Linting and refactoring
parent
83f5c1f159
commit
291a044d0b
|
@ -17,7 +17,7 @@
|
|||
},
|
||||
"rules": {
|
||||
"quotes": ["error", "single"],
|
||||
"prefer-arrow-callback": 2,
|
||||
"prefer-arrow-callback": [ "error", { "allowNamedFunctions": true } ],
|
||||
"consistent-return": 2,
|
||||
"no-var" : 2,
|
||||
"new-cap" : 0,
|
||||
|
@ -27,11 +27,16 @@
|
|||
"space-unary-ops" : 2,
|
||||
"no-undef": 1,
|
||||
"no-unused-vars": 1,
|
||||
"keyword-spacing": ["error", { "before": false, "after": false }],
|
||||
"keyword-spacing": [
|
||||
"error", {
|
||||
"before": false, "after": false, "overrides": {
|
||||
"const": { "after": true }
|
||||
}
|
||||
}],
|
||||
"space-before-function-paren": 0,
|
||||
"space-before-blocks": ["error", "never"],
|
||||
"camelcase": 0,
|
||||
"handle-callback-err": ["error", "none"],
|
||||
"object-curly-spacing": ["error", "never"]
|
||||
"object-curly-spacing": ["error", "always"]
|
||||
}
|
||||
}
|
3
app.js
3
app.js
|
@ -12,6 +12,7 @@ const helmet = require('helmet');
|
|||
const colors = require('colors');
|
||||
const cron = require('node-cron');
|
||||
const common = require('./lib/common');
|
||||
const { runIndexing } = require('./lib/indexing');
|
||||
const { initDb } = require('./lib/db');
|
||||
let handlebars = require('express-handlebars');
|
||||
|
||||
|
@ -357,7 +358,7 @@ initDb(config.databaseConnectionString, async (err, db) => {
|
|||
// We index when not in test env
|
||||
if(process.env.NODE_ENV !== 'test'){
|
||||
try{
|
||||
await common.runIndexing(app);
|
||||
await runIndexing(app);
|
||||
}catch(ex){
|
||||
console.error(colors.red('Error setting up indexes:' + err));
|
||||
}
|
||||
|
|
|
@ -0,0 +1,92 @@
|
|||
const ObjectId = require('mongodb').ObjectID;
|
||||
const _ = require('lodash');
|
||||
|
||||
const restrictedRoutes = [
|
||||
{ route: '/admin/product/new', response: 'redirect' },
|
||||
{ route: '/admin/product/insert', response: 'redirect' },
|
||||
{ route: '/admin/product/edit/:id', response: 'redirect' },
|
||||
{ route: '/admin/product/update', response: 'redirect' },
|
||||
{ route: '/admin/product/delete/:id', response: 'redirect' },
|
||||
{ route: '/admin/product/published_state', response: 'json' },
|
||||
{ route: '/admin/product/setasmainimage', response: 'json' },
|
||||
{ route: '/admin/product/deleteimage', response: 'json' },
|
||||
{ route: '/admin/order/statusupdate', response: 'json' },
|
||||
{ route: '/admin/settings/update', response: 'json' },
|
||||
{ route: '/admin/settings/option/remove', response: 'json' },
|
||||
{ route: '/admin/settings/pages/new', response: 'redirect' },
|
||||
{ route: '/admin/settings/pages/edit/:page', response: 'redirect' },
|
||||
{ route: '/admin/settings/pages/update', response: 'json' },
|
||||
{ route: '/admin/settings/pages/delete/:page', response: 'redirect' },
|
||||
{ route: '/admin/settings/menu/new', response: 'redirect' },
|
||||
{ route: '/admin/settings/menu/update', response: 'redirect' },
|
||||
{ route: '/admin/settings/menu/delete/:menuid', response: 'redirect' },
|
||||
{ route: '/admin/settings/menu/save_order', response: 'json' },
|
||||
{ route: '/admin/file/upload', response: 'redirect' },
|
||||
{ route: '/admin/file/delete', response: 'json' }
|
||||
];
|
||||
|
||||
const restrict = (req, res, next) => {
|
||||
checkLogin(req, res, next);
|
||||
};
|
||||
|
||||
const checkLogin = async (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
// if not protecting we check for public pages and don't checkLogin
|
||||
if(req.session.needsSetup === true){
|
||||
res.redirect('/admin/setup');
|
||||
return;
|
||||
}
|
||||
|
||||
// If API key, check for a user
|
||||
if(req.headers.apikey){
|
||||
try{
|
||||
const user = await db.users.findOne({
|
||||
apiKey: ObjectId(req.headers.apikey),
|
||||
isAdmin: true
|
||||
});
|
||||
if(!user){
|
||||
res.status(400).json({ message: 'Access denied' });
|
||||
return;
|
||||
}
|
||||
// Set API authenticated in the req
|
||||
req.apiAuthenticated = true;
|
||||
next();
|
||||
return;
|
||||
}catch(ex){
|
||||
res.status(400).json({ message: 'Access denied' });
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if(req.session.user){
|
||||
next();
|
||||
return;
|
||||
}
|
||||
res.redirect('/admin/login');
|
||||
};
|
||||
|
||||
// Middleware to check for admin access for certain route
|
||||
const checkAccess = (req, res, next) => {
|
||||
const routeCheck = _.find(restrictedRoutes, { 'route': req.route.path });
|
||||
|
||||
// If the user is not an admin and route is restricted, show message and redirect to /admin
|
||||
if(req.session.isAdmin === false && routeCheck){
|
||||
if(routeCheck.response === 'redirect'){
|
||||
req.session.message = 'Unauthorised. Please refer to administrator.';
|
||||
req.session.messageType = 'danger';
|
||||
res.redirect('/admin');
|
||||
return;
|
||||
}
|
||||
if(routeCheck.response === 'json'){
|
||||
res.status(400).json({ message: 'Unauthorised. Please refer to administrator.' });
|
||||
}
|
||||
}else{
|
||||
next();
|
||||
}
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
restrict,
|
||||
checkLogin,
|
||||
checkAccess
|
||||
};
|
324
lib/common.js
324
lib/common.js
|
@ -1,7 +1,6 @@
|
|||
const _ = require('lodash');
|
||||
const uglifycss = require('uglifycss');
|
||||
const colors = require('colors');
|
||||
const lunr = require('lunr');
|
||||
const cheerio = require('cheerio');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
@ -11,34 +10,10 @@ const nodemailer = require('nodemailer');
|
|||
const sanitizeHtml = require('sanitize-html');
|
||||
const escape = require('html-entities').AllHtmlEntities;
|
||||
const mkdirp = require('mkdirp');
|
||||
let ObjectId = require('mongodb').ObjectID;
|
||||
|
||||
const restrictedRoutes = [
|
||||
{route: '/admin/product/new', response: 'redirect'},
