- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
- 586
- 587
- 588
- 589
- 590
- 591
- 592
- 593
- 594
- 595
- 596
- 597
- 598
- 599
- 600
- 601
- 602
- 603
- 604
- 605
- 606
- 607
- 608
- 609
- 610
- 611
- 612
- 613
- 614
- 615
- 616
- 617
- 618
- 619
- 620
- 621
- 622
- 623
- 624
- 625
- 626
- 627
- 628
- 629
- 630
- 631
- 632
- 633
- 634
- 635
- 636
- 637
- 638
- 639
- 640
- 641
- 642
- 643
- 644
- 645
- 646
- 647
- 648
- 649
- 650
- 651
- 652
- 653
- 654
- 655
- 656
- 657
- 658
- 659
- 660
- 661
- 662
- 663
- 664
- 665
- 666
- 667
- 668
- 669
- 670
- 671
- 672
- 673
- 674
- 675
- 676
- 677
- 678
- 679
- 680
- 681
- 682
- 683
- 684
- 685
- 686
- 687
- 688
- 689
- 690
- 691
- 692
- 693
- 694
- 695
- 696
- 697
- 698
- 699
- 700
- 701
- 702
- 703
- 704
- 705
- 706
- 707
- 708
- 709
- 710
- 711
- 712
- 713
- 714
- 715
- 716
- 717
- 718
- 719
- 720
- 721
- 722
- 723
- 724
- 725
- 726
- 727
- 728
- 729
- 730
- 731
- 732
- 733
- 734
- 735
- 736
- 737
- 738
- 739
- 740
- 741
- 742
- 743
- 744
- 745
- 746
- 747
- 748
- 749
- 750
- 751
- 752
- 753
- 754
- 755
- 756
- 757
- 758
- 759
- 760
- 761
- 762
- 763
- 764
- 765
- 766
- 767
- 768
- 769
- 770
- 771
- 772
- 773
- 774
- 775
- 776
- 777
- 778
- 779
- 780
- 781
- 782
- 783
- 784
- 785
- 786
- 787
- 788
- 789
- 790
- 791
- 792
- 793
- 794
- 795
- 796
- 797
- 798
- 799
- 800
- 801
- 802
- 803
- 804
- 805
- 806
- 807
- 808
- 809
- 810
- 811
- 812
- 813
- 814
- 815
- 816
- 817
- 818
- 819
- 820
- 821
- 822
- 823
- 824
- 825
- 826
- 827
- 828
- 829
- 830
- 831
- 832
- 833
- 834
- 835
- 836
- 837
- 838
- 839
- 840
- 841
- 842
- 843
- 844
- 845
- 846
- 847
- 848
- 849
- 850
- 851
- 852
- 853
- 854
- 855
- 856
- 857
- 858
- 859
- 860
- 861
- 862
- 863
- 864
- 865
- 866
- 867
- 868
- 869
- 870
- 871
- 872
- 873
- 874
- 875
- 876
- 877
- 878
- 879
- 880
- 881
- 882
- 883
- 884
- 885
- 886
- 887
- 888
- 889
- 890
- 891
- 892
- 893
- 894
- 895
- 896
- 897
- 898
- 899
- 900
- 901
- 902
- 903
- 904
- 905
- 906
- 907
- 908
- 909
- 910
- 911
- 912
- 913
- 914
- 915
- 916
- 917
- 918
- 919
- 920
- 921
- 922
- 923
- 924
- 925
- 926
- 927
- 928
- 929
- 930
- 931
- 932
- 933
- 934
- 935
- 936
- 937
- 938
- 939
- 940
- 941
- 942
- 943
- 944
- 945
- 946
- 947
- 948
- 949
- 950
- 951
- 952
- 953
- 954
- 955
- 956
- 957
- 958
- 959
- 960
- 961
- 962
- 963
- 964
- 965
- 966
- 967
- 968
- 969
- 970
- 971
- 972
- 973
- 974
- 975
- 976
- 977
- 978
- 979
- 980
- 981
- 982
- 983
- 984
- 985
- 986
- 987
- 988
- 989
- 990
- 991
- 992
- 993
- 994
- 995
- 996
- 997
- 998
- 999
- 1000
- 1001
- 1002
- 1003
- 1004
- 1005
- 1006
- 1007
- 1008
- 1009
- 1010
- 1011
- 1012
- 1013
- 1014
- 1015
- 1016
- 1017
- 1018
- 1019
- 1020
- 1021
- 1022
- 1023
- 1024
- 1025
- 1026
- 1027
- 1028
- 1029
- 1030
- 1031
- 1032
- 1033
- 1034
- 1035
- 1036
- 1037
- 1038
- 1039
- 1040
- 1041
- 1042
- 1043
- 1044
- 1045
- 1046
- 1047
- 1048
- 1049
- 1050
- 1051
- 1052
- 1053
- 1054
- 1055
- 1056
- 1057
- 1058
- 1059
- 1060
- 1061
- 1062
- 1063
- 1064
- 1065
- 1066
- 1067
- 1068
- 1069
- 1070
- 1071
- 1072
- 1073
- 1074
- 1075
- 1076
- 1077
- 1078
- 1079
- 1080
- 1081
- 1082
- 1083
- 1084
- 1085
- 1086
- 1087
- 1088
- 1089
- 1090
- 1091
- 1092
- 1093
- 1094
- 1095
- 1096
