t1meshift
/
expressCart
mirror of https://github.com/t1meshift/expressCart.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Linting and refactoring

master
Mark Moffat 2019-06-15 14:16:08 +09:30
parent 83f5c1f159
commit 291a044d0b
15 changed files with 501 additions and 446 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.eslintrc.json
View File

@ -17,7 +17,7 @@
},
"rules": {
"quotes": ["error", "single"],
"prefer-arrow-callback": 2,
"prefer-arrow-callback": [ "error", { "allowNamedFunctions": true } ],
"consistent-return": 2,
"no-var" : 2,
"new-cap" : 0,
@ -27,11 +27,16 @@
"space-unary-ops" : 2,
"no-undef": 1,
"no-unused-vars": 1,
"keyword-spacing": ["error", { "before": false, "after": false }],
"keyword-spacing": [
"error", {
"before": false, "after": false, "overrides": {
"const": { "after": true }
}
}],
"space-before-function-paren": 0,
"space-before-blocks": ["error", "never"],
"camelcase": 0,
"handle-callback-err": ["error", "none"],
"object-curly-spacing": ["error", "never"]
"object-curly-spacing": ["error", "always"]
}
}

3
app.js
View File

@ -12,6 +12,7 @@ const helmet = require('helmet');
const colors = require('colors');
const cron = require('node-cron');
const common = require('./lib/common');
const { runIndexing } = require('./lib/indexing');
const { initDb } = require('./lib/db');
let handlebars = require('express-handlebars');
@ -357,7 +358,7 @@ initDb(config.databaseConnectionString, async (err, db) => {
// We index when not in test env
if(process.env.NODE_ENV !== 'test'){
try{
await common.runIndexing(app);
await runIndexing(app);
}catch(ex){
console.error(colors.red('Error setting up indexes:' + err));
}

92
lib/auth.js Normal file
View File

@ -0,0 +1,92 @@
const ObjectId = require('mongodb').ObjectID;
const _ = require('lodash');
const restrictedRoutes = [
{ route: '/admin/product/new', response: 'redirect' },
{ route: '/admin/product/insert', response: 'redirect' },
{ route: '/admin/product/edit/:id', response: 'redirect' },
{ route: '/admin/product/update', response: 'redirect' },
{ route: '/admin/product/delete/:id', response: 'redirect' },
{ route: '/admin/product/published_state', response: 'json' },
{ route: '/admin/product/setasmainimage', response: 'json' },
{ route: '/admin/product/deleteimage', response: 'json' },
{ route: '/admin/order/statusupdate', response: 'json' },
{ route: '/admin/settings/update', response: 'json' },
{ route: '/admin/settings/option/remove', response: 'json' },
{ route: '/admin/settings/pages/new', response: 'redirect' },
{ route: '/admin/settings/pages/edit/:page', response: 'redirect' },
{ route: '/admin/settings/pages/update', response: 'json' },
{ route: '/admin/settings/pages/delete/:page', response: 'redirect' },
{ route: '/admin/settings/menu/new', response: 'redirect' },
{ route: '/admin/settings/menu/update', response: 'redirect' },
{ route: '/admin/settings/menu/delete/:menuid', response: 'redirect' },
{ route: '/admin/settings/menu/save_order', response: 'json' },
{ route: '/admin/file/upload', response: 'redirect' },
{ route: '/admin/file/delete', response: 'json' }
];
const restrict = (req, res, next) => {
checkLogin(req, res, next);
};
const checkLogin = async (req, res, next) => {
const db = req.app.db;
// if not protecting we check for public pages and don't checkLogin
if(req.session.needsSetup === true){
res.redirect('/admin/setup');
return;
}
// If API key, check for a user
if(req.headers.apikey){
try{
const user = await db.users.findOne({
apiKey: ObjectId(req.headers.apikey),
isAdmin: true
});
if(!user){
res.status(400).json({ message: 'Access denied' });
return;
}
// Set API authenticated in the req
req.apiAuthenticated = true;
next();
return;
}catch(ex){
res.status(400).json({ message: 'Access denied' });
return;
}
}
if(req.session.user){
next();
return;
}
res.redirect('/admin/login');
};
// Middleware to check for admin access for certain route
const checkAccess = (req, res, next) => {
const routeCheck = _.find(restrictedRoutes, { 'route': req.route.path });
// If the user is not an admin and route is restricted, show message and redirect to /admin
if(req.session.isAdmin === false && routeCheck){
if(routeCheck.response === 'redirect'){
req.session.message = 'Unauthorised. Please refer to administrator.';
req.session.messageType = 'danger';
res.redirect('/admin');
return;
}
if(routeCheck.response === 'json'){
res.status(400).json({ message: 'Unauthorised. Please refer to administrator.' });
}
}else{
next();
}
};
module.exports = {
restrict,
checkLogin,
checkAccess
};