|
||||
{route: '/admin/product/insert', response: 'redirect'},
|
||||
{route: '/admin/product/edit/:id', response: 'redirect'},
|
||||
{route: '/admin/product/update', response: 'redirect'},
|
||||
{route: '/admin/product/delete/:id', response: 'redirect'},
|
||||
{route: '/admin/product/published_state', response: 'json'},
|
||||
{route: '/admin/product/setasmainimage', response: 'json'},
|
||||
{route: '/admin/product/deleteimage', response: 'json'},
|
||||
{route: '/admin/order/statusupdate', response: 'json'},
|
||||
{route: '/admin/settings/update', response: 'json'},
|
||||
{route: '/admin/settings/option/remove', response: 'json'},
|
||||
{route: '/admin/settings/pages/new', response: 'redirect'},
|
||||
{route: '/admin/settings/pages/edit/:page', response: 'redirect'},
|
||||
{route: '/admin/settings/pages/update', response: 'json'},
|
||||
{route: '/admin/settings/pages/delete/:page', response: 'redirect'},
|
||||
{route: '/admin/settings/menu/new', response: 'redirect'},
|
||||
{route: '/admin/settings/menu/update', response: 'redirect'},
|
||||
{route: '/admin/settings/menu/delete/:menuid', response: 'redirect'},
|
||||
{route: '/admin/settings/menu/save_order', response: 'json'},
|
||||
{route: '/admin/file/upload', response: 'redirect'},
|
||||
{route: '/admin/file/delete', response: 'json'}
|
||||
];
|
||||
const ObjectId = require('mongodb').ObjectID;
|
||||
|
||||
// Allowed mime types for product images
|
||||
exports.allowedMimeType = [
|
||||
const allowedMimeType = [
|
||||
'image/jpeg',
|
||||
'image/png',
|
||||
'image/gif',
|
||||
|
@ -46,54 +21,14 @@ exports.allowedMimeType = [
|
|||
'image/webp'
|
||||
];
|
||||
|
||||
exports.fileSizeLimit = 10485760;
|
||||
const fileSizeLimit = 10485760;
|
||||
|
||||
// common functions
|
||||
exports.restrict = (req, res, next) => {
|
||||
exports.checkLogin(req, res, next);
|
||||
};
|
||||
|
||||
exports.checkLogin = async (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
// if not protecting we check for public pages and don't checkLogin
|
||||
if(req.session.needsSetup === true){
|
||||
res.redirect('/admin/setup');
|
||||
return;
|
||||
}
|
||||
|
||||
// If API key, check for a user
|
||||
if(req.headers.apikey){
|
||||
try{
|
||||
const user = await db.users.findOne({
|
||||
apiKey: ObjectId(req.headers.apikey),
|
||||
isAdmin: true
|
||||
});
|
||||
if(!user){
|
||||
res.status(400).json({message: 'Access denied'});
|
||||
return;
|
||||
}
|
||||
// Set API authenticated in the req
|
||||
req.apiAuthenticated = true;
|
||||
next();
|
||||
return;
|
||||
}catch(ex){
|
||||
res.status(400).json({message: 'Access denied'});
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if(req.session.user){
|
||||
next();
|
||||
return;
|
||||
}
|
||||
res.redirect('/admin/login');
|
||||
};
|
||||
|
||||
exports.cleanHtml = (html) => {
|
||||
const cleanHtml = (html) => {
|
||||
return sanitizeHtml(html);
|
||||
};
|
||||
|
||||
exports.mongoSanitize = (param) => {
|
||||
const mongoSanitize = (param) => {
|
||||
if(param instanceof Object){
|
||||
for(const key in param){
|
||||
if(/^\$/.test(key)){
|
||||
|
@ -104,34 +39,14 @@ exports.mongoSanitize = (param) => {
|
|||
return param;
|
||||
};
|
||||
|
||||
exports.checkboxBool = (param) => {
|
||||
const checkboxBool = (param) => {
|
||||
if(param && param === 'on'){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
};
|
||||
|
||||
// Middleware to check for admin access for certain route
|
||||
exports.checkAccess = (req, res, next) => {
|
||||
const routeCheck = _.find(restrictedRoutes, {'route': req.route.path});
|
||||
|
||||
// If the user is not an admin and route is restricted, show message and redirect to /admin
|
||||
if(req.session.isAdmin === false && routeCheck){
|
||||
if(routeCheck.response === 'redirect'){
|
||||
req.session.message = 'Unauthorised. Please refer to administrator.';
|
||||
req.session.messageType = 'danger';
|
||||
res.redirect('/admin');
|
||||
return;
|
||||
}
|
||||
if(routeCheck.response === 'json'){
|
||||
res.status(400).json({message: 'Unauthorised. Please refer to administrator.'});
|
||||
}
|
||||
}else{
|
||||
next();
|
||||
}
|
||||
};
|
||||
|
||||
exports.showCartCloseBtn = (page) => {
|
||||
const showCartCloseBtn = (page) => {
|
||||
let showCartCloseButton = true;
|
||||
if(page === 'checkout' || page === 'pay'){
|
||||
showCartCloseButton = false;
|
||||
|
@ -141,10 +56,10 @@ exports.showCartCloseBtn = (page) => {
|
|||
};
|
||||
|
||||
// adds products to sitemap.xml
|
||||
exports.addSitemapProducts = (req, res, cb) => {
|
||||
const addSitemapProducts = (req, res, cb) => {
|
||||
let db = req.app.db;
|
||||
|
||||
let config = exports.getConfig();
|
||||
let config = getConfig();
|
||||
let hostname = config.baseUrl;
|
||||
|
||||
db.products.find({ productPublished: 'true' }).toArray((err, products) => {
|
||||
|
@ -169,7 +84,7 @@ exports.addSitemapProducts = (req, res, cb) => {
|
|||
});
|
||||
};
|
||||
|
||||
exports.clearSessionValue = (session, sessionVar) => {
|
||||
const clearSessionValue = (session, sessionVar) => {
|
||||
let temp;
|
||||
if(session){
|
||||
temp = session[sessionVar];
|
||||
|
@ -178,8 +93,8 @@ exports.clearSessionValue = (session, sessionVar) => {
|
|||
return temp;
|
||||
};
|
||||
|
||||
exports.updateTotalCartAmount = (req, res) => {
|
||||
let config = exports.getConfig();
|
||||
const updateTotalCartAmount = (req, res) => {
|
||||
let config = getConfig();
|
||||
|
||||
req.session.totalCartAmount = 0;
|
||||
|
||||
|
@ -196,7 +111,7 @@ exports.updateTotalCartAmount = (req, res) => {
|
|||
}
|
||||
};
|
||||
|
||||
exports.checkDirectorySync = (directory) => {
|
||||
const checkDirectorySync = (directory) => {
|
||||
try{
|
||||
fs.statSync(directory);
|
||||
}catch(e){
|
||||
|
@ -208,14 +123,14 @@ exports.checkDirectorySync = (directory) => {