- 1097
- 1098
- 1099
- 1100
- 1101
- 1102
- 1103
- 1104
- 1105
- 1106
- 1107
- 1108
- 1109
- 1110
/*
The flow is really easy:
| you collect card details client-side,
ā you create a token, you send the token to the server and there
| you create a customer or add the card to an existing one.
*/
import bcrypt from 'bcrypt'
import crypto from 'crypto'
import moment from 'moment'
import jwt from 'jsonwebtoken'
import { readFileSync } from 'fs'
import Stripe from 'stripe'
import Mailgun from 'mailgun-js'
import { isEqual } from 'underscore'
import Datastore from '@google-cloud/datastore'
import validation from '../settings/validation'
import { isEmail, isLength, isAlpha } from 'validator'
const ds = Datastore()
export default class User
{
/*********************************************************
* ADDRESSES
*********************************************************/
/*
* Get a user's list of addresses.
*/
static async getAddresses (ctx)
{
const [, user] = await User._getUserEntity(ctx)
if (!user)
{
return ctx.body = {
result: 0,
code: 'NO_USER'
}
}
return ctx.body = {
result: 1,
payload: {
addresses: user.shippingAddresses
}
}
}
/*
* Add an address to the user's address list.
*/
static async addAddress (ctx)
{
const street = ctx.request.body.street
const city = ctx.request.body.city
const state = ctx.request.body.state
const zip = ctx.request.body.zip
const country = ctx.request.body.country
if ( ! isLength(street, { min: 2 })
|| ! isLength(city, { min: 1 })
|| ! isLength(state, { min: 2, max: 2 })
|| ! isAlpha(state)
|| ! /[0-9a-zA-Z]+/i.test(zip)
){
return ctx.body = 'invalid form args'
}
const [userKey, user] = await User._getUserEntity(ctx)
if (user === undefined)
{
return ctx.body = { result: 0,
payload: {
message: 'no user'
}
}
}
var addresses = user.shippingAddresses
const newAddress = {
street,
city,
state,
zip,
country
}
for (let address of addresses)
{
// One will have an id, one won't. so remove id for comparison
let id = address.id
delete address.id
if (isEqual(address, newAddress))
{
return ctx.body = {
result: 0,
payload: {
message: 'This address is already in your list.'
}
}
}
// Ok, add the id back, lol.
address.id = id
}
newAddress.id = Date.now(),
addresses.push( newAddress )
const entity = { key: userKey, data: user }
try
{
await ds.update(entity)
return ctx.body = {
result: 1,
payload: {
message: 'Address added to your list.',
address: newAddress
}
}
}
catch (e)
{
ctx.body = { result: 0, payload: 'Server error. Please try again' }
}
}
/*
* Updates a user's address.
* We use an id to identify which address
* to update.
*/
static async updateAddress (ctx)
{
// 1. Get user entity
const [userKey, user] = await User._getUserEntity(ctx)
// 2. Loop addresses, comparing IDs
if (user)
{
// Make sure address id sent in body exists in an address in user's list
var exists = !!user.shippingAddresses.filter( o => o.id == ctx.request.body.address.id )
if (exists)
{
// Remove the address to update from user's list. (we're replacing it)
user.shippingAddresses = user.shippingAddresses.filter(o => o.id != ctx.request.body.address.id)
user.shippingAddresses.push( ctx.request.body.address )
}
else
{
return ctx.body = {
result: 0, payload: {
message: 'Address updated!'
