expressCart/routes/admin.js

546 lines
19 KiB
JavaScript
Raw Normal View History

2018-02-04 01:23:59 +10:00
const express = require('express');
const common = require('../lib/common');
2018-02-04 01:23:59 +10:00
const escape = require('html-entities').AllHtmlEntities;
const colors = require('colors');
2018-02-04 22:04:32 +10:00
const bcrypt = require('bcryptjs');
const fs = require('fs');
const path = require('path');
const multer = require('multer');
const glob = require('glob');
2018-02-04 01:23:59 +10:00
const router = express.Router();
2018-01-07 04:55:48 +10:00
// Admin section
router.get('/admin', common.restrict, (req, res, next) => {
2018-01-07 04:55:48 +10:00
res.redirect('/admin/orders');
});
2018-02-04 01:23:59 +10:00
// logout
router.get('/admin/logout', (req, res) => {
2018-02-04 01:23:59 +10:00
req.session.user = null;
req.session.message = null;
req.session.messageType = null;
res.redirect('/');
});
2018-01-07 04:55:48 +10:00
2018-02-04 01:23:59 +10:00
// login form
router.get('/admin/login', (req, res) => {
2018-02-04 01:23:59 +10:00
let db = req.app.db;
2018-01-07 04:55:48 +10:00
2018-02-04 01:23:59 +10:00
db.users.count({}, (err, userCount) => {
2018-01-07 04:55:48 +10:00
if(err){
2018-02-04 01:23:59 +10:00
// if there are no users set the "needsSetup" session
req.session.needsSetup = true;
res.redirect('/admin/setup');
2018-01-07 04:55:48 +10:00
}
2018-02-04 01:23:59 +10:00
// we check for a user. If one exists, redirect to login form otherwise setup
if(userCount > 0){
// set needsSetup to false as a user exists
req.session.needsSetup = false;
res.render('login', {
title: 'Login',
referringUrl: req.header('Referer'),
2018-02-23 03:41:24 +10:00
config: req.app.config,
2018-02-04 01:23:59 +10:00
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
showFooter: 'showFooter'
});
2018-01-07 04:55:48 +10:00
}else{
2018-02-04 01:23:59 +10:00
// if there are no users set the "needsSetup" session
req.session.needsSetup = true;
res.redirect('/admin/setup');
2018-01-07 04:55:48 +10:00
}
});
});
2018-02-04 01:23:59 +10:00
// login the user and check the password
router.post('/admin/login_action', (req, res) => {
2018-02-04 01:23:59 +10:00
let db = req.app.db;
2018-01-07 04:55:48 +10:00
2018-02-04 01:23:59 +10:00
db.users.findOne({userEmail: req.body.email}, (err, user) => {
if(err){
2018-02-23 03:41:24 +10:00
res.status(400).json({message: 'A user with that email does not exist.'});
2018-02-04 01:23:59 +10:00
return;
2018-01-07 04:55:48 +10:00
}
2018-02-04 01:23:59 +10:00
// check if user exists with that email
if(user === undefined || user === null){
2018-02-23 03:41:24 +10:00
res.status(400).json({message: 'A user with that email does not exist.'});
2018-02-04 01:23:59 +10:00
}else{
// we have a user under that email so we compare the password
2018-02-04 22:04:32 +10:00
bcrypt.compare(req.body.password, user.userPassword)
.then((result) => {
if(result){
req.session.user = req.body.email;
req.session.usersName = user.usersName;
req.session.userId = user._id.toString();
req.session.isAdmin = user.isAdmin;
2018-02-23 03:41:24 +10:00
res.status(200).json({message: 'Login successful'});
2018-02-04 22:04:32 +10:00
}else{
// password is not correct
2018-02-23 03:41:24 +10:00
res.status(400).json({message: 'Access denied. Check password and try again.'});
2018-02-04 22:04:32 +10:00
}
});
2018-01-07 04:55:48 +10:00
}
});
});
2018-02-04 01:23:59 +10:00
// setup form is shown when there are no users setup in the DB
router.get('/admin/setup', (req, res) => {
2018-02-04 01:23:59 +10:00
let db = req.app.db;
2018-01-07 04:55:48 +10:00
2018-02-04 01:23:59 +10:00
db.users.count({}, (err, userCount) => {
if(err){
console.error(colors.red('Error getting users for setup', err));
}
// dont allow the user to "re-setup" if a user exists.