|
|||
}
|
||||
};
|
||||
|
||||
exports.getThemes = () => {
|
||||
const getThemes = () => {
|
||||
return fs.readdirSync(path.join(__dirname, '../', 'views', 'themes')).filter(file => fs.statSync(path.join(path.join(__dirname, '../', 'views', 'themes'), file)).isDirectory());
|
||||
};
|
||||
|
||||
exports.getImages = (dir, req, res, callback) => {
|
||||
const getImages = (dir, req, res, callback) => {
|
||||
let db = req.app.db;
|
||||
|
||||
db.products.findOne({_id: exports.getId(dir)}, (err, product) => {
|
||||
db.products.findOne({ _id: getId(dir) }, (err, product) => {
|
||||
if(err){
|
||||
console.error(colors.red('Error getting images', err));
|
||||
}
|
||||
|
@ -249,7 +164,7 @@ exports.getImages = (dir, req, res, callback) => {
|
|||
});
|
||||
};
|
||||
|
||||
exports.getConfigFilename = () => {
|
||||
const getConfigFilename = () => {
|
||||
let filename = path.join(__dirname, '../config', 'settings-local.json');
|
||||
if(fs.existsSync(filename)){
|
||||
return filename;
|
||||
|
@ -257,8 +172,8 @@ exports.getConfigFilename = () => {
|
|||
return path.join(__dirname, '../config', 'settings.json');
|
||||
};
|
||||
|
||||
exports.getConfig = () => {
|
||||
let config = JSON.parse(fs.readFileSync(exports.getConfigFilename(), 'utf8'));
|
||||
const getConfig = () => {
|
||||
let config = JSON.parse(fs.readFileSync(getConfigFilename(), 'utf8'));
|
||||
config.customCss = typeof config.customCss !== 'undefined' ? escape.decode(config.customCss) : null;
|
||||
config.footerHtml = typeof config.footerHtml !== 'undefined' ? escape.decode(config.footerHtml) : null;
|
||||
config.googleAnalytics = typeof config.googleAnalytics !== 'undefined' ? escape.decode(config.googleAnalytics) : null;
|
||||
|
@ -283,8 +198,8 @@ exports.getConfig = () => {
|
|||
return config;
|
||||
};
|
||||
|
||||
exports.getPaymentConfig = () => {
|
||||
let siteConfig = this.getConfig();
|
||||
const getPaymentConfig = () => {
|
||||
let siteConfig = getConfig();
|
||||
const gateConfigFile = path.join(__dirname, '../config', `${siteConfig.paymentGateway}.json`);
|
||||
|
||||
let config = [];
|
||||
|
@ -302,8 +217,8 @@ exports.getPaymentConfig = () => {
|
|||
return config;
|
||||
};
|
||||
|
||||
exports.updateConfig = (fields) => {
|
||||
let settingsFile = exports.getConfig();
|
||||
const updateConfig = (fields) => {
|
||||
let settingsFile = getConfig();
|
||||
|
||||
_.forEach(fields, (value, key) => {
|
||||
settingsFile[key] = value;
|
||||
|
@ -359,21 +274,21 @@ exports.updateConfig = (fields) => {
|
|||
|
||||
// write file
|
||||
try{
|
||||
fs.writeFileSync(exports.getConfigFilename(), JSON.stringify(settingsFile, null, 4));
|
||||
fs.writeFileSync(getConfigFilename(), JSON.stringify(settingsFile, null, 4));
|
||||
return true;
|
||||
}catch(exception){
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
exports.getMenu = (db) => {
|
||||
const getMenu = (db) => {
|
||||
return db.menu.findOne({});
|
||||
};
|
||||
|
||||
// creates a new menu item
|
||||
exports.newMenu = (req, res) => {
|
||||
const newMenu = (req, res) => {
|
||||
const db = req.app.db;
|
||||
return exports.getMenu(db)
|
||||
return getMenu(db)
|
||||
.then((menu) => {
|
||||
// if no menu present
|
||||
if(!menu){
|
||||
|
@ -399,9 +314,9 @@ exports.newMenu = (req, res) => {
|
|||
};
|
||||
|
||||
// delete a menu item
|
||||
exports.deleteMenu = (req, res, menuIndex) => {
|
||||
const deleteMenu = (req, res, menuIndex) => {
|
||||
const db = req.app.db;
|
||||
return exports.getMenu(db)
|
||||
return getMenu(db)
|
||||
.then((menu) => {
|
||||
// Remove menu item
|
||||
menu.items.splice(menuIndex, 1);
|
||||
|
@ -416,9 +331,9 @@ exports.deleteMenu = (req, res, menuIndex) => {
|
|||
};
|
||||
|
||||
// updates and existing menu item
|
||||
exports.updateMenu = (req, res) => {
|
||||
const updateMenu = (req, res) => {
|
||||
const db = req.app.db;
|
||||
return exports.getMenu(db)
|
||||
return getMenu(db)
|
||||
.then((menu) => {
|
||||
// find menu item and update it
|
||||
let menuIndex = _.findIndex(menu.items, ['title', req.body.navId]);
|
||||
|
@ -434,7 +349,7 @@ exports.updateMenu = (req, res) => {
|
|||
});
|
||||
};
|
||||
|
||||
exports.sortMenu = (menu) => {
|
||||
const sortMenu = (menu) => {
|
||||
if(menu && menu.items){
|
||||
menu.items = _.sortBy(menu.items, 'order');
|
||||
return menu;
|
||||
|
@ -443,9 +358,9 @@ exports.sortMenu = (menu) => {
|
|||
};
|
||||
|
||||
// orders the menu
|
||||
exports.orderMenu = (req, res) => {
|
||||
const orderMenu = (req, res) => {
|
||||
const db = req.app.db;
|
||||
return exports.getMenu(db)
|
||||
return getMenu(db)
|
||||
.then((menu) => {
|
||||
// update the order
|
||||
for(let i = 0; i < req.body.navId.length; i++){
|
||||
|
@ -461,8 +376,8 @@ exports.orderMenu = (req, res) => {
|
|||
});
|
||||
};
|
||||
|
||||
exports.getEmailTemplate = (result) => {
|
||||
let config = this.getConfig();
|
||||
const getEmailTemplate = (result) => {
|
||||
let config = getConfig();
|
||||
|
||||
let template = fs.readFileSync(path.join(__dirname, '../public/email_template.html'), 'utf8');
|
||||
|
||||
|
@ -480,8 +395,8 @@ exports.getEmailTemplate = (result) => {
|
|||
return $.html();
|
||||
};
|
||||
|
||||
exports.sendEmail = (to, subject, body) => {
|
||||
let config = this.getConfig();
|
||||
const sendEmail = (to, subject, body) => {
|
||||
let config = getConfig();
|
||||
|
||||
let emailSettings = {
|
||||
host: config.emailHost,
|
||||
|
@ -516,7 +431,7 @@ exports.sendEmail = (to, subject, body) => {
|
|||
};
|
||||
|
||||
// gets the correct type of index ID
|
||||
exports.getId = (id) => {
|
||||
const getId = (id) => {
|
||||
if(id){
|
||||
if(id.length !== 24){
|
||||
return id;
|
||||
|
@ -525,9 +440,9 @@ exports.getId = (id) => {
|
|||
return ObjectId(id);
|
||||
};
|
||||
|
||||
