coop-cloud-chaos-patchs/outline
coop-cloud-chaos-patchs
/
outline
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2022-08-14. You can view files and clone it, but cannot push or open issues or pull requests.
outline/server/api/user.js

169 lines
4.2 KiB
JavaScript
Raw Blame History

// @flow
import uuid from 'uuid';
import Router from 'koa-router';
import { makePolicy, signPolicy, publicS3Endpoint } from '../utils/s3';
import { ValidationError } from '../errors';
import { Event, User, Team } from '../models';
import auth from '../middlewares/authentication';
import { presentUser } from '../presenters';
import policy from '../policies';
const { authorize } = policy;
const router = new Router();
router.post('user.info', auth(), async ctx => {
ctx.body = { data: await presentUser(ctx, ctx.state.user) };
});
router.post('user.update', auth(), async ctx => {
const { user } = ctx.state;
const { name, avatarUrl } = ctx.body;
const endpoint = publicS3Endpoint();
if (name) user.name = name;
if (
avatarUrl &&
avatarUrl.startsWith(`${endpoint}/uploads/${ctx.state.user.id}`)
)
user.avatarUrl = avatarUrl;
await user.save();
ctx.body = { data: await presentUser(ctx, user) };
});
router.post('user.s3Upload', auth(), async ctx => {
const { filename, kind, size } = ctx.body;
ctx.assertPresent(filename, 'filename is required');
ctx.assertPresent(kind, 'kind is required');
ctx.assertPresent(size, 'size is required');
const s3Key = uuid.v4();
const key = `uploads/${ctx.state.user.id}/${s3Key}/${filename}`;
const policy = makePolicy();
const endpoint = publicS3Endpoint();
const url = `${endpoint}/${key}`;
await Event.create({
name: 'user.s3Upload',
data: {
filename,
kind,
size,
url,
},
teamId: ctx.state.user.teamId,
userId: ctx.state.user.id,
});
ctx.body = {
data: {
maxUploadSize: process.env.AWS_S3_UPLOAD_MAX_SIZE,
uploadUrl: endpoint,
form: {
AWSAccessKeyId: process.env.AWS_ACCESS_KEY_ID,
'Cache-Control': 'max-age=31557600',
'Content-Type': kind,
key,
acl: 'public-read',
signature: signPolicy(policy),
policy,
},
asset: {
contentType: kind,
name: filename,
url,
size,
},
},
};
});
// Admin specific
router.post('user.promote', auth(), async ctx => {
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'promote', user);
const team = await Team.findById(teamId);
await team.addAdmin(user);
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
router.post('user.demote', auth(), async ctx => {
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'demote', user);
const team = await Team.findById(teamId);
try {
await team.removeAdmin(user);
} catch (err) {
throw new ValidationError(err.message);
}
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
/**
* Suspend user
*
* Admin can suspend users to reduce the number of accounts on their billing plan
*/
router.post('user.suspend', auth(), async ctx => {
const admin = ctx.state.user;
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'suspend', user);
const team = await Team.findById(teamId);
try {
await team.suspendUser(user, admin);
} catch (err) {
throw new ValidationError(err.message);
}
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
/**
* Activate user
*
* Admin can activate users to let them access resources. These users will also
* account towards the billing plan limits.
*/
router.post('user.activate', auth(), async ctx => {
const admin = ctx.state.user;
const userId = ctx.body.id;
const teamId = ctx.state.user.teamId;
ctx.assertPresent(userId, 'id is required');
const user = await User.findById(userId);
authorize(ctx.state.user, 'activate', user);
const team = await Team.findById(teamId);
await team.activateUser(user, admin);
ctx.body = {
data: presentUser(ctx, user, { includeDetails: true }),
};
});
export default router;
Reference in New Issue View Git Blame Copy Permalink