swaf/src/helpers/BackendController.ts

import config from "config";
import Controller from "../Controller";
import {REQUIRE_ADMIN_MIDDLEWARE, REQUIRE_AUTH_MIDDLEWARE} from "../auth/AuthComponent";
import User from "../auth/models/User";
import {Request, Response} from "express";
import {BadRequestError, NotFoundHttpError} from "../HttpError";
import Mail from "../Mail";
import {ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE} from "../Mails";
import UserEmail from "../auth/models/UserEmail";

export default class BackendController extends Controller {
    getRoutesPrefix(): string {
        return '/backend';
    }

    routes(): void {
        this.get('/', this.getIndex, 'backend', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
        if (User.isApprovalMode()) {
            this.get('/accounts-approval', this.getAccountApproval, 'accounts-approval', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
            this.post('/accounts-approval/approve', this.postApproveAccount, 'approve-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
            this.post('/accounts-approval/reject', this.postRejectAccount, 'reject-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
        }
    }

    public async getIndex(req: Request, res: Response): Promise<void> {
        res.render('backend/index', {
            approval_mode: User.isApprovalMode(),
            accounts_to_approve: User.isApprovalMode() ? await User.select().count() : 0,
        });
    }

    public async getAccountApproval(req: Request, res: Response): Promise<void> {
        const accounts = await User.select().where('approved', 0).with('mainEmail').get();
        res.render('backend/accounts_approval', {
            accounts: User.isApprovalMode() ? accounts : 0,
        });
    }

    public async postApproveAccount(req: Request, res: Response): Promise<void> {
        const {account, email} = await this.accountRequest(req);

        account.approved = true;
        await account.save();

        await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {
            approved: true,
            link: config.get<string>('base_url') + Controller.route('auth'),
        }).send(email!.email!);

        req.flash('success', `Account successfully approved.`);
        res.redirectBack(Controller.route('accounts-approval'));
    }

    public async postRejectAccount(req: Request, res: Response): Promise<void> {
        const {account, email} = await this.accountRequest(req);

        await account.delete();

        await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {
            approved: false,
        }).send(email!.email!);

        req.flash('success', `Account successfully deleted.`);
        res.redirectBack(Controller.route('accounts-approval'));
    }

    private async accountRequest(req: Request): Promise<{
        account: User,
        email: UserEmail,
    }> {
        if (!req.body.user_id) throw new BadRequestError('Missing user_id field', 'Check your form', req.url);
        const account = await User.select().where('id', req.body.user_id).with('mainEmail').first();
        if (!account) throw new NotFoundHttpError('User', req.url);
        const email = await account.mainEmail.get();

        return {
            account: account,
            email: email!,
        };
    }
}
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00			`import config from "config";`
			`import Controller from "../Controller";`
			`import {REQUIRE_ADMIN_MIDDLEWARE, REQUIRE_AUTH_MIDDLEWARE} from "../auth/AuthComponent";`
			`import User from "../auth/models/User";`
			`import {Request, Response} from "express";`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00			`import {BadRequestError, NotFoundHttpError} from "../HttpError";`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00			`import Mail from "../Mail";`
			`import {ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE} from "../Mails";`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00			`import UserEmail from "../auth/models/UserEmail";`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00
			`export default class BackendController extends Controller {`
			`getRoutesPrefix(): string {`
			`return '/backend';`
			`}`

			`routes(): void {`
			`this.get('/', this.getIndex, 'backend', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);`
			`if (User.isApprovalMode()) {`
			`this.get('/accounts-approval', this.getAccountApproval, 'accounts-approval', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00			`this.post('/accounts-approval/approve', this.postApproveAccount, 'approve-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);`
			`this.post('/accounts-approval/reject', this.postRejectAccount, 'reject-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00			`}`
			`}`

			`public async getIndex(req: Request, res: Response): Promise<void> {`
			`res.render('backend/index', {`
			`approval_mode: User.isApprovalMode(),`
			`accounts_to_approve: User.isApprovalMode() ? await User.select().count() : 0,`
			`});`
			`}`

			`public async getAccountApproval(req: Request, res: Response): Promise<void> {`
			`const accounts = await User.select().where('approved', 0).with('mainEmail').get();`
			`res.render('backend/accounts_approval', {`
			`accounts: User.isApprovalMode() ? accounts : 0,`
			`});`
			`}`

			`public async postApproveAccount(req: Request, res: Response): Promise<void> {`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00			`const {account, email} = await this.accountRequest(req);`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00
			`account.approved = true;`
			`await account.save();`

			`await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {`
			`approved: true,`
			`link: config.get<string>('base_url') + Controller.route('auth'),`
			`}).send(email!.email!);`

			req.flash('success', `Account successfully approved.`);
			`res.redirectBack(Controller.route('accounts-approval'));`
			`}`

			`public async postRejectAccount(req: Request, res: Response): Promise<void> {`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00			`const {account, email} = await this.accountRequest(req);`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00
			`await account.delete();`

			`await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {`
			`approved: false,`
			`}).send(email!.email!);`

			req.flash('success', `Account successfully deleted.`);
			`res.redirectBack(Controller.route('accounts-approval'));`
			`}`
Improve approval mode component security, reliability and usage 2020-07-24 13:00:20 +02:00
			`private async accountRequest(req: Request): Promise<{`
			`account: User,`
			`email: UserEmail,`
			`}> {`
			`if (!req.body.user_id) throw new BadRequestError('Missing user_id field', 'Check your form', req.url);`
			`const account = await User.select().where('id', req.body.user_id).with('mainEmail').first();`
			`if (!account) throw new NotFoundHttpError('User', req.url);`
			`const email = await account.mainEmail.get();`

			`return {`
			`account: account,`
			`email: email!,`
			`};`
			`}`
Finish promoting email views and add backend controller 2020-07-20 17:32:32 +02:00			`}`