}
}
}
const entity = { key: userKey, data: user }
try
{
await ds.update(entity)
return ctx.body = { result: 1, payload: 'Address updated!' }
}
catch (e)
{
//TODO log e
return ctx.body = {
result: 0, payload: {
message: 'Could not update address'
}
}
}
}
else
{
// Error. No user found. TODO log
return ctx.body = {
result: 'error',
payload: {
code: 'NO_USER',
message: 'User not found'
}}
}
}
/*
* Delete a user's address.
* Unlike the updateAddress and addAddress where we
* send an entire object here, we simply send the ID
*/
static async deleteAddress (ctx)
{
const requestId = ctx.request.query.id
if (!requestId)
{
return
}
const [userKey, user] = await User._getUserEntity(ctx)
if (!user)
{
return ctx.body = { result: 0, payload: 'Error.' }
}
user.shippingAddresses = user.shippingAddresses.filter(o => o.id != requestId)
try
{
await ds.update({ key: userKey, data: user })
return ctx.body = {
result: 1, payload: {
message: 'Address deleted!',
addresses: user.shippingAddresses
}
}
}
catch (e)
{
// TODO log e
return ctx.body = {
result: 'error', payload: {
message: 'Could not delete address'
}
}
}
}
/*********************************************************
* USER ACCOUNT
*********************************************************/
/*
* Registers a user
*/
static async register (ctx)
{
const email = ctx.request.body.email
const password = ctx.request.body.password
const passwordMin = validation.global.password.minLength
const passwordMax = validation.global.password.maxLength
if (!isEmail(email))
{
return ctx.body = {result: 0, payload: "Invalid e-mail"}
}
if (!isLength(password, {min: passwordMin, max: passwordMax}))
{
return ctx.body = {result: 0, payload: "Password must be 4-25 characters long"}
}
const mailLockKey = ds.key(['MailLock', email])
const emailExists = await ds.get(mailLockKey)
if (emailExists[0] !== undefined)
{
return ctx.body = {
result: 0,
payload: {
message: "E-mail is already registered. <a href=''>Forgot password?</a>"
}
}
}
// At this point, email does not exist and account can be created.
// Let's first create a Stripe customer and grab its id
// Before inserting into the datastore, create Stripe user
// TODO if user updates email, update in stripe too
// TODO if adding to stripe fails, delete from datastore
const stripe = Stripe(process.env.STRIPE)
const emailDomain = 'mail.bnbcrate.com'
const mailgun = Mailgun({
apiKey: process.env.MAILGUN,
domain: emailDomain
})
const stripeCustomer = await stripe.customers.create({
description: `Customer for ${email}`,
})
const hash = bcrypt.hashSync(password, 10)
const transaction = ds.transaction()
await transaction.run()
const userKey = ds.key(['User'])
// Allocate one id in datastore.
const allocatedUser = await transaction.allocateIds(userKey, 1)
// Our allocated id. We'll create a User key with it later
const userId = allocatedUser[0][0].id
// Unique token
const token = jwt.sign({
email: ctx.request.body.email,
id: userId,
stripeId: stripeCustomer.id,
}, process.env.JWT)
// We will send this to client, and set some values
// for userEntity from here. Any information that isn't
// needed on client state should be omitted.
const userState = {
jwt: token,
email: email.toLowerCase(),
stripeId: stripeCustomer.id,
shippingAddresses: [],
level: 9,
preferences: { receiveEmails: true },
}
// User stored in datastore. Some (default) values used from userState
const userEntity = {
key: ds.key(['User', userId]),
data: [
{
name: 'email',
value: userState.email
},
{
name: 'password',
value: hash,
excludeFromIndexes: true,
},
{
name: 'stripeId',
value: userState.stripeId,
},
{
name: 'shippingAddresses',
value: userState.shippingAddresses,
excludeFromIndexes: true,
},
{
name: 'preferences',
value: userState.preferences,
excludeFromIndexes: true,
},
{
name: 'level',
value: 9,
excludeFromIndexes: true,
}
]
}
const mailLockEntity = {
key: mailLockKey,
data: [
{
name: 'userId',
value: userId
}
]
}
try
{
await transaction.save([mailLockEntity, userEntity])
// Only want to commit if no errors were thrown above.