exports.getData = (req, page, query) => {
|
||||
const getData = (req, page, query) => {
|
||||
let db = req.app.db;
|
||||
let config = exports.getConfig();
|
||||
let config = getConfig();
|
||||
let numberProducts = config.productsPerPage ? config.productsPerPage : 6;
|
||||
|
||||
let skip = 0;
|
||||
|
@ -555,134 +470,31 @@ exports.getData = (req, page, query) => {
|
|||
});
|
||||
};
|
||||
|
||||
exports.indexProducts = (app) => {
|
||||
// index all products in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.products.find({}).toArray((err, productsList) => {
|
||||
if(err){
|
||||
console.error(colors.red(err.stack));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const productsIndex = lunr(function(){
|
||||
this.field('productTitle', {boost: 10});
|
||||
this.field('productTags', {boost: 5});
|
||||
this.field('productDescription');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
productsList.forEach((product) => {
|
||||
let doc = {
|
||||
'productTitle': product.productTitle,
|
||||
'productTags': product.productTags,
|
||||
'productDescription': product.productDescription,
|
||||
'id': product._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.productsIndex = productsIndex;
|
||||
console.log(colors.cyan('- Product indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
exports.indexCustomers = (app) => {
|
||||
// index all products in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.customers.find({}).toArray((err, customerList) => {
|
||||
if(err){
|
||||
console.error(colors.red(err.stack));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const customersIndex = lunr(function(){
|
||||
this.field('email', {boost: 10});
|
||||
this.field('name', {boost: 5});
|
||||
this.field('phone');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
customerList.forEach((customer) => {
|
||||
let doc = {
|
||||
'email': customer.email,
|
||||
'name': `${customer.firstName} ${customer.lastName}`,
|
||||
'phone': customer.phone,
|
||||
'id': customer._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.customersIndex = customersIndex;
|
||||
console.log(colors.cyan('- Customer indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
exports.indexOrders = (app, cb) => {
|
||||
// index all orders in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.orders.find({}).toArray((err, ordersList) => {
|
||||
if(err){
|
||||
console.error(colors.red('Error setting up products index: ' + err));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const ordersIndex = lunr(function(){
|
||||
this.field('orderEmail', {boost: 10});
|
||||
this.field('orderLastname', {boost: 5});
|
||||
this.field('orderPostcode');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
ordersList.forEach((order) => {
|
||||
let doc = {
|
||||
'orderLastname': order.orderLastname,
|
||||
'orderEmail': order.orderEmail,
|
||||
'orderPostcode': order.orderPostcode,
|
||||
'id': order._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.ordersIndex = ordersIndex;
|
||||
console.log(colors.cyan('- Order indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
exports.fixProductDates = (products) => {
|
||||
let index = 0;
|
||||
products.forEach((product) => {
|
||||
products[index].productAddedDate = new Date();
|
||||
index++;
|
||||
});
|
||||
return products;
|
||||
};
|
||||
|
||||
// start indexing products and orders
|
||||
exports.runIndexing = (app) => {
|
||||
console.info(colors.yellow('Setting up indexes..'));
|
||||
|
||||
return Promise.all([
|
||||
exports.indexProducts(app),
|
||||
exports.indexOrders(app),
|
||||
exports.indexCustomers(app)
|
||||
])
|
||||
.catch((err) => {
|
||||
console.info(colors.yellow('Error setting up indexes', err));
|
||||
process.exit(2);
|
||||
});
|
||||
module.exports = {
|
||||
allowedMimeType,
|
||||
fileSizeLimit,
|
||||
cleanHtml,
|
||||
mongoSanitize,
|
||||
checkboxBool,
|
||||
showCartCloseBtn,
|
||||
addSitemapProducts,
|
||||
clearSessionValue,
|
||||
updateTotalCartAmount,
|
||||
checkDirectorySync,
|
||||
getThemes,
|
||||
getImages,
|
||||
getConfigFilename,
|
||||
getConfig,
|
||||
getPaymentConfig,
|
||||
updateConfig,
|
||||
getMenu,
|
||||
newMenu,
|
||||
deleteMenu,
|
||||
updateMenu,
|
||||
sortMenu,
|
||||
orderMenu,
|
||||
getEmailTemplate,
|
||||
sendEmail,
|
||||
getId,
|
||||
getData
|
||||
};
|
||||
|
|
|
@ -0,0 +1,142 @@
|
|||
const colors = require('colors');
|
||||
const lunr = require('lunr');
|
||||
|
||||
const indexProducts = (app) => {
|
||||
// index all products in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.products.find({}).toArray((err, productsList) => {
|
||||
if(err){
|
||||
console.error(colors.red(err.stack));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const productsIndex = lunr(function(){
|
||||
this.field('productTitle', { boost: 10 });
|
||||
this.field('productTags', { boost: 5 });
|
||||
this.field('productDescription');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
productsList.forEach((product) => {
|
||||
let doc = {
|
||||
'productTitle': product.productTitle,
|
||||
'productTags': product.productTags,
|
||||
'productDescription': product.productDescription,
|
||||
'id': product._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.productsIndex = productsIndex;
|
||||
console.log(colors.cyan('- Product indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const indexCustomers = (app) => {
|
||||
// index all products in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.customers.find({}).toArray((err, customerList) => {
|
||||
if(err){
|
||||
console.error(colors.red(err.stack));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const customersIndex = lunr(function(){
|
||||
this.field('email', { boost: 10 });
|
||||
this.field('name', { boost: 5 });
|
||||
this.field('phone');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