324
lib/common.js
View File

@ -1,7 +1,6 @@
const _ = require('lodash');
const uglifycss = require('uglifycss');
const colors = require('colors');
const lunr = require('lunr');
const cheerio = require('cheerio');
const fs = require('fs');
const path = require('path');
@ -11,34 +10,10 @@ const nodemailer = require('nodemailer');
const sanitizeHtml = require('sanitize-html');
const escape = require('html-entities').AllHtmlEntities;
const mkdirp = require('mkdirp');
let ObjectId = require('mongodb').ObjectID;
const restrictedRoutes = [
{route: '/admin/product/new', response: 'redirect'},
{route: '/admin/product/insert', response: 'redirect'},
{route: '/admin/product/edit/:id', response: 'redirect'},
{route: '/admin/product/update', response: 'redirect'},
{route: '/admin/product/delete/:id', response: 'redirect'},
{route: '/admin/product/published_state', response: 'json'},
{route: '/admin/product/setasmainimage', response: 'json'},
{route: '/admin/product/deleteimage', response: 'json'},
{route: '/admin/order/statusupdate', response: 'json'},
{route: '/admin/settings/update', response: 'json'},
{route: '/admin/settings/option/remove', response: 'json'},
{route: '/admin/settings/pages/new', response: 'redirect'},
{route: '/admin/settings/pages/edit/:page', response: 'redirect'},
{route: '/admin/settings/pages/update', response: 'json'},
{route: '/admin/settings/pages/delete/:page', response: 'redirect'},
{route: '/admin/settings/menu/new', response: 'redirect'},
{route: '/admin/settings/menu/update', response: 'redirect'},
{route: '/admin/settings/menu/delete/:menuid', response: 'redirect'},
{route: '/admin/settings/menu/save_order', response: 'json'},
{route: '/admin/file/upload', response: 'redirect'},
{route: '/admin/file/delete', response: 'json'}
];
const ObjectId = require('mongodb').ObjectID;
// Allowed mime types for product images
exports.allowedMimeType = [
const allowedMimeType = [
'image/jpeg',
'image/png',
'image/gif',
@ -46,54 +21,14 @@ exports.allowedMimeType = [
'image/webp'
];
exports.fileSizeLimit = 10485760;
const fileSizeLimit = 10485760;
// common functions
exports.restrict = (req, res, next) => {
exports.checkLogin(req, res, next);
};
exports.checkLogin = async (req, res, next) => {
const db = req.app.db;
// if not protecting we check for public pages and don't checkLogin
if(req.session.needsSetup === true){
res.redirect('/admin/setup');
return;
}
// If API key, check for a user
if(req.headers.apikey){
try{
const user = await db.users.findOne({
apiKey: ObjectId(req.headers.apikey),
isAdmin: true
});
if(!user){
res.status(400).json({message: 'Access denied'});
return;
}
// Set API authenticated in the req
req.apiAuthenticated = true;
next();
return;
}catch(ex){
res.status(400).json({message: 'Access denied'});
return;
}
}
if(req.session.user){
next();
return;
}
res.redirect('/admin/login');
};
exports.cleanHtml = (html) => {
const cleanHtml = (html) => {
return sanitizeHtml(html);
};
exports.mongoSanitize = (param) => {
const mongoSanitize = (param) => {
if(param instanceof Object){
for(const key in param){
if(/^\$/.test(key)){
@ -104,34 +39,14 @@ exports.mongoSanitize = (param) => {
return param;
};
exports.checkboxBool = (param) => {
const checkboxBool = (param) => {
if(param && param === 'on'){
return true;
}
return false;
};
// Middleware to check for admin access for certain route
exports.checkAccess = (req, res, next) => {
const routeCheck = _.find(restrictedRoutes, {'route': req.route.path});
// If the user is not an admin and route is restricted, show message and redirect to /admin
if(req.session.isAdmin === false && routeCheck){
if(routeCheck.response === 'redirect'){
req.session.message = 'Unauthorised. Please refer to administrator.';
req.session.messageType = 'danger';
res.redirect('/admin');
return;
}
if(routeCheck.response === 'json'){
res.status(400).json({message: 'Unauthorised. Please refer to administrator.'});
}
}else{
next();
}
};
exports.showCartCloseBtn = (page) => {
const showCartCloseBtn = (page) => {
let showCartCloseButton = true;
if(page === 'checkout' || page === 'pay'){
showCartCloseButton = false;
@ -141,10 +56,10 @@ exports.showCartCloseBtn = (page) => {
};
// adds products to sitemap.xml
exports.addSitemapProducts = (req, res, cb) => {
const addSitemapProducts = (req, res, cb) => {
let db = req.app.db;
let config = exports.getConfig();
let config = getConfig();
let hostname = config.baseUrl;
db.products.find({ productPublished: 'true' }).toArray((err, products) => {
