Merge pull request Human-Connection#19 from Human-Connection/develop

merge usersettings into master

Author: appinteractive

package.json

@@ -33,15 +33,15 @@
     "yarn": ">= 1.3.0"
   },
   "scripts": {
-    "clear": "shx rm -Rf tmp",
+    "clear": "rm -Rf tmp",
     "test": "npm run eslint && npm run mocha",
     "eslint": "eslint server/. test/. --config .eslintrc.json",
     "start": "concurrently 'mongod' 'wait-on tcp:27017 && NODE_ENV=production node server/'",
     "start:win": "concurrently \"mongod\" \"wait-on tcp:27017 &&SET NODE_ENV=production&& node server/\"",
     "dev:debug": "npm run clear && concurrently '$npm_package_config_mongoDev' 'wait-on tcp:27017 && NODE_ENV=development nodemon --inspect server/'",
     "dev": "npm run clear && concurrently '$npm_package_config_mongoDev' 'wait-on tcp:27017 && NODE_ENV=development DEBUG=feathers nodemon server/'",
     "dev:noseed": "concurrently 'mongod --dbpath data' 'wait-on tcp:27017 && NODE_ENV=development DEBUG=feathers nodemon server/'",
-    "dev:win": "npm run clear && concurrently \"mongod --dbpath data\" \"wait-on tcp:27017&&SET NODE_ENV=development&&SET DEBUG=feathers&& nodemon --inspect server/\"",
+    "dev:win": "npm run clear && concurrently \"mongod --dbpath /data/db\" \"wait-on tcp:27017&& cross-env NODE_ENV=development&& cross-env DEBUG=feathers&& nodemon --inspect server/\"",
     "mocha": "npm run clear && $npm_package_config_concurrently '$npm_package_config_mongoDev &>/dev/null' 'wait-on tcp:27017 && NODE_ENV=test $npm_package_config_mocha'",
     "coverage": "npm run clear && $npm_package_config_concurrently '$npm_package_config_mongoDev &>/dev/null' 'wait-on tcp:27017 && NODE_ENV=test istanbul cover $npm_package_config_mochaCoverage'"
   },
@@ -56,6 +56,7 @@
     "cheerio": "^1.0.0-rc.2",
     "compression": "~1.7.1",
     "cors": "~2.8.4",
+    "cross-env": "^5.1.4",
     "crypto": "~1.0.1",
     "crypto-js": "^3.1.9-1",
     "dauria": "~2.0.0",

server/authentication.js

@@ -24,4 +24,17 @@ module.exports = function () {
       ]
     }
   });
+
+  app.on('login', (result, meta) => {
+    try {
+      if (meta.connection && meta.connection.user) {
+        // update last active timestamp on loggedin user
+        app.service('users').patch(meta.connection.user, {
+          lastActiveAt: new Date()
+        });
+      }
+    } catch (err) {
+      app.error(err);
+    }
+  });
 };

server/helper/get-unique-slug.js

@@ -1,21 +1,28 @@
-const getUniqueSlug = (service, slug, count) => {
+const getUniqueSlug = (service, slug, count, id) => {
   return new Promise(resolve => {
-    const testslug = count?slug+count:slug;
+    const testSlug = count ? slug + count : slug;
 
     // Test if we already have data with this slug
+    const query = {
+      slug: testSlug
+    };
+    // ignore entry with given id (if set)
+    if (id) {
+      query._id = {
+        $ne: id
+      };
+    }
     service.find({
-      query: {
-        slug: testslug
-      }
+      query
     }).then((result) => {
-      if(result.data.length > 0) {
-        count = count?count+1:1;
+      if (result.data.length > 0) {
+        count = count ? count + 1 : 1;
         resolve(getUniqueSlug(service, slug, count));
       } else {
-        resolve(testslug);
+        resolve(testSlug);
       }
     });
   });
 };
 