// Once you commit, rolling back transaction errors.
// Sp, ie, if process.env.JWT isnt set, the above
// token will error, and we won't be able to roll bacl
// if we put commit before that.
await transaction.commit()
// Send email
const emailTemplate = readFileSync(`${__dirname}/../email-templates/register.html`, 'utf-8')
const emaildata = {
from: `bnbcrate <welcome@${emailDomain}>`,
to: 'bruce83@gmail.com',
subject: 'Welcome to bnbcrate!',
html: emailTemplate
}
mailgun.messages().send(emaildata, (e, body) => {
if (e)
{
// TODO log
}
})
// This becomes the user's state on the client
return ctx.body = {
result: 1,
payload: userState
}
}
catch (e)
{
// TODO log
console.log(e)
await transaction.rollback()
// Delete stripe customer too
stripe.customers.del(stripeCustomer.id, (e, confirm) => { })
return ctx.body = {
result: 0,
payload: {
message: 'an error occurred.'
}
}
}
finally {
// Add user to mail list. do nothing if this errors.
const user = {
subscribed: true,
address: email,
name: ''
}
const list = mailgun.lists(`news@${emailDomain}`)
list.members().create(user, (e, data) => { })
}
}
/*
* Logs a user in
*/
static async login (ctx)
{
const password = ctx.request.body.password
const email = ctx.request.body.email
if (!email || !isEmail(email))
{
return // TODO log
}
const mailLockKey = ds.key(['MailLock', email.toLowerCase()])
var mailLock = await ds.get(mailLockKey)
mailLock = mailLock[0]
if (mailLock == undefined)
{
return ctx.body = {
result: 0,
payload: {
message: "Invalid username/password"
}
}
}
const userKey = ds.key(['User', mailLock.userId])
var user = await ds.get(userKey)
user = user[0]
if (!user)
{
return
}
if (!bcrypt.compareSync(password, user.password))
{
return ctx.body = {
result: 0,
payload: {
message: "Wrong username/password"
}
}
}
const token = jwt.sign({
email: ctx.request.body.email ,
id: mailLock.userId,
level: user.level,
stripeId: user.stripeId
}, process.env.JWT)
return ctx.body = {
result: 1,
payload: {
jwt: token,
email: email,
stripeId: user.stripeId,
id: mailLock.userId,
addresses: user.shippingAddresses,
preferences: user.preferences,
// We don't want to fetch Stripe for credit cards and slow down
// login process. Send back empty array, after login, fetch
// the cards and populate the state on the front end
cards: [],
}
}
}
static async logout (ctx)
{
}
/*
* Resets a user's password
*/
static async resetPassword (ctx)
{
// 1. See if email exists. get email and user id, and create a hash
// 1. create [id] [email] [hash] [expiry (24hrs from now)]
// 2. send email to user
// 3. bnbcrate.com/reset-password?hash=123ij123im123im13j1n 23mkn23
// - before mount, fetch hash from db, see if it expired
// 4. show form
const email = ctx.request.body.email ? ctx.request.body.email.toLowerCase() : ''
const form = ctx.request.body.form
if (!email)
{
// TODO log - someone tried to post no email
return ctx.body = { result: 0 }
}
if (form == 'forgot')
{
const hash = crypto.randomBytes(20).toString('hex')
const resetEntity = {
key: ds.key(['Reset', hash]),
data: [
{
name: 'email',
value: email.toLowerCase()
},
{
name: 'expiry',
value: Date.now()
}
]
}
await ds.upsert(resetEntity)
.then(() => {
return ctx.body = { result: 1, payload: { hash, } }
})
.catch(() => {
return ctx.body = { result: 0 }
})
}
else if (form == 'reset')
{
const password = ctx.request.body.password
var hash = ctx.request.body.hash
const passwordMin = validation.global.password.minLength
const passwordMax = validation.global.password.maxLength
if (!isLength(password, { min: passwordMin , max: passwordMax}))
{
return ctx.body = {
result: 0,
payload: {
message: validation.global.password.message
}
}
}
if (!hash)
{
return ctx.body = { result: 0, payload: { message: 'Need a hash.' } }
}
// If hash starts with a #, strip it
if (hash[0] == '#')
{
hash = hash.slice(1)
}
// 1. fetch hash.
