initial commit

Author: marcushultman

.clang-format

@@ -0,0 +1,4 @@
+---
+Language:        JavaScript
+BasedOnStyle:    Google
+ColumnLimit:     100

.gitignore

@@ -0,0 +1,65 @@
+
+# Created by https://www.gitignore.io/api/node,bower
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+
+# End of https://www.gitignore.io/api/node,bower
+
+# server configuration
+config/
+
+# pm2 process manifest
+process.json

API.md

@@ -0,0 +1,36 @@
+== API description (v2) ==
+
+/images - image of what ever is in ?tag=
+
+Token authenticated:
+/token - token info
+/users - add user (POST)
+/stores - add store (POST)
+
+User authenticated:
+/users - (admin) all users
+/users/:id - (admin/me) one user
+/users/:id/password - (me) change password
+/users/:id/codes - (me) all my codes, add code
+/users/:id/codes/:code - (me) remove code
+/products - (admin) all products (GET)
+/products/:id - (admin) one product (GET)
+/purchases - my purchases across stores (GET)
+/purchases/count - number of purchases I've made (GET)
+/stores - all stores I have access to {id, name, admin}
+/stores/:id - one store {id, name, debt}
+/stores/:id/products - items in this store
+/stores/:id/purchases - purchase in this store (POST)
+/stores/:id/users - (admin) users [{user, debt}]
+/stores/:id/accesses - (admin) accesses [{user, level}]
+
+Store authenticated:
+/codes/:code - (item/user) item or user in this store
+/users - users of this store {id, name, debt}
+/users/:id - one user of this store {id, name, debt}
+/users/:id/codes - add code (with a previous code as identification)
+/products - all items in this store
+/products/:id - (admin) one item in this store
+/purchases - purchase in this store
+/purchases/count - number of purchases in this store (GET)
+/stores/:id - (this) - this store info

app/account_management.js

@@ -0,0 +1,84 @@
+const bcrypt = require('bcrypt');
+const config = require('config');
+const express = require('express');
+const jwt = require('jsonwebtoken');
+const path = require('path');
+
+const auth = require('./auth');
+const send_mail = require('./mail');
+
+const User = require('./models/user');
+
+const api = express.Router();
+
+const auth_token = auth.token('User');
+
+// Deprecated. Old emails may contain valid tokens with a link to here
+api.get('/user', (req, res) => res.redirect(`/signup?token=${req.query.token || ''}`));
+
+api.route('/signup')
+.get(auth_token, (req, res) => res.sendFile(path.join(__dirname, '../static/private', 'signup.html')))
+.post(auth_token, (req, res, next) => {
+  if (!req.body.name || !req.body.email || !req.body.password) {
+    return next(400);
+  }
+  let name = req.body.name;
+  let email = req.body.email.toLowerCase();
+  let password = req.body.password;
+  User.count({email}).exec()
+  .then(count => !count || Promise.reject(new Error('User already registered')))
+  .then(() => bcrypt.hash(password, 8))
+  .then(passwordhash => jwt.sign({name, email, passwordhash}, config.secret))
+  .then(token => {
+    const link = `${config.server}/activate?token=${token}`;
+    return send_mail.userActivate({to: email}, {link})
+    .then(() => req.token.consume(email, token));
+  })
+  .then(() => res.redirect('/login'))
+  .catch(err => next(err));
+});
+
+const update = express.Router();
+update.put('/email', auth.authenticate, (req, res, next) => {
+  if (!req.body.email) {
+    return next(400);
+  }
+  const email = req.body.email.toLowerCase();
+  if (email === req.user.email) {
+    return next(400);
+  }
+  const id = req.user.id;
+  const token = jwt.sign({id, update: {$set: {email}}}, config.secret);
+  const link = `${config.server}/confirm?token=${token}`;
+  send_mail.emailConfirm({to: email}, {link})
+  .then(() => res.status(204).end())
+  .catch(err => next(err));
+})
+update.put('/password', auth.authenticate, (req, res, next) => {
+  if (!req.body.old || req.body.password == req.body.old) {
+    return next(400);
+  }
+  req.user.validPassword(req.body.old)
+  .catch(() => Promise.reject(401))
+  .then(user => user.setPassword(req.body.password))
+  .then(user => user.save())
+  .then(() => next())
+  .catch(err => next(err));
+}, auth.login, (req, res) => res.end());
+update.use(auth.catch);
+api.use('/update', update);
+
+api.get('/activate', (req, res, next) => {
+  const user = jwt.verify(req.query.token, config.secret);
+  new User(user).save()
+  .then(() => res.redirect('/login'))
+  .catch(err => next(err));
+});
+api.get('/confirm', (req, res, next) => {
+  const payload = jwt.verify(req.query.token, config.secret);
+  User.findByIdAndUpdate(payload.id, payload.update).exec()
+  .then(() => res.redirect('/login'))
+  .catch(err => next(err));
+});
+
+module.exports = api;