@ -169,7 +84,7 @@ exports.addSitemapProducts = (req, res, cb) => {
});
};
exports.clearSessionValue = (session, sessionVar) => {
const clearSessionValue = (session, sessionVar) => {
let temp;
if(session){
temp = session[sessionVar];
@ -178,8 +93,8 @@ exports.clearSessionValue = (session, sessionVar) => {
return temp;
};
exports.updateTotalCartAmount = (req, res) => {
let config = exports.getConfig();
const updateTotalCartAmount = (req, res) => {
let config = getConfig();
req.session.totalCartAmount = 0;
@ -196,7 +111,7 @@ exports.updateTotalCartAmount = (req, res) => {
}
};
exports.checkDirectorySync = (directory) => {
const checkDirectorySync = (directory) => {
try{
fs.statSync(directory);
}catch(e){
@ -208,14 +123,14 @@ exports.checkDirectorySync = (directory) => {
}
};
exports.getThemes = () => {
const getThemes = () => {
return fs.readdirSync(path.join(__dirname, '../', 'views', 'themes')).filter(file => fs.statSync(path.join(path.join(__dirname, '../', 'views', 'themes'), file)).isDirectory());
};
exports.getImages = (dir, req, res, callback) => {
const getImages = (dir, req, res, callback) => {
let db = req.app.db;
db.products.findOne({_id: exports.getId(dir)}, (err, product) => {
db.products.findOne({ _id: getId(dir) }, (err, product) => {
if(err){
console.error(colors.red('Error getting images', err));
}
@ -249,7 +164,7 @@ exports.getImages = (dir, req, res, callback) => {
});
};
exports.getConfigFilename = () => {
const getConfigFilename = () => {
let filename = path.join(__dirname, '../config', 'settings-local.json');
if(fs.existsSync(filename)){
return filename;
@ -257,8 +172,8 @@ exports.getConfigFilename = () => {
return path.join(__dirname, '../config', 'settings.json');
};
exports.getConfig = () => {
let config = JSON.parse(fs.readFileSync(exports.getConfigFilename(), 'utf8'));
const getConfig = () => {
let config = JSON.parse(fs.readFileSync(getConfigFilename(), 'utf8'));
config.customCss = typeof config.customCss !== 'undefined' ? escape.decode(config.customCss) : null;
config.footerHtml = typeof config.footerHtml !== 'undefined' ? escape.decode(config.footerHtml) : null;
config.googleAnalytics = typeof config.googleAnalytics !== 'undefined' ? escape.decode(config.googleAnalytics) : null;
@ -283,8 +198,8 @@ exports.getConfig = () => {
return config;
};
exports.getPaymentConfig = () => {
let siteConfig = this.getConfig();
const getPaymentConfig = () => {
let siteConfig = getConfig();
const gateConfigFile = path.join(__dirname, '../config', `${siteConfig.paymentGateway}.json`);
let config = [];
@ -302,8 +217,8 @@ exports.getPaymentConfig = () => {
return config;
};
exports.updateConfig = (fields) => {
let settingsFile = exports.getConfig();
const updateConfig = (fields) => {
let settingsFile = getConfig();
_.forEach(fields, (value, key) => {
settingsFile[key] = value;
@ -359,21 +274,21 @@ exports.updateConfig = (fields) => {
// write file
try{
fs.writeFileSync(exports.getConfigFilename(), JSON.stringify(settingsFile, null, 4));
fs.writeFileSync(getConfigFilename(), JSON.stringify(settingsFile, null, 4));
return true;
}catch(exception){
return false;
}
};
exports.getMenu = (db) => {
const getMenu = (db) => {
return db.menu.findOne({});
};
// creates a new menu item
exports.newMenu = (req, res) => {
const newMenu = (req, res) => {
const db = req.app.db;
return exports.getMenu(db)
return getMenu(db)
.then((menu) => {
// if no menu present
if(!menu){
@ -399,9 +314,9 @@ exports.newMenu = (req, res) => {
};
// delete a menu item
exports.deleteMenu = (req, res, menuIndex) => {
const deleteMenu = (req, res, menuIndex) => {
const db = req.app.db;
return exports.getMenu(db)
return getMenu(db)
.then((menu) => {
// Remove menu item
menu.items.splice(menuIndex, 1);
@ -416,9 +331,9 @@ exports.deleteMenu = (req, res, menuIndex) => {
};
// updates and existing menu item
exports.updateMenu = (req, res) => {
const updateMenu = (req, res) => {
const db = req.app.db;
return exports.getMenu(db)
return getMenu(db)
.then((menu) => {
// find menu item and update it
let menuIndex = _.findIndex(menu.items, ['title', req.body.navId]);
@ -434,7 +349,7 @@ exports.updateMenu = (req, res) => {
});
};
exports.sortMenu = (menu) => {
const sortMenu = (menu) => {
if(menu && menu.items){
menu.items = _.sortBy(menu.items, 'order');
return menu;
@ -443,9 +358,9 @@ exports.sortMenu = (menu) => {
};
// orders the menu
exports.orderMenu = (req, res) => {
const orderMenu = (req, res) => {
const db = req.app.db;
return exports.getMenu(db)