-module.exports = getUniqueSlug;
+module.exports = getUniqueSlug;

server/helper/seed-helpers.js

@@ -78,7 +78,7 @@ module.exports = {
     }
     return 'https://source.unsplash.com/daily?' + unsplashTopicsTmp.pop() + ',' + unsplashTopicsTmp.pop();
   },
-  randomCategories: (seederstore, allowEmpty = true) => {
+  randomCategories: (seederstore, allowEmpty = false) => {
     let count = Math.round(Math.random() * 3);
     if (allowEmpty === false && count === 0) {
       count = 1;

server/hooks/create-excerpt.js

@@ -21,19 +21,14 @@ module.exports = function (options = {}) { // eslint-disable-line no-unused-vars
     try {
       /* eslint no-use-before-define: 0 */  // --> OFF
       const content = sanitizeHtml(hook.data[options.field], sanitizeOptions)
-      .replace(/\<br\>|\<\/br\>|\<\/ br\>|\<br\>|\<br\\\>/ig, "\n")
-      .replace(/\<p\>\<br\>\<\/p\>/ig, ' ')
+      .replace(/\<br\s*\>|\<br\s*\/\>/ig, "\n")
       .replace(/(\ ){2,}/ig, ' ')
       .trim();
       hook.data[`${options.field}Excerpt`] = trunc(content, options.length, {
         ignoreTags: ['img', 'script', 'iframe']
       }).html;
     } catch (err) {
-      if (hook.data.teaserImg) {
-        hook.data[`${options.field}Excerpt`] = '-----';
-      } else {
-        throw new Error('Text content needed!');
-      }
+      throw new Error('Text content needed!');
     }
     hook.data[options.field] = hook.data[options.field]
       .replace(/(\ ){2,}/ig, ' ')

server/hooks/create-slug.js

@@ -1,27 +1,26 @@
 // https://www.npmjs.com/package/slug
 const slug = require('slug');
 const getUniqueSlug = require('../helper/get-unique-slug');
-const _ = require('lodash');
+const { isEmpty } = require('lodash');
 
-module.exports = function (options = { field: null }) {
+module.exports = function (options = { field: null, overwrite: false }) {
   return function (hook) {
-    if(!options.field || !hook.data[options.field]) return hook;
+    if (!options.field || !hook.data[options.field]) return hook;
 
     // do not overwrite existing slug
-    // TODO: we should make that possible and relying on ids for routing insead only on slugs
+    // TODO: we should make that possible and relying on ids for routing instead only on slugs
     // the slug should be there for seo reasons but the id should be what counts
-    if (!_.isEmpty(hook.data.slug)) return hook;
+    if (!isEmpty(hook.data.slug) && options.overwrite !== true) return hook;
 
     return new Promise(resolve => {
-
-      const titleslug = slug(hook.data[options.field], {
+      const titleSlug = slug(hook.data[options.field], {
         lower: true
       });
-
-      getUniqueSlug(hook.service, titleslug).then((uniqueslug) => {
-        hook.data.slug = uniqueslug;
-        resolve(hook);
-      });
+      getUniqueSlug(hook.service, titleSlug, null, hook.id)
+        .then((uniqueSlug) => {
+          hook.data.slug = uniqueSlug;
+          resolve(hook);
+        });
     });
   };
 };

server/hooks/is-moderator-boolean.js

@@ -1,7 +1,7 @@
 // Check if user is moderator
 module.exports = () => hook => {
-  if(!hook.params || !hook.params.user || !['admin','moderator'].includes(hook.params.user.role)) {
+  if(!hook.params || !hook.params.user) {
     return false;
   }
-  return true;
+  return ['admin', 'moderator'].includes(hook.params.user.role);
 };

server/hooks/map-create-to-upsert.js

@@ -0,0 +1,26 @@
+// upsert if needed
+// https://blog.feathersjs.com/how-to-use-upsert-for-better-performance-with-feathers-mongoose-ec40e45d0d4a
+
+module.exports = function (upsertQuery) {
+  if (typeof upsertQuery !== 'function') {
+    throw new Error('No `upsertQuery` function was passed to the mapCreateToUpsert hook. Please set params.upsertQuery in the hook context to dynamically declare the function.');
+  }
+
+  return function mapCreateToUpsert (context) {
+    const { service, data, params } = context; // const data = { address: '123', identifier: 'my-identifier' }
+
+    upsertQuery = params.upsertQuery || upsertQuery;
+    if (typeof upsertQuery !== 'function') {
+      throw new Error('you must pass a `upsertQuery` function to the mapCreateToUpsert hook in the options or as `params.upsertQuery` in the hook context');
+    }
+
+    params.mongoose = Object.assign({}, params.mongoose, { upsert: true });
+    params.query = upsertQuery(context); // { address: '123' }
+
+    return service.patch(null, data, params)
+      .then(result => {
+        context.result = result;
+        return context;
+      });
+  };
+};