// set needsSetup to false as a user exists
req.session.needsSetup = false;
if(userCount === 0){
req.session.needsSetup = true;
res.render('setup', {
title: 'Setup',
2018-02-23 03:41:24 +10:00
config: req.app.config,
2018-02-04 01:23:59 +10:00
helpers: req.handlebars.helpers,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
showFooter: 'showFooter'
});
}else{
res.redirect('/admin/login');
}
});
2018-01-07 04:55:48 +10:00
});
// insert a user
router.post('/admin/setup_action', (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
let doc = {
usersName: req.body.usersName,
userEmail: req.body.userEmail,
2018-02-04 22:04:32 +10:00
userPassword: bcrypt.hashSync(req.body.userPassword, 10),
2018-01-07 04:55:48 +10:00
isAdmin: true
};
// check for users
db.users.count({}, (err, userCount) => {
if(err){
console.info(err.stack);
}
if(userCount === 0){
// email is ok to be used.
db.users.insert(doc, (err, doc) => {
// show the view
if(err){
console.error(colors.red('Failed to insert user: ' + err));
req.session.message = 'Setup failed';
req.session.messageType = 'danger';
2018-02-04 01:23:59 +10:00
res.redirect('/admin/setup');
2018-01-07 04:55:48 +10:00
}else{
req.session.message = 'User account inserted';
req.session.messageType = 'success';
2018-02-04 01:23:59 +10:00
res.redirect('/admin/login');
2018-01-07 04:55:48 +10:00
}
});
}else{
2018-02-04 01:23:59 +10:00
res.redirect('/admin/login');
2018-01-07 04:55:48 +10:00
}
});
});
// settings update
router.get('/admin/settings', common.restrict, (req, res) => {
2018-01-07 04:55:48 +10:00
res.render('settings', {
title: 'Cart settings',
session: req.session,
admin: true,
themes: common.getThemes(),
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
footerHtml: typeof req.app.config.footerHtml !== 'undefined' ? escape.decode(req.app.config.footerHtml) : null,
googleAnalytics: typeof req.app.config.googleAnalytics !== 'undefined' ? escape.decode(req.app.config.googleAnalytics) : null
2018-01-07 04:55:48 +10:00
});
});
// settings update
router.post('/admin/settings/update', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
let result = common.updateConfig(req.body);
if(result === true){
res.status(200).json({message: 'Settings successfully updated'});
return;
}
res.status(400).json({message: 'Permission denied'});
});
// settings update
router.post('/admin/settings/option/remove', common.restrict, common.checkAccess, (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
db.products.findOne({_id: common.getId(req.body.productId)}, (err, product) => {
if(err){
console.info(err.stack);
}
2018-02-12 05:47:26 +10:00
if(product && product.productOptions){
2018-01-07 04:55:48 +10:00
let optJson = JSON.parse(product.productOptions);
delete optJson[req.body.optName];
db.products.update({_id: common.getImages(req.body.productId)}, {$set: {productOptions: JSON.stringify(optJson)}}, (err, numReplaced) => {
if(err){
console.info(err.stack);
}
if(numReplaced === 1){
res.status(200).json({message: 'Option successfully removed'});
}else{
res.status(400).json({message: 'Failed to remove option. Please try again.'});
}
});
}else{
2018-02-12 05:47:26 +10:00
res.status(400).json({message: 'Product not found. Try saving before removing.'});
2018-01-07 04:55:48 +10:00
}
});
});
// settings update
router.get('/admin/settings/menu', common.restrict, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
res.render('settings_menu', {
title: 'Cart menu',
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
// settings page list
router.get('/admin/settings/pages', common.restrict, (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
db.pages.find({}).toArray(async (err, pages) => {
2018-01-07 04:55:48 +10:00
if(err){
console.info(err.stack);
}
2018-01-07 04:55:48 +10:00
res.render('settings_pages', {
title: 'Static pages',
pages: pages,
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
});
// settings pages new
router.get('/admin/settings/pages/new', common.restrict, common.checkAccess, async (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
res.render('settings_page_edit', {
title: 'Static pages',
session: req.session,
admin: true,
button_text: 'Create',
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu: common.sortMenu(await common.getMenu(db))
2018-01-07 04:55:48 +10:00
});
});
// settings pages editor
router.get('/admin/settings/pages/edit/:page', common.restrict, common.checkAccess, (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
db.pages.findOne({_id: common.getId(req.params.page)}, async (err, page) => {
2018-01-07 04:55:48 +10:00
if(err){
console.info(err.stack);
}
// page found
const menu = common.sortMenu(await common.getMenu(db));
2018-01-07 04:55:48 +10:00
if(page){
res.render('settings_page_edit', {
title: 'Static pages',
page: page,
button_text: 'Update',
session: req.session,
admin: true,
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType'),
helpers: req.handlebars.helpers,
2018-02-23 03:41:24 +10:00
config: req.app.config,
menu
2018-01-07 04:55:48 +10:00
});
}else{
// 404 it!