return getMenu(db)
.then((menu) => {
// update the order
for(let i = 0; i < req.body.navId.length; i++){
@ -461,8 +376,8 @@ exports.orderMenu = (req, res) => {
});
};
exports.getEmailTemplate = (result) => {
let config = this.getConfig();
const getEmailTemplate = (result) => {
let config = getConfig();
let template = fs.readFileSync(path.join(__dirname, '../public/email_template.html'), 'utf8');
@ -480,8 +395,8 @@ exports.getEmailTemplate = (result) => {
return $.html();
};
exports.sendEmail = (to, subject, body) => {
let config = this.getConfig();
const sendEmail = (to, subject, body) => {
let config = getConfig();
let emailSettings = {
host: config.emailHost,
@ -516,7 +431,7 @@ exports.sendEmail = (to, subject, body) => {
};
// gets the correct type of index ID
exports.getId = (id) => {
const getId = (id) => {
if(id){
if(id.length !== 24){
return id;
@ -525,9 +440,9 @@ exports.getId = (id) => {
return ObjectId(id);
};
exports.getData = (req, page, query) => {
const getData = (req, page, query) => {
let db = req.app.db;
let config = exports.getConfig();
let config = getConfig();
let numberProducts = config.productsPerPage ? config.productsPerPage : 6;
let skip = 0;
@ -555,134 +470,31 @@ exports.getData = (req, page, query) => {
});
};
exports.indexProducts = (app) => {
// index all products in lunr on startup
return new Promise((resolve, reject) => {
app.db.products.find({}).toArray((err, productsList) => {
if(err){
console.error(colors.red(err.stack));
reject(err);
}
// setup lunr indexing
const productsIndex = lunr(function(){
this.field('productTitle', {boost: 10});
this.field('productTags', {boost: 5});
this.field('productDescription');
const lunrIndex = this;
// add to lunr index
productsList.forEach((product) => {
let doc = {
'productTitle': product.productTitle,
'productTags': product.productTags,
'productDescription': product.productDescription,
'id': product._id
};
lunrIndex.add(doc);
});
});
app.productsIndex = productsIndex;
console.log(colors.cyan('- Product indexing complete'));
resolve();
});
});
};
exports.indexCustomers = (app) => {
// index all products in lunr on startup
return new Promise((resolve, reject) => {
app.db.customers.find({}).toArray((err, customerList) => {
if(err){
console.error(colors.red(err.stack));
reject(err);
}
// setup lunr indexing
const customersIndex = lunr(function(){
this.field('email', {boost: 10});
this.field('name', {boost: 5});
this.field('phone');
const lunrIndex = this;
// add to lunr index
customerList.forEach((customer) => {
let doc = {
'email': customer.email,
'name': `${customer.firstName} ${customer.lastName}`,
'phone': customer.phone,
'id': customer._id
};
lunrIndex.add(doc);
});
});
app.customersIndex = customersIndex;
console.log(colors.cyan('- Customer indexing complete'));
resolve();
});
});
};
exports.indexOrders = (app, cb) => {
// index all orders in lunr on startup
return new Promise((resolve, reject) => {
app.db.orders.find({}).toArray((err, ordersList) => {
if(err){
console.error(colors.red('Error setting up products index: ' + err));
reject(err);
}
// setup lunr indexing
const ordersIndex = lunr(function(){
this.field('orderEmail', {boost: 10});
this.field('orderLastname', {boost: 5});
this.field('orderPostcode');
const lunrIndex = this;
// add to lunr index
ordersList.forEach((order) => {
let doc = {
'orderLastname': order.orderLastname,
'orderEmail': order.orderEmail,
'orderPostcode': order.orderPostcode,
'id': order._id
};
lunrIndex.add(doc);
});
});
app.ordersIndex = ordersIndex;
console.log(colors.cyan('- Order indexing complete'));
resolve();
});
});
};
exports.fixProductDates = (products) => {
let index = 0;
products.forEach((product) => {
products[index].productAddedDate = new Date();
index++;
});
return products;
};
// start indexing products and orders
exports.runIndexing = (app) => {
console.info(colors.yellow('Setting up indexes..'));
return Promise.all([
exports.indexProducts(app),
exports.indexOrders(app),
exports.indexCustomers(app)
])
.catch((err) => {
console.info(colors.yellow('Error setting up indexes', err));
process.exit(2);
});
module.exports = {
allowedMimeType,
fileSizeLimit,
cleanHtml,
mongoSanitize,
checkboxBool,
showCartCloseBtn,
addSitemapProducts,
clearSessionValue,
updateTotalCartAmount,
checkDirectorySync,
getThemes,
getImages,
getConfigFilename,
getConfig,
getPaymentConfig,
updateConfig,
getMenu,
newMenu,
deleteMenu,
updateMenu,
sortMenu,
orderMenu,
getEmailTemplate,
sendEmail,
getId,
getData
};