server/hooks/restrictReviewAndEnableChange.js

@@ -0,0 +1,37 @@
+const { getByDot, deleteByDot } = require('feathers-hooks-common');
+
+module.exports = function restrictReviewAndEnableChange () { // eslint-disable-line no-unused-vars
+  return (hook) => {
+
+    if (!getByDot(hook, 'params.before')) {
+      throw new Error('The "restrictReviewAndEnableChange" hook should be used after the "stashBefore()" hook');
+    }
+
+    const role = getByDot(hook, 'params.user.role');
+    const isModOrAdmin = role && ['admin', 'moderator'].includes(role);
+    const isReviewed = getByDot(hook, 'params.before.reviewedBy');
+    const userId = getByDot(hook, 'params.user._id');
+    const ownerId = getByDot(hook, 'params.before.userId');
+    const isOwner = userId && ownerId && ownerId.toString() === userId.toString();
+
+    // only allow mods and admins to change the review status
+    if (!isModOrAdmin) {
+      deleteByDot(hook.data, 'isReviewed');
+    }
+
+    // set reviewedBy to current user if the user has mod rights
+    // and wants to confirm the review status
+    deleteByDot(hook.data, 'reviewedBy');
+    if (hook.data.isReviewed) {
+      hook.data.reviewedBy = userId;
+    }
+
+    // only allow changes to mods, admin and owners (if its already reviewed)
+    if (!isModOrAdmin && (!isOwner || (isOwner && !isReviewed))) {
+      deleteByDot(hook.data, 'isEnabled');
+    }
+
+    return hook;
+  };
+};
+

server/hooks/restrictToOwnerOrModerator.js

@@ -0,0 +1,63 @@
+const { getByDot } = require('feathers-hooks-common');
+const errors = require('feathers-errors');
+
+module.exports = function restrictToOwnerOrModerator (query = {}) { // eslint-disable-line no-unused-vars
+  return function (hook) {
+    if (hook.type !== 'before') {
+      throw new Error('The "restrictToOwnerOrModerator" hook should only be used as a "before" hook.');
+    }
+    const isFindOrGet = ['find', 'get'].includes(hook.method);
+    if (!isFindOrGet && !getByDot(hook, 'params.before')) {
+      throw new Error('The "restrictToOwnerOrModerator" hook should be used after the "stashBefore()" hook');
+    }
+
+    if (!hook.params || !hook.params.user) {
+      return false;
+    }
+
+    const role = getByDot(hook, 'params.user.role');
+    const isModOrAdmin = role && ['admin', 'moderator'].includes(role);
+
+    const userId = getByDot(hook, 'params.user._id');
+    const ownerId = getByDot(hook, 'params.before.userId');
+    const isOwner = userId && ownerId && ownerId.toString() === userId.toString();
+
+    // allow for mods or admins
+    if (isModOrAdmin) {
+      return hook;
+    }
+
+    // change the query if the method is find or get
+    if (isFindOrGet) {
+      // restrict to owner or given query
+      const restrictedQuery = {
+        $or: [
+          { userId },
+          { ...query }
+        ]
+      };
+      hook.params.query = Object.assign(hook.params.query, restrictedQuery);
+      return hook;
+    }
+
+    let hasError = false;
+    const keys = Object.keys(query);
+    if (!isOwner && keys.length) {
+      keys.forEach((key) => {
+        if (query[key] !== getByDot(hook, `params.before.${key}`)) {
+          hasError = true;
+        }
+      });
+      if (hasError) {
+        // if any of the given query params is not identical with the current values this action is forbidden
+        throw new errors.Forbidden('You can\'t alter this record!');
+      }
+    } else if (!isOwner) {
+      // his action is forbidden if its not the owner
+      throw new errors.Forbidden('You can\'t alter this record!');
+    }
+
+    return hook;
+  };
+};
+