From f127abbc745c266d979be22d0ebcf9fc1fed6eb8 Mon Sep 17 00:00:00 2001
From: Alice Gaudon <alice@gaudon.pro>
Date: Mon, 20 Jul 2020 17:32:32 +0200
Subject: [PATCH] Finish promoting email views and add backend controller

---
 src/Mails.ts                                | 17 +++++
 src/auth/AuthGuard.ts                       | 13 +++-
 src/helpers/BackendController.ts            | 69 +++++++++++++++++++++
 views/backend/accounts_approval.njk         | 41 ++++++++++++
 views/backend/index.njk                     | 21 +++++++
 views/mails/pending_account_review.mjml.njk | 58 +++--------------
 6 files changed, 169 insertions(+), 50 deletions(-)
 create mode 100644 src/Mails.ts
 create mode 100644 src/helpers/BackendController.ts
 create mode 100644 views/backend/accounts_approval.njk
 create mode 100644 views/backend/index.njk

diff --git a/src/Mails.ts b/src/Mails.ts
new file mode 100644
index 0000000..9a4635c
--- /dev/null
+++ b/src/Mails.ts
@@ -0,0 +1,17 @@
+import config from "config";
+import {MailTemplate} from "./Mail";
+
+export const MAGIC_LINK_MAIL = new MailTemplate(
+    'magic_link',
+    data => data.type === 'register' ? 'Registration' : 'Login magic link'
+);
+
+export const ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE: MailTemplate = new MailTemplate(
+    'account_review_notice',
+    data => `Your account was ${data.approved ? 'approved' : 'rejected'}.`
+);
+
+export const PENDING_ACCOUNT_REVIEW_MAIL_TEMPLATE: MailTemplate = new MailTemplate(
+    'pending_account_review',
+    () => 'A new account is pending review on ' + config.get<string>('domain'),
+);
diff --git a/src/auth/AuthGuard.ts b/src/auth/AuthGuard.ts
index 51fb21e..934d74b 100644
--- a/src/auth/AuthGuard.ts
+++ b/src/auth/AuthGuard.ts
@@ -4,6 +4,10 @@ import User from "./models/User";
 import UserEmail from "./models/UserEmail";
 import {Connection} from "mysql";
 import {Request} from "express";
+import {PENDING_ACCOUNT_REVIEW_MAIL_TEMPLATE} from "../Mails";
+import Mail from "../Mail";
+import Controller from "../Controller";
+import config from "config";
 
 export default abstract class AuthGuard<P extends AuthProof> {
     public abstract async getProofForSession(session: Express.Session): Promise<P | null>;
@@ -48,7 +52,14 @@ export default abstract class AuthGuard<P extends AuthProof> {
                 await callback();
             }
 
