2017-11-16 06:56:40 +00:00
|
|
|
// @flow
|
2016-05-20 06:51:22 +00:00
|
|
|
import uuid from 'uuid';
|
2016-04-29 05:25:37 +00:00
|
|
|
import Router from 'koa-router';
|
2017-12-11 06:58:52 +00:00
|
|
|
import { makePolicy, signPolicy, publicS3Endpoint } from '../utils/s3';
|
2018-03-04 23:38:51 +00:00
|
|
|
import { ValidationError } from '../errors';
|
|
|
|
|
import { Event, User, Team } from '../models';
|
2018-05-28 18:36:37 +00:00
|
|
|
import auth from '../middlewares/authentication';
|
2018-12-05 06:24:30 +00:00
|
|
|
import pagination from './middlewares/pagination';
|
2016-04-29 05:25:37 +00:00
|
|
|
import { presentUser } from '../presenters';
|
2018-03-04 23:38:51 +00:00
|
|
|
import policy from '../policies';
|
2016-04-29 05:25:37 +00:00
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
const { authorize } = policy;
|
2016-04-29 05:25:37 +00:00
|
|
|
const router = new Router();
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.list', auth(), pagination(), async ctx => {
|
|
|
|
|
const user = ctx.state.user;
|
|
|
|
|
|
|
|
|
|
const users = await User.findAll({
|
|
|
|
|
where: {
|
|
|
|
|
teamId: user.teamId,
|
|
|
|
|
},
|
|
|
|
|
order: [['createdAt', 'DESC']],
|
|
|
|
|
offset: ctx.state.pagination.offset,
|
|
|
|
|
limit: ctx.state.pagination.limit,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
pagination: ctx.state.pagination,
|
|
|
|
|
data: users.map(listUser =>
|
|
|
|
|
presentUser(ctx, listUser, { includeDetails: user.isAdmin })
|
|
|
|
|
),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
router.post('users.info', auth(), async ctx => {
|
2016-08-15 10:51:26 +00:00
|
|
|
ctx.body = { data: await presentUser(ctx, ctx.state.user) };
|
2016-05-20 06:51:22 +00:00
|
|
|
});
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.update', auth(), async ctx => {
|
2017-12-03 08:00:23 +00:00
|
|
|
const { user } = ctx.state;
|
2017-12-14 07:17:08 +00:00
|
|
|
const { name, avatarUrl } = ctx.body;
|
2017-12-14 07:32:45 +00:00
|
|
|
const endpoint = publicS3Endpoint();
|
2017-12-03 08:00:23 +00:00
|
|
|
|
|
|
|
|
if (name) user.name = name;
|
2018-05-31 19:44:32 +00:00
|
|
|
if (avatarUrl && avatarUrl.startsWith(`${endpoint}/uploads/${user.id}`)) {
|
2017-12-14 07:17:08 +00:00
|
|
|
user.avatarUrl = avatarUrl;
|
2018-05-31 19:44:32 +00:00
|
|
|
}
|
|
|
|
|
|
2017-12-03 08:00:23 +00:00
|
|
|
await user.save();
|
|
|
|
|
|
2018-05-31 19:57:04 +00:00
|
|
|
ctx.body = { data: await presentUser(ctx, user, { includeDetails: true }) };
|
2017-12-03 08:00:23 +00:00
|
|
|
});
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.s3Upload', auth(), async ctx => {
|
2016-08-14 10:04:47 +00:00
|
|
|
const { filename, kind, size } = ctx.body;
|
2016-05-20 06:51:22 +00:00
|
|
|
ctx.assertPresent(filename, 'filename is required');
|
|
|
|
|
ctx.assertPresent(kind, 'kind is required');
|
|
|
|
|
ctx.assertPresent(size, 'size is required');
|
|
|
|
|
|
|
|
|
|
const s3Key = uuid.v4();
|
2017-10-31 05:35:30 +00:00
|
|
|
const key = `uploads/${ctx.state.user.id}/${s3Key}/${filename}`;
|
2016-05-20 06:51:22 +00:00
|
|
|
const policy = makePolicy();
|
2017-12-11 06:58:52 +00:00
|
|
|
const endpoint = publicS3Endpoint();
|
2017-12-14 07:17:08 +00:00
|
|
|
const url = `${endpoint}/${key}`;
|
|
|
|
|
|
|
|
|
|
await Event.create({
|
|
|
|
|
name: 'user.s3Upload',
|
|
|
|
|
data: {
|
|
|
|
|
filename,
|
|
|
|
|
kind,
|
|
|
|
|
size,
|
|
|
|
|
url,
|
|
|
|
|
},
|
|
|
|
|
teamId: ctx.state.user.teamId,
|
|
|
|
|
userId: ctx.state.user.id,
|
|
|
|
|
});
|
2016-05-20 06:51:22 +00:00
|
|
|
|
2017-04-27 04:47:03 +00:00
|
|
|
ctx.body = {
|
|
|
|
|
data: {
|
|
|
|
|
maxUploadSize: process.env.AWS_S3_UPLOAD_MAX_SIZE,
|
2017-12-11 06:58:52 +00:00
|
|
|
uploadUrl: endpoint,
|
2017-04-27 04:47:03 +00:00
|
|
|
form: {
|
|
|
|
|
AWSAccessKeyId: process.env.AWS_ACCESS_KEY_ID,
|
|
|
|
|
'Cache-Control': 'max-age=31557600',
|
|
|
|
|
'Content-Type': kind,
|
|
|
|
|
key,
|
|
|
|
|
acl: 'public-read',
|
|
|
|
|
signature: signPolicy(policy),
|
|
|
|
|
policy,
|