customerList.forEach((customer) => {
|
||||
let doc = {
|
||||
'email': customer.email,
|
||||
'name': `${customer.firstName} ${customer.lastName}`,
|
||||
'phone': customer.phone,
|
||||
'id': customer._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.customersIndex = customersIndex;
|
||||
console.log(colors.cyan('- Customer indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const indexOrders = (app, cb) => {
|
||||
// index all orders in lunr on startup
|
||||
return new Promise((resolve, reject) => {
|
||||
app.db.orders.find({}).toArray((err, ordersList) => {
|
||||
if(err){
|
||||
console.error(colors.red('Error setting up products index: ' + err));
|
||||
reject(err);
|
||||
}
|
||||
|
||||
// setup lunr indexing
|
||||
const ordersIndex = lunr(function(){
|
||||
this.field('orderEmail', { boost: 10 });
|
||||
this.field('orderLastname', { boost: 5 });
|
||||
this.field('orderPostcode');
|
||||
|
||||
const lunrIndex = this;
|
||||
|
||||
// add to lunr index
|
||||
ordersList.forEach((order) => {
|
||||
let doc = {
|
||||
'orderLastname': order.orderLastname,
|
||||
'orderEmail': order.orderEmail,
|
||||
'orderPostcode': order.orderPostcode,
|
||||
'id': order._id
|
||||
};
|
||||
lunrIndex.add(doc);
|
||||
});
|
||||
});
|
||||
|
||||
app.ordersIndex = ordersIndex;
|
||||
console.log(colors.cyan('- Order indexing complete'));
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
const fixProductDates = (products) => {
|
||||
let index = 0;
|
||||
products.forEach(() => {
|
||||
products[index].productAddedDate = new Date();
|
||||
index++;
|
||||
});
|
||||
return products;
|
||||
};
|
||||
|
||||
// start indexing products and orders
|
||||
const runIndexing = (app) => {
|
||||
console.info(colors.yellow('Setting up indexes..'));
|
||||
|
||||
return Promise.all([
|
||||
indexProducts(app),
|
||||
indexOrders(app),
|
||||
indexCustomers(app)
|
||||
])
|
||||
.catch((err) => {
|
||||
console.info(colors.yellow('Error setting up indexes', err));
|
||||
process.exit(2);
|
||||
});
|
||||
};
|
||||
|
||||
module.exports = {
|
||||
indexProducts,
|
||||
indexCustomers,
|
||||
indexOrders,
|
||||
fixProductDates,
|
||||
runIndexing
|
||||
};
|
|
@ -1,5 +1,6 @@
|
|||
const common = require('./common');
|
||||
const { getConfig } = require('./common');
|
||||
const { initDb } = require('./db');
|
||||
const { fixProductDates } = require('./indexing');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
|
@ -7,7 +8,7 @@ const testData = fs.readFileSync(path.join(__dirname, '..', 'bin', 'testdata.jso
|
|||
const jsonData = JSON.parse(testData);
|
||||
|
||||
// get config
|
||||
let config = common.getConfig();
|
||||
let config = getConfig();
|
||||
|
||||
initDb(config.databaseConnectionString, (err, db) => {
|
||||
Promise.all([
|
||||
|
@ -20,7 +21,7 @@ initDb(config.databaseConnectionString, (err, db) => {
|
|||
Promise.all([
|
||||
db.users.insertMany(jsonData.users),
|
||||
db.customers.insertMany(jsonData.customers),
|
||||
db.products.insertMany(common.fixProductDates(jsonData.products)),
|
||||
db.products.insertMany(fixProductDates(jsonData.products)),
|
||||
db.menu.insertOne(jsonData.menu)
|
||||
])
|
||||
.then(() => {
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
const express = require('express');
|
||||
const common = require('../lib/common');
|
||||
const { restrict, checkAccess } = require('../lib/auth');
|
||||
const escape = require('html-entities').AllHtmlEntities;
|
||||
const colors = require('colors');
|
||||
const bcrypt = require('bcryptjs');
|
||||
|
@ -12,7 +13,7 @@ const ObjectId = require('mongodb').ObjectID;
|
|||
const router = express.Router();
|
||||
|
||||
// Admin section
|
||||
router.get('/admin', common.restrict, (req, res, next) => {
|
||||
router.get('/admin', restrict, (req, res, next) => {
|
||||
res.redirect('/admin/orders');
|
||||
});
|
||||
|
||||
|
@ -152,7 +153,7 @@ router.post('/admin/setup_action', (req, res) => {
|
|||
});
|
||||
|
||||
// settings update
|
||||
router.get('/admin/settings', common.restrict, (req, res) => {
|
||||
router.get('/admin/settings', restrict, (req, res) => {
|
||||
res.render('settings', {
|
||||
title: 'Cart settings',
|
||||
session: req.session,
|
||||
|
@ -168,7 +169,7 @@ router.get('/admin/settings', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// settings update
|
||||
router.post('/admin/createApiKey', common.restrict, common.checkAccess, async (req, res) => {
|
||||
router.post('/admin/createApiKey', restrict, checkAccess, async (req, res) => {
|
||||
const db = req.app.db;
|
||||
let result = await db.users.findOneAndUpdate({
|
||||
_id: ObjectId(req.session.userId),
|
||||
|
@ -189,7 +190,7 @@ router.post('/admin/createApiKey', common.restrict, common.checkAccess, async (r
|
|||
});
|
||||
|
||||
// settings update
|
||||
router.post('/admin/settings/update', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/update', restrict, checkAccess, (req, res) => {
|
||||
let result = common.updateConfig(req.body);
|
||||
if(result === true){
|
||||
res.status(200).json({ message: 'Settings successfully updated' });
|
||||
|
@ -200,7 +201,7 @@ router.post('/admin/settings/update', common.restrict, common.checkAccess, (req,
|
|||
});
|
||||
|
||||
// settings update
|
||||
router.post('/admin/settings/option/remove', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/option/remove', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.products.findOne({ _id: common.getId(req.body.productId) }, (err, product) => {
|
||||
if(err){
|
||||
|
@ -227,7 +228,7 @@ router.post('/admin/settings/option/remove', common.restrict, common.checkAccess
|
|||
});
|
||||
|
||||
// settings update
|
||||
router.get('/admin/settings/menu', common.restrict, async (req, res) => {
|
||||
router.get('/admin/settings/menu', restrict, async (req, res) => {