142
lib/indexing.js Normal file
View File

@ -0,0 +1,142 @@
const colors = require('colors');
const lunr = require('lunr');
const indexProducts = (app) => {
// index all products in lunr on startup
return new Promise((resolve, reject) => {
app.db.products.find({}).toArray((err, productsList) => {
if(err){
console.error(colors.red(err.stack));
reject(err);
}
// setup lunr indexing
const productsIndex = lunr(function(){
this.field('productTitle', { boost: 10 });
this.field('productTags', { boost: 5 });
this.field('productDescription');
const lunrIndex = this;
// add to lunr index
productsList.forEach((product) => {
let doc = {
'productTitle': product.productTitle,
'productTags': product.productTags,
'productDescription': product.productDescription,
'id': product._id
};
lunrIndex.add(doc);
});
});
app.productsIndex = productsIndex;
console.log(colors.cyan('- Product indexing complete'));
resolve();
});
});
};
const indexCustomers = (app) => {
// index all products in lunr on startup
return new Promise((resolve, reject) => {
app.db.customers.find({}).toArray((err, customerList) => {
if(err){
console.error(colors.red(err.stack));
reject(err);
}
// setup lunr indexing
const customersIndex = lunr(function(){
this.field('email', { boost: 10 });
this.field('name', { boost: 5 });
this.field('phone');
const lunrIndex = this;
// add to lunr index
customerList.forEach((customer) => {
let doc = {
'email': customer.email,
'name': `${customer.firstName} ${customer.lastName}`,
'phone': customer.phone,
'id': customer._id
};
lunrIndex.add(doc);
});
});
app.customersIndex = customersIndex;
console.log(colors.cyan('- Customer indexing complete'));
resolve();
});
});
};
const indexOrders = (app, cb) => {
// index all orders in lunr on startup
return new Promise((resolve, reject) => {
app.db.orders.find({}).toArray((err, ordersList) => {
if(err){
console.error(colors.red('Error setting up products index: ' + err));
reject(err);
}
// setup lunr indexing
const ordersIndex = lunr(function(){
this.field('orderEmail', { boost: 10 });
this.field('orderLastname', { boost: 5 });
this.field('orderPostcode');
const lunrIndex = this;
// add to lunr index
ordersList.forEach((order) => {
let doc = {
'orderLastname': order.orderLastname,
'orderEmail': order.orderEmail,
'orderPostcode': order.orderPostcode,
'id': order._id
};
lunrIndex.add(doc);
});
});
app.ordersIndex = ordersIndex;
console.log(colors.cyan('- Order indexing complete'));
resolve();
});
});
};
const fixProductDates = (products) => {
let index = 0;
products.forEach(() => {
products[index].productAddedDate = new Date();
index++;
});
return products;
};
// start indexing products and orders
const runIndexing = (app) => {
console.info(colors.yellow('Setting up indexes..'));
return Promise.all([
indexProducts(app),
indexOrders(app),
indexCustomers(app)
])
.catch((err) => {
console.info(colors.yellow('Error setting up indexes', err));
process.exit(2);
});
};
module.exports = {
indexProducts,
indexCustomers,
indexOrders,
fixProductDates,
runIndexing
};

7
lib/testdata.js
View File

@ -1,5 +1,6 @@
const common = require('./common');
const { getConfig } = require('./common');
const { initDb } = require('./db');
const { fixProductDates } = require('./indexing');
const fs = require('fs');
const path = require('path');
@ -7,7 +8,7 @@ const testData = fs.readFileSync(path.join(__dirname, '..', 'bin', 'testdata.jso
const jsonData = JSON.parse(testData);
// get config
let config = common.getConfig();
let config = getConfig();
initDb(config.databaseConnectionString, (err, db) => {
Promise.all([
@ -20,7 +21,7 @@ initDb(config.databaseConnectionString, (err, db) => {
Promise.all([
db.users.insertMany(jsonData.users),
db.customers.insertMany(jsonData.customers),
db.products.insertMany(common.fixProductDates(jsonData.products)),
db.products.insertMany(fixProductDates(jsonData.products)),
db.menu.insertOne(jsonData.menu)
])
.then(() => {