app/api/private.js

@@ -0,0 +1,69 @@
+const config = require('config');
+const express = require('express');
+const fs = require('fs');
+const multer = require('multer');
+const request = require('request');
+const JSONStream = require('JSONStream');
+const auth = require('../auth');
+
+const Image = require('../models/image');
+const Product = require('../models/product');
+
+const api = express.Router();
+const upload = multer({dest: '/tmp/'});
+
+api.route('/products/:id/images/:image_id')
+.get((req, res, next) => {
+  Product.findById(req.params.id).exec()
+  .then(product => product || Promise.reject(404))
+  .then(product => {
+    if (product.image) {
+      return res.redirect(`/api/v1/images/${product.image}`);
+    }
+    const words = product.name.split(' ');
+    let name = '', i = 0;
+    while (name.length < 6 && i < words.length) {
+      name += words[i++];
+    }
+    const tag = encodeURIComponent(name.replace(/[^0-9a-zåäöA-ZÅÄÖ_]/g, ''));
+    const instagram = `https://api.instagram.com/v1/tags/${tag}/media/recent?count=1&access_token=${config.instagram && config.instagram.token}`;
+    request(instagram)
+        .pipe(JSONStream.parse('data.*', data => data.images.low_resolution.url))
+        .on('data', url => res.redirect(url))
+        .on('end', () => res.headersSent || res.end());
+  });
+})
+.post(upload.single('image'), (req, res, next) => {
+  Product.findById(req.params.id).exec()
+  .then(product => product || Promise.reject(404))
+  .then(product => {
+    return new Promise((resolve, reject) => {
+      fs.readFile(req.file.path, (err, data) => {
+        if (err) {
+          return reject(err.message);
+        }
+        const contentType = req.file.mimetype;
+        const log = {email: req.user.email};
+        const image = new Image({data, contentType, updatedAt: [log]});
+        product.image = image._id;
+        resolve(Promise.all([product.save(), image.save()]));
+      })
+    })
+  })
+  .then(() => res.status(204).end())
+  .catch(err => next(err));
+});
+
+api.route('/images/:id')
+.get((req, res, next) => {
+  Image.findById(req.params.id).exec()
+  .then(image => image || Promise.reject(404))
+  .then(image => {
+    res.contentType(image.contentType);
+    res.send(image.data);
+  })
+});
+
+api.use(auth.catch);
+
+module.exports = api;

app/api/public.js

@@ -0,0 +1,35 @@
+const express = require('express');
+const auth = require('../auth');
+
+const User = require('../models/user');
+const Store = require('../models/store');
+
+const api = express.Router();
+
+api.get('/users/:id/jwt', auth.dev, (req, res, next) => {
+  User.findById(req.params.id)
+      .exec()
+      .then(user => user || Promise.reject(404))
+      .then(user => auth.jwt(User.modelName, user.id, user.passwordhash))
+      .then(jwt => res.send(jwt))
+      .catch(err => next(err));
+}, auth.next);
+api.get('/stores/:id/jwt', auth.dev, (req, res, next) => {
+  Store.findById(req.params.id)
+      .exec()
+      .then(store => store || Promise.reject(404))
+      .then(store => auth.jwt(Store.modelName, store.id))
+      .then(jwt => res.send(jwt))
+      .catch(err => next(err));
+}, auth.next);
+
+api.get('/tokens/:token', auth.token(), (req, res, next) => {
+  const type = req.token.type;
+  const capacity = req.token.capacity;
+  const total = capacity + req.token.__v;
+  res.json({type, capacity, total});
+});
+
+api.use(auth.catch);
+
+module.exports = api;