|
||||
const db = req.app.db;
|
||||
res.render('settings_menu', {
|
||||
title: 'Cart menu',
|
||||
|
@ -242,7 +243,7 @@ router.get('/admin/settings/menu', common.restrict, async (req, res) => {
|
|||
});
|
||||
|
||||
// settings page list
|
||||
router.get('/admin/settings/pages', common.restrict, (req, res) => {
|
||||
router.get('/admin/settings/pages', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.pages.find({}).toArray(async (err, pages) => {
|
||||
if(err){
|
||||
|
@ -264,7 +265,7 @@ router.get('/admin/settings/pages', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// settings pages new
|
||||
router.get('/admin/settings/pages/new', common.restrict, common.checkAccess, async (req, res) => {
|
||||
router.get('/admin/settings/pages/new', restrict, checkAccess, async (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
res.render('settings_page_edit', {
|
||||
|
@ -281,7 +282,7 @@ router.get('/admin/settings/pages/new', common.restrict, common.checkAccess, asy
|
|||
});
|
||||
|
||||
// settings pages editor
|
||||
router.get('/admin/settings/pages/edit/:page', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/settings/pages/edit/:page', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.pages.findOne({ _id: common.getId(req.params.page) }, async (err, page) => {
|
||||
if(err){
|
||||
|
@ -317,7 +318,7 @@ router.get('/admin/settings/pages/edit/:page', common.restrict, common.checkAcce
|
|||
});
|
||||
|
||||
// settings update page
|
||||
router.post('/admin/settings/pages/update', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/pages/update', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
let doc = {
|
||||
|
@ -357,7 +358,7 @@ router.post('/admin/settings/pages/update', common.restrict, common.checkAccess,
|
|||
});
|
||||
|
||||
// settings delete page
|
||||
router.get('/admin/settings/pages/delete/:page', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/settings/pages/delete/:page', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.pages.remove({ _id: common.getId(req.params.page) }, {}, (err, numRemoved) => {
|
||||
if(err){
|
||||
|
@ -373,7 +374,7 @@ router.get('/admin/settings/pages/delete/:page', common.restrict, common.checkAc
|
|||
});
|
||||
|
||||
// new menu item
|
||||
router.post('/admin/settings/menu/new', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/menu/new', restrict, checkAccess, (req, res) => {
|
||||
let result = common.newMenu(req, res);
|
||||
if(result === false){
|
||||
req.session.message = 'Failed creating menu.';
|
||||
|
@ -383,7 +384,7 @@ router.post('/admin/settings/menu/new', common.restrict, common.checkAccess, (re
|
|||
});
|
||||
|
||||
// update existing menu item
|
||||
router.post('/admin/settings/menu/update', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/menu/update', restrict, checkAccess, (req, res) => {
|
||||
let result = common.updateMenu(req, res);
|
||||
if(result === false){
|
||||
req.session.message = 'Failed updating menu.';
|
||||
|
@ -393,7 +394,7 @@ router.post('/admin/settings/menu/update', common.restrict, common.checkAccess,
|
|||
});
|
||||
|
||||
// delete menu item
|
||||
router.get('/admin/settings/menu/delete/:menuid', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/settings/menu/delete/:menuid', restrict, checkAccess, (req, res) => {
|
||||
let result = common.deleteMenu(req, res, req.params.menuid);
|
||||
if(result === false){
|
||||
req.session.message = 'Failed deleting menu.';
|
||||
|
@ -403,7 +404,7 @@ router.get('/admin/settings/menu/delete/:menuid', common.restrict, common.checkA
|
|||
});
|
||||
|
||||
// We call this via a Ajax call to save the order from the sortable list
|
||||
router.post('/admin/settings/menu/save_order', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/settings/menu/save_order', restrict, checkAccess, (req, res) => {
|
||||
let result = common.orderMenu(req, res);
|
||||
if(result === false){
|
||||
res.status(400).json({ message: 'Failed saving menu order' });
|
||||
|
@ -439,7 +440,7 @@ router.post('/admin/api/validate_permalink', (req, res) => {
|
|||
|
||||
// upload the file
|
||||
let upload = multer({ dest: 'public/uploads/' });
|
||||
router.post('/admin/file/upload', common.restrict, common.checkAccess, upload.single('upload_file'), (req, res, next) => {
|
||||
router.post('/admin/file/upload', restrict, checkAccess, upload.single('upload_file'), (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
|
||||
if(req.file){
|
||||
|
@ -517,7 +518,7 @@ router.post('/admin/file/upload', common.restrict, common.checkAccess, upload.si
|
|||
});
|
||||
|
||||
// delete a file via ajax request
|
||||
router.post('/admin/testEmail', common.restrict, (req, res) => {
|
||||
router.post('/admin/testEmail', restrict, (req, res) => {
|
||||
let config = req.app.config;
|
||||
// TODO: Should fix this to properly handle result
|
||||
common.sendEmail(config.emailAddress, 'expressCart test email', 'Your email settings are working');
|
||||
|
@ -525,7 +526,7 @@ router.post('/admin/testEmail', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// delete a file via ajax request
|
||||
router.post('/admin/file/delete', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/file/delete', restrict, checkAccess, (req, res) => {
|
||||
req.session.message = null;
|
||||
req.session.messageType = null;
|
||||
|
||||
|
@ -541,7 +542,7 @@ router.post('/admin/file/delete', common.restrict, common.checkAccess, (req, res
|
|||
});
|
||||
});
|
||||
|
||||
router.get('/admin/files', common.restrict, (req, res) => {
|
||||
router.get('/admin/files', restrict, (req, res) => {
|
||||
// loop files in /public/uploads/
|
||||
glob('public/uploads/**', { nosort: true }, (er, files) => {
|
||||
// sort array
|
||||
|
|
|
@ -4,6 +4,7 @@ const colors = require('colors');
|
|||