39
routes/admin.js
View File

@ -1,5 +1,6 @@
const express = require('express');
const common = require('../lib/common');
const { restrict, checkAccess } = require('../lib/auth');
const escape = require('html-entities').AllHtmlEntities;
const colors = require('colors');
const bcrypt = require('bcryptjs');
@ -12,7 +13,7 @@ const ObjectId = require('mongodb').ObjectID;
const router = express.Router();
// Admin section
router.get('/admin', common.restrict, (req, res, next) => {
router.get('/admin', restrict, (req, res, next) => {
res.redirect('/admin/orders');
});
@ -152,7 +153,7 @@ router.post('/admin/setup_action', (req, res) => {
});
// settings update
router.get('/admin/settings', common.restrict, (req, res) => {
router.get('/admin/settings', restrict, (req, res) => {
res.render('settings', {
title: 'Cart settings',
session: req.session,
@ -168,7 +169,7 @@ router.get('/admin/settings', common.restrict, (req, res) => {
});
// settings update
router.post('/admin/createApiKey', common.restrict, common.checkAccess, async (req, res) => {
router.post('/admin/createApiKey', restrict, checkAccess, async (req, res) => {
const db = req.app.db;
let result = await db.users.findOneAndUpdate({
_id: ObjectId(req.session.userId),
@ -189,7 +190,7 @@ router.post('/admin/createApiKey', common.restrict, common.checkAccess, async (r
});
// settings update
router.post('/admin/settings/update', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/update', restrict, checkAccess, (req, res) => {
let result = common.updateConfig(req.body);
if(result === true){
res.status(200).json({ message: 'Settings successfully updated' });
@ -200,7 +201,7 @@ router.post('/admin/settings/update', common.restrict, common.checkAccess, (req,
});
// settings update
router.post('/admin/settings/option/remove', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/option/remove', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.products.findOne({ _id: common.getId(req.body.productId) }, (err, product) => {
if(err){
@ -227,7 +228,7 @@ router.post('/admin/settings/option/remove', common.restrict, common.checkAccess
});
// settings update
router.get('/admin/settings/menu', common.restrict, async (req, res) => {
router.get('/admin/settings/menu', restrict, async (req, res) => {
const db = req.app.db;
res.render('settings_menu', {
title: 'Cart menu',
@ -242,7 +243,7 @@ router.get('/admin/settings/menu', common.restrict, async (req, res) => {
});
// settings page list
router.get('/admin/settings/pages', common.restrict, (req, res) => {
router.get('/admin/settings/pages', restrict, (req, res) => {
const db = req.app.db;
db.pages.find({}).toArray(async (err, pages) => {
if(err){
@ -264,7 +265,7 @@ router.get('/admin/settings/pages', common.restrict, (req, res) => {
});
// settings pages new
router.get('/admin/settings/pages/new', common.restrict, common.checkAccess, async (req, res) => {
router.get('/admin/settings/pages/new', restrict, checkAccess, async (req, res) => {
const db = req.app.db;
res.render('settings_page_edit', {
@ -281,7 +282,7 @@ router.get('/admin/settings/pages/new', common.restrict, common.checkAccess, asy
});
// settings pages editor
router.get('/admin/settings/pages/edit/:page', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/settings/pages/edit/:page', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.pages.findOne({ _id: common.getId(req.params.page) }, async (err, page) => {
if(err){
@ -317,7 +318,7 @@ router.get('/admin/settings/pages/edit/:page', common.restrict, common.checkAcce
});
// settings update page
router.post('/admin/settings/pages/update', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/pages/update', restrict, checkAccess, (req, res) => {
const db = req.app.db;
let doc = {
@ -357,7 +358,7 @@ router.post('/admin/settings/pages/update', common.restrict, common.checkAccess,
});
// settings delete page
router.get('/admin/settings/pages/delete/:page', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/settings/pages/delete/:page', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.pages.remove({ _id: common.getId(req.params.page) }, {}, (err, numRemoved) => {
if(err){
@ -373,7 +374,7 @@ router.get('/admin/settings/pages/delete/:page', common.restrict, common.checkAc
});
// new menu item
router.post('/admin/settings/menu/new', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/menu/new', restrict, checkAccess, (req, res) => {
let result = common.newMenu(req, res);
if(result === false){
req.session.message = 'Failed creating menu.';
@ -383,7 +384,7 @@ router.post('/admin/settings/menu/new', common.restrict, common.checkAccess, (re
});
// update existing menu item
router.post('/admin/settings/menu/update', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/menu/update', restrict, checkAccess, (req, res) => {
let result = common.updateMenu(req, res);
if(result === false){
req.session.message = 'Failed updating menu.';
@ -393,7 +394,7 @@ router.post('/admin/settings/menu/update', common.restrict, common.checkAccess,
});
// delete menu item
router.get('/admin/settings/menu/delete/:menuid', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/settings/menu/delete/:menuid', restrict, checkAccess, (req, res) => {
let result = common.deleteMenu(req, res, req.params.menuid);
if(result === false){
req.session.message = 'Failed deleting menu.';
@ -403,7 +404,7 @@ router.get('/admin/settings/menu/delete/:menuid', common.restrict, common.checkA
});
// We call this via a Ajax call to save the order from the sortable list
router.post('/admin/settings/menu/save_order', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/settings/menu/save_order', restrict, checkAccess, (req, res) => {
let result = common.orderMenu(req, res);
if(result === false){
res.status(400).json({ message: 'Failed saving menu order' });
@ -439,7 +440,7 @@ router.post('/admin/api/validate_permalink', (req, res) => {
// upload the file
let upload = multer({ dest: 'public/uploads/' });
router.post('/admin/file/upload', common.restrict, common.checkAccess, upload.single('upload_file'), (req, res, next) => {
router.post('/admin/file/upload', restrict, checkAccess, upload.single('upload_file'), (req, res, next) => {
const db = req.app.db;
if(req.file){
@ -517,7 +518,7 @@ router.post('/admin/file/upload', common.restrict, common.checkAccess, upload.si
});
// delete a file via ajax request
router.post('/admin/testEmail', common.restrict, (req, res) => {
router.post('/admin/testEmail', restrict, (req, res) => {
let config = req.app.config;
// TODO: Should fix this to properly handle result
common.sendEmail(config.emailAddress, 'expressCart test email', 'Your email settings are working');
@ -525,7 +526,7 @@ router.post('/admin/testEmail', common.restrict, (req, res) => {
});
// delete a file via ajax request
router.post('/admin/file/delete', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/file/delete', restrict, checkAccess, (req, res) => {
req.session.message = null;
req.session.messageType = null;
@ -541,7 +542,7 @@ router.post('/admin/file/delete', common.restrict, common.checkAccess, (req, res
});
});
router.get('/admin/files', common.restrict, (req, res) => {
router.get('/admin/files', restrict, (req, res) => {
// loop files in /public/uploads/
glob('public/uploads/**', { nosort: true }, (er, files) => {
// sort array