const resetKey = ds.key(['Reset', hash])
var resetEntity = await ds.get(resetKey)
resetEntity = resetEntity[0]
if (!resetEntity)
{
return ctx.body = {
result: 0,
payload: {
message: 'Hash not found'
}
}
}
// If email sent here doesn't match email for hash in ds
if (resetEntity.email.toLowerCase() != email)
{
console.log(`${resetEntity.email} ${email}`)
return ctx.body = {
result: 0,
payload: {
message: 'Wrong e-mail'
}
}
}
// If hash expired TODO
// https://momentjs.com/docs/#/displaying/difference/
// 86400 seconds in a day. Check difference from Date.now() in ds
if (moment().diff(resetEntity.expiry, 'seconds') > 86400)
{
return ctx.body = {
result: 0,
payload: {
message: 'Hash expired.'
}
}
}
// 1. grab user by email (query)
const userQuery = ds.createQuery('User')
.filter('email', '=', email)
.limit(1)
var userEntity = await ds.runQuery(userQuery)
userEntity = userEntity[0][0]
if (!userEntity)
{
return ctx.body = {
result: 0,
payload: { message: 'User not found.' }
}
}
// 2. Update user entity with new password
const newUserEntity = {
key: userEntity[ds.KEY],
data: {
...userEntity, password: bcrypt.hashSync(password, 10) }
}
await ds.update(newUserEntity).then(() => {
return ctx.body = { result: 1 }
})
.catch(e => {
// TODO log
return ctx.body = {
result: 0,
payload: { message: 'Could not update password.' }
}
})
// 3. Set expiry date to now(), so cron job can delete when it runs through
resetEntity = {
key: resetKey,
data: {
...resetEntity, expiry: Date.now()
}
}
ds.update(resetEntity).then(() => { })
.catch(e => {
// TODO log
// could not update reset entity
})
// ag5zfmJuYmNyYXRlLWRldnIaCxIEVXNlciIQNTY4MTAzNDA0MTQ5MTQ1Ngw
// ag5zfmJuYmNyYXRlLWRldnIaCxIEVXNlciIQNTY4MTAzNDA0MTQ5MTQ1Ngw
// if success and has not expired, set it to a previous
// date to make it expired, so cronjob can clear it.
}
}
/*
* Updates/changes a user password.
*/
static async updatePassword (ctx)
{
const currentPassword = ctx.request.body.current
const newPassword1 = ctx.request.body.new
const newPassword2 = ctx.request.body.new2
const passwordMin = validation.global.password.minLength
const passwordMax = validation.global.password.maxLength
if (!currentPassword || !newPassword1 || !newPassword2)
{
// TODO log.
return
}
if (!isLength(newPassword1, {min: passwordMin, max: passwordMax}))
{
return ctx.body = {
result: 0,
payload: {
message: validation.global.password.message
}
}
}
const [userKey, user] = await User._getUserEntity(ctx)
if (!bcrypt.compareSync(currentPassword, user.password))
{
return ctx.body = {
result: 0,
payload: {
message: "Current password isn't valid"
}
}
}
try
{
await ds.update({ key: userKey, data: {...user, password: bcrypt.hashSync(newPassword1, 10)} })
return ctx.body = {
result: 1,
payload: {
message: 'Password updated!'
}
}
}
catch (e)
{
// TODO log
return ctx.body = {
result: 0,
payload: {
message: 'Unknown error!'
}
}
}
// $2a$10$DrBD.OXZ3RJlKdk0R7wDNuxbPkWRjvFPj2GrY8w9tdmzHcYFoHHjK
//
}
/*********************************************************
* USER CREDIT CARDS
*********************************************************/
/*
* Saves a credit card for the user
*/
static async addCreditCard (ctx)
{
// 1. Grab user's Stripe id
const [, user] = await User._getUserEntity(ctx)
const token = ctx.request.body.token
// 2. Append the credit card (hashed as a token) to the customer
try
{
const stripe = Stripe(process.env.STRIPE)
const card = await stripe.customers.createSource(user.stripeId, { source: token.id })
return ctx.body = { result: 1, payload: {
card,
message: 'Credit card added!'
