 04:55:48 +10:00
if(result === false){
2019-12-07 09:41:18 +10:00
res.status(400).json({ message: 'Failed deleting menu.' });
return;
2018-01-07 04:55:48 +10:00
}
2019-12-07 09:41:18 +10:00
res.status(200).json({ message: 'Menu deleted successfully.' });
2018-01-07 04:55:48 +10:00
});
// We call this via a Ajax call to save the order from the sortable list
2019-06-15 14:46:08 +10:00
router.post('/admin/settings/menu/save_order', restrict, checkAccess, (req, res) => {
2019-07-12 18:06:34 +10:00
const result = common.orderMenu(req, res);
2018-01-07 04:55:48 +10:00
if(result === false){
2019-06-15 14:46:08 +10:00
res.status(400).json({ message: 'Failed saving menu order' });
2018-01-07 04:55:48 +10:00
return;
}
res.status(200);
});
// validate the permalink
2019-10-26 11:08:53 +10:00
router.post('/admin/api/validate_permalink', async (req, res) => {
2018-01-07 04:55:48 +10:00
// if doc id is provided it checks for permalink in any products other that one provided,
// else it just checks for any products with that permalink
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
let query = {};
if(typeof req.body.docId === 'undefined' || req.body.docId === ''){
2019-06-15 14:46:08 +10:00
query = { productPermalink: req.body.permalink };
2018-01-07 04:55:48 +10:00
}else{
2019-06-15 14:46:08 +10:00
query = { productPermalink: req.body.permalink, _id: { $ne: common.getId(req.body.docId) } };
2018-01-07 04:55:48 +10:00
}
2019-10-29 18:26:30 +10:00
const products = await db.products.countDocuments(query);
2019-10-26 11:08:53 +10:00
if(products && products > 0){
res.status(400).json({ message: 'Permalink already exists' });
return;
}
res.status(200).json({ message: 'Permalink validated successfully' });
2018-01-07 04:55:48 +10:00
});
// upload the file
2019-07-12 18:06:34 +10:00
const upload = multer({ dest: 'public/uploads/' });
2019-12-07 09:41:18 +10:00
router.post('/admin/file/upload', restrict, checkAccess, upload.single('uploadFile'), async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
if(req.file){
2019-07-12 18:06:34 +10:00
const file = req.file;
2018-01-07 04:55:48 +10:00
2018-06-01 21:31:23 +10:00
// Get the mime type of the file
const mimeType = mime.lookup(file.originalname);
2019-06-11 15:12:14 +10:00
2018-06-01 21:31:23 +10:00
// Check for allowed mime type and file size
if(!common.allowedMimeType.includes(mimeType) || file.size > common.fileSizeLimit){
// Remove temp file
fs.unlinkSync(file.path);
2018-01-07 04:55:48 +10:00
2019-12-07 09:41:18 +10:00
// Return error
res.status(400).json({ message: 'File type not allowed or too large. Please try again.' });
2018-06-01 21:31:23 +10:00
return;
}
2018-01-07 04:55:48 +10:00
// get the product form the DB
2019-10-26 11:08:53 +10:00
const product = await db.products.findOne({ _id: common.getId(req.body.productId) });
if(!product){
// delete the temp file.
fs.unlinkSync(file.path);
2018-06-01 21:31:23 +10:00
2019-12-07 09:41:18 +10:00
// Return error
res.status(400).json({ message: 'File upload error. Please try again.' });
2019-10-26 11:08:53 +10:00
return;
}
2018-06-01 21:31:23 +10:00
const productPath = product._id.toString();
2019-10-26 11:08:53 +10:00
const uploadDir = path.join('public/uploads', productPath);
2018-06-01 21:31:23 +10:00
2019-10-26 11:08:53 +10:00
// Check directory and create (if needed)
common.checkDirectorySync(uploadDir);
2018-06-01 21:31:23 +10:00
2019-10-26 11:08:53 +10:00
const source = fs.createReadStream(file.path);
const dest = fs.createWriteStream(path.join(uploadDir, file.originalname.replace(/ /g, '_')));
2018-06-01 21:31:23 +10:00
2019-10-26 11:08:53 +10:00
// save the new file
source.pipe(dest);
source.on('end', () => { });
2018-06-01 21:31:23 +10:00
2019-10-26 11:08:53 +10:00
// delete the temp file.
fs.unlinkSync(file.path);
2018-06-01 21:31:23 +10:00
2019-10-26 11:08:53 +10:00
const imagePath = path.join('/uploads', productPath, file.originalname.replace(/ /g, '_'));
// if there isn't a product featured image, set this one
if(!product.productImage){
2019-10-29 18:26:30 +10:00
await db.products.updateOne({ _id: common.getId(req.body.productId) }, { $set: { productImage: imagePath } }, { multi: false });
2019-10-26 11:08:53 +10:00
}
2019-12-07 09:41:18 +10:00
// Return success message
res.status(200).json({ message: 'File uploaded successfully' });
2019-10-26 11:08:53 +10:00
return;
2018-01-07 04:55:48 +10:00
}
2019-12-07 09:41:18 +10:00
// Return error
res.status(400).json({ message: 'File upload error. Please try again.' });
2018-01-07 04:55:48 +10:00
});
// delete a file via ajax request
2019-06-15 14:46:08 +10:00
router.post('/admin/testEmail', restrict, (req, res) => {
2019-07-12 18:06:34 +10:00
const config = req.app.config;
2018-01-22 07:20:33 +10:00
// TODO: Should fix this to properly handle result
2018-01-07 04:55:48 +10:00
common.sendEmail(config.emailAddress, 'expressCart test email', 'Your email settings are working');
2019-06-15 14:46:08 +10:00
res.status(200).json({ message: 'Test email sent' });
2018-01-07 04:55:48 +10:00
});
module.exports = router;