7
routes/customer.js
View File

@ -4,6 +4,7 @@ const colors = require('colors');
const randtoken = require('rand-token');
const bcrypt = require('bcryptjs');
const common = require('../lib/common');
const { restrict } = require('../lib/auth');
// insert a customer
router.post('/customer/create', (req, res) => {
@ -59,7 +60,7 @@ router.post('/customer/create', (req, res) => {
});
// render the customer view
router.get('/admin/customer/view/:id?', common.restrict, (req, res) => {
router.get('/admin/customer/view/:id?', restrict, (req, res) => {
const db = req.app.db;
db.customers.findOne({ _id: common.getId(req.params.id) }, (err, result) => {
@ -82,7 +83,7 @@ router.get('/admin/customer/view/:id?', common.restrict, (req, res) => {
});
// customers list
router.get('/admin/customers', common.restrict, (req, res) => {
router.get('/admin/customers', restrict, (req, res) => {
const db = req.app.db;
db.customers.find({}).limit(20).sort({ created: -1 }).toArray((err, customers) => {
@ -100,7 +101,7 @@ router.get('/admin/customers', common.restrict, (req, res) => {
});
// Filtered customers list
router.get('/admin/customers/filter/:search', common.restrict, (req, res, next) => {
router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
const db = req.app.db;
let searchTerm = req.params.search;
let customersIndex = req.app.customersIndex;

13
routes/order.js
View File

@ -1,9 +1,10 @@
const express = require('express');
const common = require('../lib/common');
const { restrict, checkAccess } = require('../lib/auth');
const router = express.Router();
// Show orders
router.get('/admin/orders', common.restrict, (req, res, next) => {
router.get('/admin/orders', restrict, (req, res, next) => {
const db = req.app.db;
// Top 10 products
@ -33,7 +34,7 @@ router.get('/admin/orders', common.restrict, (req, res, next) => {
});
// Admin section
router.get('/admin/orders/bystatus/:orderstatus', common.restrict, (req, res, next) => {
router.get('/admin/orders/bystatus/:orderstatus', restrict, (req, res, next) => {
const db = req.app.db;
if(typeof req.params.orderstatus === 'undefined'){
@ -71,7 +72,7 @@ router.get('/admin/orders/bystatus/:orderstatus', common.restrict, (req, res, ne
});
// render the editor
router.get('/admin/order/view/:id', common.restrict, (req, res) => {
router.get('/admin/order/view/:id', restrict, (req, res) => {
const db = req.app.db;
db.orders.findOne({ _id: common.getId(req.params.id) }, (err, result) => {
if(err){
@ -92,7 +93,7 @@ router.get('/admin/order/view/:id', common.restrict, (req, res) => {
});
// Admin section
router.get('/admin/orders/filter/:search', common.restrict, (req, res, next) => {
router.get('/admin/orders/filter/:search', restrict, (req, res, next) => {
const db = req.app.db;
let searchTerm = req.params.search;
let ordersIndex = req.app.ordersIndex;
@ -130,7 +131,7 @@ router.get('/admin/orders/filter/:search', common.restrict, (req, res, next) =>
});
// order product
router.get('/admin/order/delete/:id', common.restrict, (req, res) => {
router.get('/admin/order/delete/:id', restrict, (req, res) => {
const db = req.app.db;
// remove the article
@ -150,7 +151,7 @@ router.get('/admin/order/delete/:id', common.restrict, (req, res) => {
});
// update order status
router.post('/admin/order/statusupdate', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/order/statusupdate', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.orders.update({ _id: common.getId(req.body.order_id) }, { $set: { orderStatus: req.body.status } }, { multi: false }, (err, numReplaced) => {
if(err){