const randtoken = require('rand-token');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const common = require('../lib/common');
|
||||
const { restrict } = require('../lib/auth');
|
||||
|
||||
// insert a customer
|
||||
router.post('/customer/create', (req, res) => {
|
||||
|
@ -59,7 +60,7 @@ router.post('/customer/create', (req, res) => {
|
|||
});
|
||||
|
||||
// render the customer view
|
||||
router.get('/admin/customer/view/:id?', common.restrict, (req, res) => {
|
||||
router.get('/admin/customer/view/:id?', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
db.customers.findOne({ _id: common.getId(req.params.id) }, (err, result) => {
|
||||
|
@ -82,7 +83,7 @@ router.get('/admin/customer/view/:id?', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// customers list
|
||||
router.get('/admin/customers', common.restrict, (req, res) => {
|
||||
router.get('/admin/customers', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
db.customers.find({}).limit(20).sort({ created: -1 }).toArray((err, customers) => {
|
||||
|
@ -100,7 +101,7 @@ router.get('/admin/customers', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// Filtered customers list
|
||||
router.get('/admin/customers/filter/:search', common.restrict, (req, res, next) => {
|
||||
router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
let searchTerm = req.params.search;
|
||||
let customersIndex = req.app.customersIndex;
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
const express = require('express');
|
||||
const common = require('../lib/common');
|
||||
const { restrict, checkAccess } = require('../lib/auth');
|
||||
const router = express.Router();
|
||||
|
||||
// Show orders
|
||||
router.get('/admin/orders', common.restrict, (req, res, next) => {
|
||||
router.get('/admin/orders', restrict, (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// Top 10 products
|
||||
|
@ -33,7 +34,7 @@ router.get('/admin/orders', common.restrict, (req, res, next) => {
|
|||
});
|
||||
|
||||
// Admin section
|
||||
router.get('/admin/orders/bystatus/:orderstatus', common.restrict, (req, res, next) => {
|
||||
router.get('/admin/orders/bystatus/:orderstatus', restrict, (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
|
||||
if(typeof req.params.orderstatus === 'undefined'){
|
||||
|
@ -71,7 +72,7 @@ router.get('/admin/orders/bystatus/:orderstatus', common.restrict, (req, res, ne
|
|||
});
|
||||
|
||||
// render the editor
|
||||
router.get('/admin/order/view/:id', common.restrict, (req, res) => {
|
||||
router.get('/admin/order/view/:id', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.orders.findOne({ _id: common.getId(req.params.id) }, (err, result) => {
|
||||
if(err){
|
||||
|
@ -92,7 +93,7 @@ router.get('/admin/order/view/:id', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// Admin section
|
||||
router.get('/admin/orders/filter/:search', common.restrict, (req, res, next) => {
|
||||
router.get('/admin/orders/filter/:search', restrict, (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
let searchTerm = req.params.search;
|
||||
let ordersIndex = req.app.ordersIndex;
|
||||
|
@ -130,7 +131,7 @@ router.get('/admin/orders/filter/:search', common.restrict, (req, res, next) =>
|
|||
});
|
||||
|
||||
// order product
|
||||
router.get('/admin/order/delete/:id', common.restrict, (req, res) => {
|
||||
router.get('/admin/order/delete/:id', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// remove the article
|
||||
|
@ -150,7 +151,7 @@ router.get('/admin/order/delete/:id', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// update order status
|
||||
router.post('/admin/order/statusupdate', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/order/statusupdate', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.orders.update({ _id: common.getId(req.body.order_id) }, { $set: { orderStatus: req.body.status } }, { multi: false }, (err, numReplaced) => {
|
||||
if(err){
|
||||
|
|
|
@ -1,12 +1,13 @@
|
|||
const express = require('express');
|
||||
const common = require('../lib/common');
|
||||
const { restrict, checkAccess } = require('../lib/auth');
|
||||
const colors = require('colors');
|
||||
const rimraf = require('rimraf');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const router = express.Router();
|
||||
|
||||
router.get('/admin/products', common.restrict, (req, res, next) => {
|
||||
router.get('/admin/products', restrict, (req, res, next) => {
|
||||
const db = req.app.db;
|
||||
// get the top results
|
||||
db.products.find({}).sort({ 'productAddedDate': -1 }).limit(10).toArray((err, topResults) => {
|
||||
|
@ -56,7 +57,7 @@ router.get('/admin/products/filter/:search', (req, res, next) => {
|
|||
});
|
||||
|
||||
// insert form
|
||||
router.get('/admin/product/new', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/product/new', restrict, checkAccess, (req, res) => {
|
||||
res.render('product_new', {
|
||||
title: 'New product',
|
||||
session: req.session,
|
||||
|
@ -74,7 +75,7 @@ router.get('/admin/product/new', common.restrict, common.checkAccess, (req, res)
|
|||
});
|
||||
|
||||
// insert new product form action
|
||||
router.post('/admin/product/insert', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/product/insert', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
let doc = {
|
||||
|
@ -151,7 +152,7 @@ router.post('/admin/product/insert', common.restrict, common.checkAccess, (req,
|
|||
});
|
||||
|
||||
// render the editor
|
||||
router.get('/admin/product/edit/:id', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/product/edit/:id', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
common.getImages(req.params.id, req, res, (images) => {
|
||||
|
@ -182,7 +183,7 @@ router.get('/admin/product/edit/:id', common.restrict, common.checkAccess, (req,
|
|||
});
|
||||
|
||||