res.status(404).render('error', {
title: '404 Error - Page not found',
2018-02-23 03:41:24 +10:00
config: req.app.config,
2018-01-07 04:55:48 +10:00
message: '404 Error - Page not found',
helpers: req.handlebars.helpers,
showFooter: 'showFooter',
menu
});
2018-01-07 04:55:48 +10:00
}
});
});
// settings update page
router.post('/admin/settings/pages/update', common.restrict, common.checkAccess, (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
let doc = {
pageName: req.body.pageName,
pageSlug: req.body.pageSlug,
pageEnabled: req.body.pageEnabled,
pageContent: req.body.pageContent
};
if(req.body.page_id){
// existing page
db.pages.findOne({_id: common.getId(req.body.page_id)}, (err, page) => {
if(err){
console.info(err.stack);
}
if(page){
db.pages.update({_id: common.getId(req.body.page_id)}, {$set: doc}, {}, (err, numReplaced) => {
if(err){
console.info(err.stack);
}
res.status(200).json({message: 'Page updated successfully', page_id: req.body.page_id});
});
}else{
res.status(400).json({message: 'Page not found'});
}
});
}else{
// insert page
db.pages.insert(doc, (err, newDoc) => {
if(err){
res.status(400).json({message: 'Error creating page. Please try again.'});
}else{
res.status(200).json({message: 'New page successfully created', page_id: newDoc._id});
}
});
}
});
// settings delete page
router.get('/admin/settings/pages/delete/:page', common.restrict, common.checkAccess, (req, res) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
db.pages.remove({_id: common.getId(req.params.page)}, {}, (err, numRemoved) => {
if(err){
req.session.message = 'Error deleting page. Please try again.';
req.session.messageType = 'danger';
res.redirect('/admin/settings/pages');
return;
}
req.session.message = 'Page successfully deleted';
req.session.messageType = 'success';
res.redirect('/admin/settings/pages');
});
});
// new menu item
router.post('/admin/settings/menu/new', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
let result = common.newMenu(req, res);
if(result === false){
req.session.message = 'Failed creating menu.';
req.session.messageType = 'danger';
}
res.redirect('/admin/settings/menu');
});
// update existing menu item
router.post('/admin/settings/menu/update', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
let result = common.updateMenu(req, res);
if(result === false){
req.session.message = 'Failed updating menu.';
req.session.messageType = 'danger';
}
res.redirect('/admin/settings/menu');
});
// delete menu item
router.get('/admin/settings/menu/delete/:menuid', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
let result = common.deleteMenu(req, res, req.params.menuid);
if(result === false){
req.session.message = 'Failed deleting menu.';
req.session.messageType = 'danger';
}
res.redirect('/admin/settings/menu');
});
// We call this via a Ajax call to save the order from the sortable list
router.post('/admin/settings/menu/save_order', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
let result = common.orderMenu(req, res);
if(result === false){
res.status(400).json({message: 'Failed saving menu order'});
return;
}
res.status(200);
});
// validate the permalink
router.post('/admin/api/validate_permalink', (req, res) => {
2018-01-07 04:55:48 +10:00
// if doc id is provided it checks for permalink in any products other that one provided,
// else it just checks for any products with that permalink
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
let query = {};
if(typeof req.body.docId === 'undefined' || req.body.docId === ''){
query = {productPermalink: req.body.permalink};
}else{
query = {productPermalink: req.body.permalink, _id: {$ne: common.getId(req.body.docId)}};
}
db.products.count(query, (err, products) => {
if(err){
console.info(err.stack);
}
if(products > 0){
res.status(400).json({message: 'Permalink already exists'});
2018-01-07 04:55:48 +10:00
}else{
res.status(200).json({message: 'Permalink validated successfully'});
2018-01-07 04:55:48 +10:00
}
});
});
// upload the file
let upload = multer({dest: 'public/uploads/'});
router.post('/admin/file/upload', common.restrict, common.checkAccess, upload.single('upload_file'), (req, res, next) => {
2018-01-22 07:20:33 +10:00
const db = req.app.db;
2018-01-07 04:55:48 +10:00
if(req.file){
// check for upload select
let uploadDir = path.join('public/uploads', req.body.directory);
// Check directory and create (if needed)
common.checkDirectorySync(uploadDir);
let file = req.file;
let source = fs.createReadStream(file.path);
let dest = fs.createWriteStream(path.join(uploadDir, file.originalname.replace(/ /g, '_')));
// save the new file
source.pipe(dest);
source.on('end', () => { });
// delete the temp file.