}}
}
catch (e)
{
// TODO log
console.log(e)
return ctx.body = { result: 0, payload: {
message: 'Unknown error. Please try again.'
}}
}
}
/*
* returns a list of user's credit cards
*/
static async getAllCreditCards (ctx)
{
const [userKey, user] = await User._getUserEntity(ctx)
try
{
const stripe = Stripe(process.env.STRIPE)
const cards = await stripe.customers.listCards(user.stripeId)
return ctx.body = { result: 1, payload: { cards: cards.data } }
}
catch (e)
{
// TODO log
return ctx.body = {
result: 0,
payload: {
message: 'Could not get your saved cards.'
}
}
}
}
/*
* Delete a user's credit card.
*/
static async deleteCreditCard (ctx)
{
const requestId = ctx.request.query.id
if (!requestId)
{
return
}
const [, user] = await User._getUserEntity(ctx)
if (!user)
{
return ctx.body = { result: 0, payload: 'Error.' } // TODO log
}
var ret = { result: null, payload: {} }
try
{
const req = await stripe.customers.deleteCard( user.stripeId, requestId )
if (req.deleted)
{
ret.result = 1
}
else
{
ret.result = 0
}
}
catch (e)
{
ret.result = 0 // TODO log e
}
if (ret.result)
{
ret.payload.message = 'Credit Card delete!'
}
else
{
ret.payload.message = 'Could not delete card!'
}
return ctx.body = ret
}
/*********************************************************
* USER PREFERENCES
*********************************************************/
/* No need for getUserpreferences - done when logging in */
/*
* Updates user's preferences object.
* We do validation for each field here, too.
*/
static async updatePreferences (ctx)
{
const preferences = ctx.request.body.preferences
const [userKey, user] = await User._getUserEntity(ctx)
// Initiate Mailgun
const emailDomain = 'mail.bnbcrate.com'
const mailgun = Mailgun({
apiKey: process.env.MAILGUN,
domain: emailDomain
})
const list = mailgun.lists(`news@${emailDomain}`)
// receiveEmails must be bool
if (typeof preferences.receiveEmails != 'boolean')
{
preferences.receiveEmails = true
}
/*
try
{
await ds.update({ key: userKey, data: user})
return ctx.body = {
result: 1,
payload: {
message: 'Settings updated'
}
}
}
catch (e)
{
// TODO log
return ctx.body = {
result: 0,
payload: {
message: 'Unknown error'
}
}
}
*/
const promise = new Promise((res, rej) => {
})
let userEmail = ctx.state.user.email
let subscribed = preferences.receiveEmails
list.members(userEmail).update({"subscribed" : subscribed}, (e, data) => {
if (e)
{
console.log('bad')
return ctx.body = {
result: 0,
payload: {
message: 'Unknown error'
}
}
}
else
{
console.log('all done')
return ctx.body = {
result: 1,
payload: {
message: ''
}
}
}
})
}
/*********************************************************
* ORDERS
*********************************************************/
/*
* Grabs user's order history.
*/
static async getOrders (ctx)
{
if (!ctx.state.user.id)
{
return
}
const query = ds.createQuery('Order')
.filter('userId', '=', ctx.state.user.id)
//.order('date', { descending: true })
try
{
var results = await ds.runQuery(query)
const orders = results[0].map(o => {
var items = []
Object.keys(o.items).forEach(crateName => {
// [shower crate, 2], etc
items.push([crateName, o.items[crateName].quantity])
})
return {
total: o.total,
items,
date: new Date(o.date).toString().split(' ').slice(1, 4).join(' '),
address: `${o.shippingAddress.street}, ${o.shippingAddress.city}`
}
})
return ctx.body = {
result: 1,
payload: {
orders,
}
}
}
catch (e)
{
console.log('error fetching order')
}
}
/*********************************************************
* PRIVATE METHODS.
* Mostly helpers
*********************************************************/
/*
* Grabs a User entity from the datastore.
* if redirect is true, it will send back a
* an error with code NO_USER, so that the
* client can redirect
* @param {Bool} redirect
*/
static async _getUserEntity (ctx)
{
if (!ctx.state.user)
{
return [null, null]
}
const userKey = ds.key(['User', ctx.state.user.id])
const user = await ds.get(userKey)
if (user[0] == undefined)
{
return [null, null]
}
else
{
return [userKey, user[0]]
}
}
}