-            if (!user) {
+            if (user) {
+                if (User.isApprovalMode()) {
+                    await new Mail(PENDING_ACCOUNT_REVIEW_MAIL_TEMPLATE, {
+                        username: user!.name,
+                        link: Controller.route('accounts-approval'),
+                    }).send(config.get<string>('app.contact_email'));
+                }
+            } else {
                 throw new Error('Unable to register user.');
             }
         } else if (registerCallback) {
diff --git a/src/helpers/BackendController.ts b/src/helpers/BackendController.ts
new file mode 100644
index 0000000..a421f5c
--- /dev/null
+++ b/src/helpers/BackendController.ts
@@ -0,0 +1,69 @@
+import config from "config";
+import Controller from "../Controller";
+import {REQUIRE_ADMIN_MIDDLEWARE, REQUIRE_AUTH_MIDDLEWARE} from "../auth/AuthComponent";
+import User from "../auth/models/User";
+import {Request, Response} from "express";
+import {NotFoundHttpError} from "../HttpError";
+import Mail from "../Mail";
+import {ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE} from "../Mails";
+
+export default class BackendController extends Controller {
+    getRoutesPrefix(): string {
+        return '/backend';
+    }
+
+    routes(): void {
+        this.get('/', this.getIndex, 'backend', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
+        if (User.isApprovalMode()) {
+            this.get('/accounts-approval', this.getAccountApproval, 'accounts-approval', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
+            this.post('/accounts-approval/approve/:id', this.postApproveAccount, 'approve-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
+            this.post('/accounts-approval/reject/:id', this.postRejectAccount, 'reject-account', REQUIRE_AUTH_MIDDLEWARE, REQUIRE_ADMIN_MIDDLEWARE);
+        }
+    }
+
+    public async getIndex(req: Request, res: Response): Promise<void> {
+        res.render('backend/index', {
+            approval_mode: User.isApprovalMode(),
+            accounts_to_approve: User.isApprovalMode() ? await User.select().count() : 0,
+        });
+    }
+
+    public async getAccountApproval(req: Request, res: Response): Promise<void> {
+        const accounts = await User.select().where('approved', 0).with('mainEmail').get();
+        res.render('backend/accounts_approval', {
+            accounts: User.isApprovalMode() ? accounts : 0,
+        });
+    }
+
+    public async postApproveAccount(req: Request, res: Response): Promise<void> {
+        const account = await User.select().where('id', req.params.id).with('mainEmail').first();
+        if (!account) throw new NotFoundHttpError('User', req.url);
+        const email = await account.mainEmail.get();
+
+        account.approved = true;
+        await account.save();
+
+        await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {
+            approved: true,
+            link: config.get<string>('base_url') + Controller.route('auth'),
+        }).send(email!.email!);
+
+        req.flash('success', `Account successfully approved.`);
+        res.redirectBack(Controller.route('accounts-approval'));
+    }
+
+    public async postRejectAccount(req: Request, res: Response): Promise<void> {
+        const account = await User.select().where('id', req.params.id).with('mainEmail').first();
+        if (!account) throw new NotFoundHttpError('User', req.url);
+        const email = await account.mainEmail.get();
+
+        await account.delete();
+
+        await new Mail(ACCOUNT_REVIEW_NOTICE_MAIL_TEMPLATE, {
+            approved: false,
+        }).send(email!.email!);
+
+        req.flash('success', `Account successfully deleted.`);
+        res.redirectBack(Controller.route('accounts-approval'));
+    }
+}
\ No newline at end of file
diff --git a/views/backend/accounts_approval.njk b/views/backend/accounts_approval.njk
new file mode 100644
index 0000000..3f72fe6
--- /dev/null
+++ b/views/backend/accounts_approval.njk
@@ -0,0 +1,41 @@
+{% extends 'layouts/base.njk' %}
+
+{% set title = app.name + ' - Review accounts' %}
+
+{% block body %}
+    <h1>Accounts pending review</h1>
+
+    <div class="panel">
+        <table class="data-table">
+            <thead>
+            <tr>
+                <th class="shrink-col">#</th>
+                <th>Name</th>
+                <th>Main email</th>
+                <th>Registered at</th>
+                <th class="shrink-col">Action</th>
+            </tr>
+            </thead>
+            <tbody>
+            {% for user in accounts %}
+                <tr>
+                    <td>{{ user.id }}</td>
+                    <td>{{ user.name }}</td>
+                    <td>{{ user.mainEmail.getOrFail().email }}</td>
+                    <td>{{ user.created_at.toISOString() }}</td>
+                    <td>
+                        <div class="max-content">
+                            <a href="{{ route('approve-account', user.id) }}"
+                               class="button success"><i data-feather="check"></i> Approve</a>
+
+                            <a href="{{ route('reject-account', user.id) }}"
+                               onclick="return confirm(`This will irrevocably delete the ${user.main_email} account.`)"
+                               class="button danger"><i data-feather="x"></i> Reject</a>
+                        </div>
+                    </td>
+                </tr>
+            {% endfor %}
+            </tbody>
+        </table>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/views/backend/index.njk b/views/backend/index.njk
new file mode 100644
index 0000000..14299da
--- /dev/null
+++ b/views/backend/index.njk
@@ -0,0 +1,21 @@
+{% extends 'layouts/base.njk' %}
+
+{% set title = app.name + ' - Backend' %}
+
+{% block body %}
+    <h1>App administration</h1>
+
+    <div class="container">
+        <div class="panel">
+            <nav>
+                <ul>
+                    {% if approval_mode %}
+                        <li>
+                            <a href="{{ route('accounts-approval') }}">Accounts approval ({{ accounts_to_approve }})</a>
+                        </li>
+                    {% endif %}
+                </ul>
+            </nav>
+        </div>
+    </div>
+{% endblock %}
\ No newline at end of file
diff --git a/views/mails/pending_account_review.mjml.njk b/views/mails/pending_account_review.mjml.njk
index 208fa4e..b79dea1 100644
--- a/views/mails/pending_account_review.mjml.njk
+++ b/views/mails/pending_account_review.mjml.njk
@@ -4,63 +4,23 @@
     <mj-section>
         <mj-column>
             <mj-text mj-class="title">
-                {% if type == 'register' %}
-                    Register an account on {{ app.name }}
-                {% else %}
-                    Log in to {{ app.name }}
-                {% endif %}
+                New user account on {{ app.name }}
             </mj-text>
             <mj-text>
-                {% if type == 'register' %}
-                    Someone has requested an account registration for <strong>{{ mail_to }}</strong>. If it was not you,
-                    please ignore this message.
-                {% else %}
-                    Someone is attempting to log in to your account <strong>{{ mail_to }}</strong>.
-                {% endif %}
+                A new user is pending review on {{ app.name }}.
+
+                Username: {{ username }}
             </mj-text>
 
-            {% if type == 'register' %}
-                <mj-button href="{{ link | safe }}">Finalize my account registration</mj-button>
-            {% else %}
-                <mj-text>If it is not you, <strong>DO NOT CLICK ON THIS BUTTON</strong>.</mj-text>
-            {% endif %}
+            <mj-text><a href="{{ link | safe }}">Finalize my account registration</a></mj-text>
         </mj-column>
     </mj-section>
-
-    {% if type == 'login' %}
-        <mj-section background-color="#1b252d">
-            <mj-column>
-                <mj-text mj-class="important-line" padding-bottom="0px">
-                    IP: <strong>{{ ip }}</strong>
-                </mj-text>
-                <mj-text mj-class="important-line">
-                    Location: <strong>{{ geo }}</strong>
-                </mj-text>
-            </mj-column>
-            <mj-column>
-                <mj-button href="{{ link | safe }}" padding="20px 0" background-color="#caa200">
-                    Authorize log in
-                </mj-button>
-            </mj-column>
-        </mj-section>
-    {% endif %}
 {% endblock %}
 
 {% block text %}
-    {% if type == 'register' %}
-        Hi!
-        Someone requested an account registration for {{ mail_to }}. If it was not you,
-        please ignore this message.
+    Hi!
+    A new user is pending review on {{ app.name }}.
 
-        To finalize your account registration, please follow this link: {{ link|safe }}
-    {% else %}
-        Hi!
-        Someone is attempting to log in to your account {{ mail_to }}.
-
-        If it is not you, DO NOT FOLLOW THIS LINK.
-
-        IP: {{ ip }}
-        Location: {{ geo }}
-        To authorize this log in, please follow this link: {{ link|safe }}
-    {% endif %}
+    Username: {{ username }}
+    To review this account, please follow this link: {{ link|safe }}
 {% endblock %}
\ No newline at end of file