/* eslint-disable no-throw-literal */ /* eslint-env es6 */ /* eslint-disable no-multi-str */ const Router = require('koa-router') const router = new Router() // import tools const crypto = require('../../libs/crypto.js') // const so = require('../../libs/storeObject') const mongo = require('../../libs/mongo_model.js') const mem = require('../../libs/memcache_lib') const msgMng = require('./MsgManager') const sendmail = require('../../libs/sendmail') router .post('/user', async(c, n) => { let arr = c.request.body if (!arr.data) throw 'CE0000' if (!arr.data.account) throw 'CE0001' if (!arr.data.password) throw 'CE00002' if (!arr.data.name) throw 'CE0004' if (!arr.data.email) throw 'CE0005' try { let query = 'select count(*) as c from ??.?? where `account` = ?' let param = ['lora', 'user', arr.data.account] let count = await c.syncQuery(query, param) if (count.length === 0) throw 'SE0000' if (count[0].c > 0) throw 'CE0006' } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0000' } let uid = 0 try { let query = 'insert into ??.?? (`account`, `password`, `name`, `email`) values (?, ?, ?, ?)' let param = ['lora', 'user', arr.data.account, arr.data.password, arr.data.name, arr.data.email] let indata = await c.syncQuery(query, param) uid = indata.insertId } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0001' } c.body = { record: [{ uid }] } }) .get('/user/:uid', async(c, n) => { if (!await mongo.Token.checkToken(c.token)) throw 'CE1000' try { let t = await mongo.Token.getToken(c.token) if (t.object.uid !== c.params.uid) throw 'CE2000' } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0000' } try { let user = await c.syncQuery('select `uid`,`account`,`name`,`email` from ??.?? where `uid` = ?', ['lora', 'user', c.params.uid]) c.body = { record: user } } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0000' } }) .put('/user/:uid', async(c, n) => { if (!await mongo.Token.checkToken(c.token)) throw 'CE1000' let arr = c.request.body if (!arr.data) throw 'CE0000' if (!arr.data.name) throw 'CE0004' if (!arr.data.email) throw 'CE0005' try { let t = await mongo.Token.getToken(c.token) if (t.object.uid !== c.params.uid) throw 'CE2000' } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0000' } try { let query = 'update ??.?? set \ `name` = ?, \ `email` = ?' + (arr.data.password ? ',' : '') + ' \ ' + (arr.data.password ? '`password` = ?, ' : '') + ' \ where \ `uid` = ?' let param = ['lora', 'user', arr.data.name, arr.data.email] if (arr.data.password) param.push(crypto.genPassHash(arr.data.password)) param.push(c.params.uid) await c.syncQuery(query, param) } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0002' } c.body = { record: [] } }) .post('/login', async(c, n) => { let arr = c.request.body if (!arr.data) throw 'CE0000' if (!arr.data.account) throw 'CE0001' if (!arr.data.password) throw 'CE0002' try { let user = await c.syncQuery('select `uid`,`account`,`password`,`name`,`email` from ??.?? where `account` = ?', ['lora', 'user', arr.data.account]) if (user.length === 0) throw 'CE0003' if (!crypto.comparePass(arr.data.password, user[0].password)) throw 'CE0003' delete user[0].password c.body = { record: user } } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0000' } let u = c.body.record[0] let token = new mongo.Token({ object: u, expire: Date.now() + 86400000 }) token.save() c.body.rt = { token: { id: token._id } } }) .post('/forgotpass', async(c, n) => { let arr = c.request.body if (!arr.data) throw 'CE0000' if (!arr.data.account) throw 'CE0001' if (!arr.data.email) throw 'CE0005' let user = [] try { let query = 'select * from ??.?? where `account` = ? and `email` = ?' let param = ['lora', 'user', arr.data.account, arr.data.email] user = await c.syncQuery(query, param) } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0001' } if (user.length === 0) throw 'CE0007' let randomToken = crypto.random(10) try { await mem.setVal(randomToken, JSON.stringify(user[0]), 7200) } catch (err) { c.serr = err throw 'SE0005' } try { await sendmail(user[0].email, msgMng.getMailTemplate('forgotpass', c.headers['accept-language']), [randomToken]) } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0006' } c.body = { record: [] } }) .put('/resetpass', async(c, n) => { let arr = c.request.body if (!arr.data) throw 'CE0000' if (!arr.data.account) throw 'CE0001' if (arr.data.resettype !== 'pass' && arr.data.resettype !== 'token') throw 'CE0008' if (arr.data.resettype === 'pass') { if (!arr.data.password) throw 'CE0002' } else { if (!arr.data.token) throw 'CE0009' } if (!arr.data.newpass) throw 'CE0002' if (arr.data.resettype === 'token') { try { let data = await mem.getVal(arr.data.token) if (!data) throw 'CE1000' let dataJson = JSON.parse(data) if (dataJson.account !== arr.data.account) throw 'CE1000' } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'CE1000' } } else { if (!await mongo.Token.checkToken(c.headers['x-auth-token'] || '')) throw 'CE1000' let token = await mongo.Token.getToken(c.headers['x-auth-token'] || '') if (token.object.account !== arr.data.account) throw 'CE2000' try { let query = 'select `password` from ??.?? where `account` = ?' let param = ['lora', 'user', arr.data.account] let data = await c.syncQuery(query, param) if (data.length === 0) throw 'CE0007' if (!crypto.comparePass(arr.data.password, data[0].password)) throw 'CE0010' } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0001' } } let newpass = crypto.genPassHash(arr.data.newpass) try { let query = 'update ??.?? set `password` = ? where `account` = ?' let param = ['lora', 'user', newpass, arr.data.account] await c.syncQuery(query, param) } catch (err) { if (typeof err === 'string') throw err c.serr = err throw 'SE0002' } c.body = { record: [] } }) module.exports = router