fs.unlink(file.path, (err) => {
if(err){
console.info(err.stack);
}
});
// get the product form the DB
2018-01-07 23:10:39 +10:00
db.products.findOne({_id: common.getId(req.body.productId)}, (err, product) => {
2018-01-07 04:55:48 +10:00
if(err){
console.info(err.stack);
}
let imagePath = path.join('/uploads', req.body.directory, file.originalname.replace(/ /g, '_'));
// if there isn't a product featured image, set this one
if(!product.productImage){
2018-01-07 23:10:39 +10:00
db.products.update({_id: common.getId(req.body.productId)}, {$set: {productImage: imagePath}}, {multi: false}, (err, numReplaced) => {
2018-01-07 04:55:48 +10:00
if(err){
console.info(err.stack);
}
req.session.message = 'File uploaded successfully';
req.session.messageType = 'success';
2018-01-07 23:10:39 +10:00
res.redirect('/admin/product/edit/' + req.body.productId);
2018-01-07 04:55:48 +10:00
});
}else{
req.session.message = 'File uploaded successfully';
req.session.messageType = 'success';
2018-01-07 23:10:39 +10:00
res.redirect('/admin/product/edit/' + req.body.productId);
2018-01-07 04:55:48 +10:00
}
});
}else{
req.session.message = 'File upload error. Please select a file.';
req.session.messageType = 'danger';
2018-01-07 23:10:39 +10:00
res.redirect('/admin/product/edit/' + req.body.productId);
2018-01-07 04:55:48 +10:00
}
});
// delete a file via ajax request
router.post('/admin/testEmail', common.restrict, (req, res) => {
2018-02-23 03:41:24 +10:00
let config = req.app.config;
2018-01-22 07:20:33 +10:00
// TODO: Should fix this to properly handle result
2018-01-07 04:55:48 +10:00
common.sendEmail(config.emailAddress, 'expressCart test email', 'Your email settings are working');
res.status(200).json({message: 'Test email sent'});
2018-01-07 04:55:48 +10:00
});
// delete a file via ajax request
router.post('/admin/file/delete', common.restrict, common.checkAccess, (req, res) => {
2018-01-07 04:55:48 +10:00
req.session.message = null;
req.session.messageType = null;
fs.unlink('public/' + req.body.img, (err) => {
if(err){
console.error(colors.red('File delete error: ' + err));
res.writeHead(400, {'Content-Type': 'application/text'});
res.end('Failed to delete file: ' + err);
}else{
res.writeHead(200, {'Content-Type': 'application/text'});
res.end('File deleted successfully');
}
});
});
router.get('/admin/files', common.restrict, (req, res) => {
2018-01-07 04:55:48 +10:00
// loop files in /public/uploads/
glob('public/uploads/**', {nosort: true}, (er, files) => {
// sort array
files.sort();
// declare the array of objects
let fileList = [];
let dirList = [];
// loop these files
for(let i = 0; i < files.length; i++){
// only want files
if(fs.lstatSync(files[i]).isDirectory() === false){
// declare the file object and set its values
let file = {
id: i,
path: files[i].substring(6)
};
// push the file object into the array
fileList.push(file);
}else{
let dir = {
id: i,
path: files[i].substring(6)
};
// push the dir object into the array
dirList.push(dir);
}
}
// render the files route
res.render('files', {
title: 'Files',
files: fileList,
admin: true,
dirs: dirList,
session: req.session,
config: common.get(),
message: common.clearSessionValue(req.session, 'message'),
messageType: common.clearSessionValue(req.session, 'messageType')
});
});
});
module.exports = router;