|
|
|
|
},
|
|
|
|
|
asset: {
|
|
|
|
|
contentType: kind,
|
|
|
|
|
name: filename,
|
2017-12-14 07:17:08 +00:00
|
|
|
url,
|
2017-04-27 04:47:03 +00:00
|
|
|
size,
|
|
|
|
|
},
|
2016-05-20 06:51:22 +00:00
|
|
|
},
|
2017-04-27 04:47:03 +00:00
|
|
|
};
|
2016-04-29 05:25:37 +00:00
|
|
|
});
|
|
|
|
|
|
2018-03-04 23:38:51 +00:00
|
|
|
// Admin specific
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.promote', auth(), async ctx => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
|
|
|
|
ctx.assertPresent(userId, 'id is required');
|
|
|
|
|
|
|
|
|
|
const user = await User.findById(userId);
|
|
|
|
|
authorize(ctx.state.user, 'promote', user);
|
|
|
|
|
|
|
|
|
|
const team = await Team.findById(teamId);
|
|
|
|
|
await team.addAdmin(user);
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(ctx, user, { includeDetails: true }),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.demote', auth(), async ctx => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
|
|
|
|
ctx.assertPresent(userId, 'id is required');
|
|
|
|
|
|
|
|
|
|
const user = await User.findById(userId);
|
|
|
|
|
authorize(ctx.state.user, 'demote', user);
|
|
|
|
|
|
|
|
|
|
const team = await Team.findById(teamId);
|
|
|
|
|
try {
|
|
|
|
|
await team.removeAdmin(user);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
throw new ValidationError(err.message);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(ctx, user, { includeDetails: true }),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Suspend user
|
|
|
|
|
*
|
|
|
|
|
* Admin can suspend users to reduce the number of accounts on their billing plan
|
|
|
|
|
*/
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.suspend', auth(), async ctx => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const admin = ctx.state.user;
|
|
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
2018-03-05 00:53:57 +00:00
|
|
|
ctx.assertPresent(userId, 'id is required');
|
2018-03-04 23:38:51 +00:00
|
|
|
|
|
|
|
|
const user = await User.findById(userId);
|
|
|
|
|
authorize(ctx.state.user, 'suspend', user);
|
|
|
|
|
|
|
|
|
|
const team = await Team.findById(teamId);
|
|
|
|
|
try {
|
|
|
|
|
await team.suspendUser(user, admin);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
throw new ValidationError(err.message);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(ctx, user, { includeDetails: true }),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Activate user
|
|
|
|
|
*
|
|
|
|
|
* Admin can activate users to let them access resources. These users will also
|
|
|
|
|
* account towards the billing plan limits.
|
|
|
|
|
*/
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.activate', auth(), async ctx => {
|
2018-03-04 23:38:51 +00:00
|
|
|
const admin = ctx.state.user;
|
|
|
|
|
const userId = ctx.body.id;
|
|
|
|
|
const teamId = ctx.state.user.teamId;
|
2018-03-05 00:53:57 +00:00
|
|
|
ctx.assertPresent(userId, 'id is required');
|
2018-03-04 23:38:51 +00:00
|
|
|
|
|
|
|
|
const user = await User.findById(userId);
|
|
|
|
|
authorize(ctx.state.user, 'activate', user);
|
|
|
|
|
|
|
|
|
|
const team = await Team.findById(teamId);
|
|
|
|
|
await team.activateUser(user, admin);
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
data: presentUser(ctx, user, { includeDetails: true }),
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2018-12-05 06:24:30 +00:00
|
|
|
router.post('users.delete', auth(), async ctx => {
|
2018-07-07 22:38:22 +00:00
|
|
|
const { confirmation } = ctx.body;
|
|
|
|
|
ctx.assertPresent(confirmation, 'confirmation is required');
|
|
|
|
|
|
|
|
|
|
const user = ctx.state.user;
|
|
|
|
|
authorize(user, 'delete', user);
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await user.destroy();
|
|
|
|
|
} catch (err) {
|
|
|
|
|
throw new ValidationError(err.message);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx.body = {
|
|
|
|
|
success: true,
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
2016-07-22 07:11:54 +00:00
|
|
|
export default router;
|