19
routes/product.js
View File

@ -1,12 +1,13 @@
const express = require('express');
const common = require('../lib/common');
const { restrict, checkAccess } = require('../lib/auth');
const colors = require('colors');
const rimraf = require('rimraf');
const fs = require('fs');
const path = require('path');
const router = express.Router();
router.get('/admin/products', common.restrict, (req, res, next) => {
router.get('/admin/products', restrict, (req, res, next) => {
const db = req.app.db;
// get the top results
db.products.find({}).sort({ 'productAddedDate': -1 }).limit(10).toArray((err, topResults) => {
@ -56,7 +57,7 @@ router.get('/admin/products/filter/:search', (req, res, next) => {
});
// insert form
router.get('/admin/product/new', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/product/new', restrict, checkAccess, (req, res) => {
res.render('product_new', {
title: 'New product',
session: req.session,
@ -74,7 +75,7 @@ router.get('/admin/product/new', common.restrict, common.checkAccess, (req, res)
});
// insert new product form action
router.post('/admin/product/insert', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/product/insert', restrict, checkAccess, (req, res) => {
const db = req.app.db;
let doc = {
@ -151,7 +152,7 @@ router.post('/admin/product/insert', common.restrict, common.checkAccess, (req,
});
// render the editor
router.get('/admin/product/edit/:id', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/product/edit/:id', restrict, checkAccess, (req, res) => {
const db = req.app.db;
common.getImages(req.params.id, req, res, (images) => {
@ -182,7 +183,7 @@ router.get('/admin/product/edit/:id', common.restrict, common.checkAccess, (req,
});
// Update an existing product form action
router.post('/admin/product/update', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/product/update', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.products.findOne({ _id: common.getId(req.body.frmProductId) }, (err, product) => {
@ -267,7 +268,7 @@ router.post('/admin/product/update', common.restrict, common.checkAccess, (req,
});
// delete product
router.get('/admin/product/delete/:id', common.restrict, common.checkAccess, (req, res) => {
router.get('/admin/product/delete/:id', restrict, checkAccess, (req, res) => {
const db = req.app.db;
// remove the article
@ -294,7 +295,7 @@ router.get('/admin/product/delete/:id', common.restrict, common.checkAccess, (re
});
// update the published state based on an ajax call from the frontend
router.post('/admin/product/published_state', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/product/published_state', restrict, checkAccess, (req, res) => {
const db = req.app.db;
db.products.update({ _id: common.getId(req.body.id) }, { $set: { productPublished: req.body.state } }, { multi: false }, (err, numReplaced) => {
@ -308,7 +309,7 @@ router.post('/admin/product/published_state', common.restrict, common.checkAcces
});
// set as main product image
router.post('/admin/product/setasmainimage', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/product/setasmainimage', restrict, checkAccess, (req, res) => {
const db = req.app.db;
// update the productImage to the db
@ -322,7 +323,7 @@ router.post('/admin/product/setasmainimage', common.restrict, common.checkAccess
});
// deletes a product image
router.post('/admin/product/deleteimage', common.restrict, common.checkAccess, (req, res) => {
router.post('/admin/product/deleteimage', restrict, checkAccess, (req, res) => {
const db = req.app.db;
// get the productImage from the db

13
routes/user.js
View File

@ -1,11 +1,12 @@
const express = require('express');
const common = require('../lib/common');
const { restrict } = require('../lib/auth');
const colors = require('colors');
const bcrypt = require('bcryptjs');
const url = require('url');
const router = express.Router();
router.get('/admin/users', common.restrict, (req, res) => {
router.get('/admin/users', restrict, (req, res) => {
const db = req.app.db;
db.users.find({}).toArray((err, users) => {
if(err){
@ -26,7 +27,7 @@ router.get('/admin/users', common.restrict, (req, res) => {
});
// edit user
router.get('/admin/user/edit/:id', common.restrict, (req, res) => {
router.get('/admin/user/edit/:id', restrict, (req, res) => {
const db = req.app.db;
db.users.findOne({ _id: common.getId(req.params.id) }, (err, user) => {
if(err){
@ -55,7 +56,7 @@ router.get('/admin/user/edit/:id', common.restrict, (req, res) => {
});
// users new
router.get('/admin/user/new', common.restrict, (req, res) => {
router.get('/admin/user/new', restrict, (req, res) => {
res.render('user_new', {
title: 'User - New',
admin: true,
@ -68,7 +69,7 @@ router.get('/admin/user/new', common.restrict, (req, res) => {
});
// delete user
router.get('/admin/user/delete/:id', common.restrict, (req, res) => {
router.get('/admin/user/delete/:id', restrict, (req, res) => {
const db = req.app.db;
if(req.session.isAdmin === true){
db.users.remove({ _id: common.getId(req.params.id) }, {}, (err, numRemoved) => {
@ -87,7 +88,7 @@ router.get('/admin/user/delete/:id', common.restrict, (req, res) => {
});
// update a user
router.post('/admin/user/update', common.restrict, (req, res) => {
router.post('/admin/user/update', restrict, (req, res) => {
const db = req.app.db;
let isAdmin = req.body.user_admin === 'on';
@ -140,7 +141,7 @@ router.post('/admin/user/update', common.restrict, (req, res) => {
});
// insert a user
router.post('/admin/user/insert', common.restrict, (req, res) => {
router.post('/admin/user/insert', restrict, (req, res) => {
const db = req.app.db;
// set the account to admin if using the setup form. Eg: First user account

9
test/test.js
View File

@ -2,7 +2,7 @@ const test = require('ava');
const fs = require('fs');
const _ = require('lodash');
const app = require('../app');
const common = require('../lib/common');
const { runIndexing, fixProductDates } = require('../lib/indexing');
const session = require('supertest-session');
// Get test data to compare in tests
@ -15,7 +15,6 @@ let config;
let products;
let customers;
let users;
let orders;
let request = null;
function setup(db){
@ -30,7 +29,7 @@ function setup(db){
return Promise.all([
db.users.insertMany(jsonData.users),
db.customers.insertMany(jsonData.customers),
db.products.insertMany(common.fixProductDates(jsonData.products))
db.products.insertMany(fixProductDates(jsonData.products))
]);
});
}
@ -46,7 +45,7 @@ test.before(async () => {
db = app.db;
await setup(db);
await common.runIndexing(app);
await runIndexing(app);
// Get some data from DB to use in compares
products = await db.products.find({}).toArray();
@ -70,8 +69,6 @@ test.before(async () => {
await db.orders.insert(order);
});
// Get orders
orders = await db.orders.find({}).toArray();
resolve();
});
});