// Update an existing product form action
|
||||
router.post('/admin/product/update', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/product/update', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
db.products.findOne({ _id: common.getId(req.body.frmProductId) }, (err, product) => {
|
||||
|
@ -267,7 +268,7 @@ router.post('/admin/product/update', common.restrict, common.checkAccess, (req,
|
|||
});
|
||||
|
||||
// delete product
|
||||
router.get('/admin/product/delete/:id', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.get('/admin/product/delete/:id', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// remove the article
|
||||
|
@ -294,7 +295,7 @@ router.get('/admin/product/delete/:id', common.restrict, common.checkAccess, (re
|
|||
});
|
||||
|
||||
// update the published state based on an ajax call from the frontend
|
||||
router.post('/admin/product/published_state', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/product/published_state', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
db.products.update({ _id: common.getId(req.body.id) }, { $set: { productPublished: req.body.state } }, { multi: false }, (err, numReplaced) => {
|
||||
|
@ -308,7 +309,7 @@ router.post('/admin/product/published_state', common.restrict, common.checkAcces
|
|||
});
|
||||
|
||||
// set as main product image
|
||||
router.post('/admin/product/setasmainimage', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/product/setasmainimage', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// update the productImage to the db
|
||||
|
@ -322,7 +323,7 @@ router.post('/admin/product/setasmainimage', common.restrict, common.checkAccess
|
|||
});
|
||||
|
||||
// deletes a product image
|
||||
router.post('/admin/product/deleteimage', common.restrict, common.checkAccess, (req, res) => {
|
||||
router.post('/admin/product/deleteimage', restrict, checkAccess, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// get the productImage from the db
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
const express = require('express');
|
||||
const common = require('../lib/common');
|
||||
const { restrict } = require('../lib/auth');
|
||||
const colors = require('colors');
|
||||
const bcrypt = require('bcryptjs');
|
||||
const url = require('url');
|
||||
const router = express.Router();
|
||||
|
||||
router.get('/admin/users', common.restrict, (req, res) => {
|
||||
router.get('/admin/users', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.users.find({}).toArray((err, users) => {
|
||||
if(err){
|
||||
|
@ -26,7 +27,7 @@ router.get('/admin/users', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// edit user
|
||||
router.get('/admin/user/edit/:id', common.restrict, (req, res) => {
|
||||
router.get('/admin/user/edit/:id', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
db.users.findOne({ _id: common.getId(req.params.id) }, (err, user) => {
|
||||
if(err){
|
||||
|
@ -55,7 +56,7 @@ router.get('/admin/user/edit/:id', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// users new
|
||||
router.get('/admin/user/new', common.restrict, (req, res) => {
|
||||
router.get('/admin/user/new', restrict, (req, res) => {
|
||||
res.render('user_new', {
|
||||
title: 'User - New',
|
||||
admin: true,
|
||||
|
@ -68,7 +69,7 @@ router.get('/admin/user/new', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// delete user
|
||||
router.get('/admin/user/delete/:id', common.restrict, (req, res) => {
|
||||
router.get('/admin/user/delete/:id', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
if(req.session.isAdmin === true){
|
||||
db.users.remove({ _id: common.getId(req.params.id) }, {}, (err, numRemoved) => {
|
||||
|
@ -87,7 +88,7 @@ router.get('/admin/user/delete/:id', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// update a user
|
||||
router.post('/admin/user/update', common.restrict, (req, res) => {
|
||||
router.post('/admin/user/update', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
let isAdmin = req.body.user_admin === 'on';
|
||||
|
@ -140,7 +141,7 @@ router.post('/admin/user/update', common.restrict, (req, res) => {
|
|||
});
|
||||
|
||||
// insert a user
|
||||
router.post('/admin/user/insert', common.restrict, (req, res) => {
|
||||
router.post('/admin/user/insert', restrict, (req, res) => {
|
||||
const db = req.app.db;
|
||||
|
||||
// set the account to admin if using the setup form. Eg: First user account
|
||||
|
|
|
@ -2,7 +2,7 @@ const test = require('ava');
|
|||
const fs = require('fs');
|
||||
const _ = require('lodash');
|
||||
const app = require('../app');
|
||||
const common = require('../lib/common');
|
||||
const { runIndexing, fixProductDates } = require('../lib/indexing');
|
||||
const session = require('supertest-session');
|
||||
|
||||
// Get test data to compare in tests
|
||||
|
@ -15,7 +15,6 @@ let config;
|
|||
let products;
|
||||
let customers;
|
||||
let users;
|
||||
let orders;
|
||||
let request = null;
|
||||
|
||||
function setup(db){
|
||||
|
@ -30,7 +29,7 @@ function setup(db){
|
|||
return Promise.all([
|
||||
db.users.insertMany(jsonData.users),
|
||||
db.customers.insertMany(jsonData.customers),
|
||||
db.products.insertMany(common.fixProductDates(jsonData.products))
|
||||
db.products.insertMany(fixProductDates(jsonData.products))
|
||||
]);
|
||||
});
|
||||
}
|
||||
|
@ -46,7 +45,7 @@ test.before(async () => {
|
|||
db = app.db;
|
||||
|
||||
await setup(db);
|
||||
await common.runIndexing(app);
|
||||
await runIndexing(app);
|
||||
|
||||
// Get some data from DB to use in compares
|
||||
products = await db.products.find({}).toArray();
|
||||
|
@ -70,8 +69,6 @@ test.before(async () => {
|
|||
await db.orders.insert(order);
|
||||
});
|
||||
|
||||
// Get orders
|
||||
orders = await db.orders.find({}).toArray();
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue