import { ObjectID } from 'mongodb'; import { VerifyPasswordError, UserAlreadyExistError, InvalidTokenError, NotFoundError, UserNotFoundError, PermissionError, DomainAlreadyExistsError, } from '../error'; import { Mdoc } from '../interface'; import * as bus from '../service/bus'; import { Route, Connection, Handler, ConnectionHandler, param, Types, } from '../service/server'; import * as misc from '../lib/misc'; import { md5 } from '../lib/crypto'; import * as mail from '../lib/mail'; import * as contest from '../model/contest'; import message from '../model/message'; import * as document from '../model/document'; import * as system from '../model/system'; import user from '../model/user'; import * as setting from '../model/setting'; import domain from '../model/domain'; import * as discussion from '../model/discussion'; import token from '../model/token'; import * as training from '../model/training'; import { PERM, PRIV } from '../model/builtin'; import { isContent, isPassword, isEmail, isTitle, } from '../lib/validator'; const { geoip, useragent } = global.Hydro.lib; class HomeHandler extends Handler { async homework(domainId: string) { if (this.user.hasPerm(PERM.PERM_VIEW_HOMEWORK)) { const tdocs = await contest.getMulti(domainId, {}, document.TYPE_HOMEWORK) .sort('beginAt', -1) .limit(system.get('pagination.homework_main')) .toArray(); const tsdict = await contest.getListStatus( domainId, this.user._id, tdocs.map((tdoc) => tdoc.docId), document.TYPE_HOMEWORK, ); return [tdocs, tsdict]; } return [[], {}]; } async contest(domainId: string) { if (this.user.hasPerm(PERM.PERM_VIEW_CONTEST)) { const tdocs = await contest.getMulti(domainId) .sort('beginAt', -1) .limit(system.get('pagination.contest_main')) .toArray(); const tsdict = await contest.getListStatus( domainId, this.user._id, tdocs.map((tdoc) => tdoc.docId), ); return [tdocs, tsdict]; } return [[], {}]; } async training(domainId: string) { if (this.user.hasPerm(PERM.PERM_VIEW_TRAINING)) { const tdocs = await training.getMulti(domainId) .sort('_id', 1) .limit(system.get('pagination.training_main')) .toArray(); const tsdict = await training.getListStatus( domainId, this.user._id, tdocs.map((tdoc) => tdoc.docId), ); return [tdocs, tsdict]; } return [[], {}]; } async discussion(domainId: string): Promise<[any[], any]> { if (this.user.hasPerm(PERM.PERM_VIEW_DISCUSSION)) { const ddocs = await discussion.getMulti(domainId) .limit(system.get('pagination.discussion_main')) .toArray(); const vndict = await discussion.getListVnodes( domainId, ddocs, this.user.hasPerm(PERM.PERM_VIEW_PROBLEM_HIDDEN), ); return [ddocs, vndict]; } return [[], {}]; } async get({ domainId }) { const [ [htdocs, htsdict], [tdocs, tsdict], [trdocs, trsdict], [ddocs, vndict], ] = await Promise.all([ this.homework(domainId), this.contest(domainId), this.training(domainId), this.discussion(domainId), ]); const [udict, dodoc, vnodes] = await Promise.all([ user.getList(domainId, ddocs.map((ddoc) => ddoc.owner)), domain.get(domainId), discussion.getNodes(domainId), ]); this.response.template = 'main.html'; this.response.body = { htdocs, htsdict, tdocs, tsdict, trdocs, trsdict, ddocs, vndict, udict, domain: dodoc, vnodes, }; } } class HomeSecurityHandler extends Handler { async get() { // TODO(iceboy): pagination? or limit session count for uid? const sessions = await token.getSessionListByUid(this.user._id); for (const session of sessions) { session.isCurrent = session._id === this.session._id; session._id = md5(session._id); if (useragent) session.updateUa = useragent.parse(session.updateUa || session.createUa || ''); if (geoip) { session.updateGeoip = geoip.lookup( session.updateIp || session.createIp, this.translate('geoip_locale'), ); } } const path = [ ['Hydro', 'homepage'], ['home_security', null], ]; this.response.template = 'home_security.html'; this.response.body = { sessions, geoipProvider: geoip?.provider, path }; if (useragent) this.response.body.icon = useragent.icon; } @param('current', Types.String) @param('password', Types.String, isPassword) @param('verifyPassword', Types.String) async postChangePassword(_: string, current: string, password: string, verify: string) { if (password !== verify) throw new VerifyPasswordError(); this.user.checkPassword(current); await user.setPassword(this.user._id, password); await token.delByUid(this.user._id); this.response.redirect = this.url('user_login'); } @param('currentPassword', Types.String) @param('mail', Types.Name, isEmail) async postChangeMail(domainId: string, current: string, email: string) { await this.limitRate('send_mail', 3600, 30); this.user.checkPassword(current); const udoc = await user.getByEmail(domainId, email); if (udoc) throw new UserAlreadyExistError(email); const [code] = await token.add( token.TYPE_CHANGEMAIL, system.get('session.unsaved_expire_seconds'), { uid: this.user._id, email }, ); const m = await this.renderHTML('user_changemail_mail.html', { path: `home/changeMail/${code}`, uname: this.user.uname, url_prefix: system.get('server.url'), }); await mail.sendMail(email, 'Change Email', 'user_changemail_mail', m); this.response.template = 'user_changemail_mail_sent.html'; } @param('tokenDigest', Types.String) async postDeleteToken(domainId: string, tokenDigest: string) { const sessions = await token.getSessionListByUid(this.user._id); for (const session of sessions) { if (tokenDigest === md5(session._id)) { // eslint-disable-next-line no-await-in-loop await token.del(session._id, token.TYPE_SESSION); return this.back(); } } throw new InvalidTokenError(tokenDigest); } async postDeleteAllTokens() { await token.delByUid(this.user._id); this.response.redirect = this.url('user_login'); } } class HomeSettingsHandler extends Handler { @param('category', Types.Name) async get(domainId: string, category: string) { const path = [ ['Hydro', 'homepage'], [`home_${category}`, null], ]; this.response.template = 'home_settings.html'; this.response.body = { category, page_name: `home_${category}`, current: this.user, path, }; if (category === 'preference') { this.response.body.settings = setting.PREFERENCE_SETTINGS; } else if (category === 'account') { this.response.body.settings = setting.ACCOUNT_SETTINGS; } else if (category === 'domain') { this.response.body.settings = setting.DOMAIN_USER_SETTINGS; } else throw new NotFoundError(category); } async post(args: any) { const $set = {}; if (args.category === 'domain') { for (const key in args) { if (setting.DOMAIN_USER_SETTINGS_BY_KEY[key] && !(setting.DOMAIN_USER_SETTINGS_BY_KEY[key].flag & setting.FLAG_DISABLED)) { $set[key] = args[key]; } } await domain.setUserInDomain(args.domainId, this.user._id, $set); } else { for (const key in args) { if (setting.SETTINGS_BY_KEY[key] && !(setting.SETTINGS_BY_KEY[key].flag & setting.FLAG_DISABLED)) { $set[key] = args[key]; } } await user.setById(this.user._id, $set); } this.back(); } } class UserChangemailWithCodeHandler extends Handler { @param('code', Types.String) async get(domainId: string, code: string) { const tdoc = await token.get(code, token.TYPE_CHANGEMAIL); if (!tdoc || tdoc.uid !== this.user._id) { throw new InvalidTokenError(code); } const udoc = await user.getByEmail(domainId, tdoc.email); if (udoc) throw new UserAlreadyExistError(tdoc.email); await Promise.all([ user.setEmail(this.user._id, tdoc.email), token.del(code, token.TYPE_CHANGEMAIL), ]); this.response.redirect = this.url('home_security'); } } class HomeDomainHandler extends Handler { async get() { const path = [ ['Hydro', 'homepage'], ['home_domain', null], ]; const dudict = await domain.getDictUserByDomainId(this.user._id); const dids = Object.keys(dudict); const ddocs = await domain.getMulti({ _id: { $in: dids } }).toArray(); const canManage = {}; for (const ddoc of ddocs) { // eslint-disable-next-line no-await-in-loop const udoc = await user.getById(ddoc._id, this.user._id); canManage[ddoc._id] = udoc.hasPerm(PERM.PERM_EDIT_DOMAIN) || udoc.hasPriv(PRIV.PRIV_MANAGE_ALL_DOMAIN); } this.response.template = 'home_domain.html'; this.response.body = { ddocs, dudict, canManage, path, }; } } class HomeDomainCreateHandler extends Handler { async get() { this.response.body = { path: [ ['Hydro', 'homepage'], ['domain_create', null], ], }; this.response.template = 'domain_create.html'; } @param('id', Types.Name) @param('name', Types.Title) @param('bulletin', Types.Content) @param('gravatar', Types.Content, true, isEmail) async post(_: string, id: string, name: string, bulletin: string, gravatar: string) { const doc = await domain.get(id); if (doc) throw new DomainAlreadyExistsError(id); gravatar = gravatar || this.user.gravatar || this.user.mail || 'guest@hydro.local'; const domainId = await domain.add(id, this.user._id, name, bulletin); await domain.edit(domainId, { gravatar }); await domain.setUserRole(domainId, this.user._id, 'root'); this.response.redirect = this.url('domain_dashboard', { domainId }); this.response.body = { domainId }; } } class HomeMessagesHandler extends Handler { async get() { // TODO(iceboy): projection, pagination. const messages = await message.getByUser(this.user._id); const uids = new Set([ ...messages.map((mdoc) => mdoc.from), ...messages.map((mdoc) => mdoc.to), ]); const udict = await user.getList('system', Array.from(uids)); // TODO(twd2): improve here: const parsed = {}; for (const m of messages) { const target = m.from === this.user._id ? m.to : m.from; if (!parsed[target]) { parsed[target] = { _id: target, udoc: { ...udict[target], gravatar: misc.gravatar(udict[target].gravatar) }, messages: [], }; } parsed[target].messages.push(m); } const path = [ ['Hydro', 'homepage'], ['home_messages', null], ]; await user.setById(this.user._id, { unreadMsg: 0 }); this.response.body = { messages: parsed, path }; this.response.template = 'home_messages.html'; } @param('uid', Types.Int) @param('content', Types.Content) async postSend(domainId: string, uid: number, content: string) { const udoc = await user.getById('system', uid); if (!udoc) throw new UserNotFoundError(uid); if (udoc.gravatar) udoc.gravatar = misc.gravatar(udoc.gravatar); const mdoc = await message.send(this.user._id, uid, content, message.FLAG_UNREAD); this.back({ mdoc, udoc }); } @param('messageId', Types.ObjectID) async postDeleteMessage(domainId: string, messageId: ObjectID) { const msg = await message.get(messageId); if ([msg.from, msg.to].includes(this.user._id)) await message.del(messageId); else throw new PermissionError(); this.back(); } @param('messageId', Types.ObjectID) async postRead(domainId: string, messageId: ObjectID) { const msg = await message.get(messageId); if ([msg.from, msg.to].includes(this.user._id)) { await message.setFlag(messageId, message.FLAG_UNREAD); } else throw new PermissionError(); this.back(); } } class HomeMessagesConnectionHandler extends ConnectionHandler { dispose: bus.Disposable; async prepare() { this.dispose = bus.on('user/message', this.onMessageReceived.bind(this)); } async onMessageReceived(uid: number, mdoc: Mdoc) { if (uid !== this.user._id) return; const udoc = await user.getById(this.domainId, mdoc.from); udoc.gravatar_url = misc.gravatar(udoc.gravatar, 64); this.send({ udoc, mdoc }); } async cleanup() { if (this.dispose) this.dispose(); } } async function apply() { Route('homepage', '/', HomeHandler); Route('home_security', '/home/security', HomeSecurityHandler, PRIV.PRIV_USER_PROFILE); Route('user_changemail_with_code', '/home/changeMail/:code', UserChangemailWithCodeHandler, PRIV.PRIV_USER_PROFILE); Route('home_settings', '/home/settings/:category', HomeSettingsHandler, PRIV.PRIV_USER_PROFILE); Route('home_domain', '/home/domain', HomeDomainHandler, PRIV.PRIV_USER_PROFILE); Route('home_domain_create', '/home/domain/create', HomeDomainCreateHandler, PRIV.PRIV_CREATE_DOMAIN); Route('home_messages', '/home/messages', HomeMessagesHandler, PRIV.PRIV_USER_PROFILE); Connection('home_messages_conn', '/home/messages-conn', HomeMessagesConnectionHandler, PRIV.PRIV_USER_PROFILE); } global.Hydro.handler.home = module.exports = apply;