Zaimki/server/routes/admin.js

import { Router } from 'express';
import SQL from 'sql-template-strings';
import avatar from '../avatar';
import {config as socialLoginConfig} from "../social";
import {buildDict, now, shuffle, handleErrorAsync, buildLocaleList} from "../../src/helpers";
import locales from '../../src/locales';
import {calculateStats, statsFile} from '../../src/stats';
import fs from 'fs';
import { caches }  from "../../src/cache";

const router = Router();

router.get('/admin/list', handleErrorAsync(async (req, res) => {
    return res.json(await caches.admins.fetch(async () => {
        const admins = await req.db.all(SQL`
            SELECT u.username, p.teamName, p.locale, u.id, u.email, u.avatarSource
            FROM users u
                     LEFT JOIN profiles p ON p.userId = u.id
            WHERE p.teamName IS NOT NULL
              AND p.teamName != ''
            ORDER BY RANDOM()
        `);

        const adminsGroupped = buildDict(function* () {
            yield [global.config.locale, []];
            for (let [locale, , , published] of locales) {
                if (locale !== global.config.locale && published) {
                    yield [locale, []];
                }
            }
            yield ['', []];
        });
        for (let admin of admins) {
            admin.avatar = await avatar(req.db, admin);
            delete admin.id;
            delete admin.email;

            if (adminsGroupped[admin.locale] !== undefined) {
                adminsGroupped[admin.locale].push(admin);
            } else {
                adminsGroupped[''].push(admin);
            }
        }

        return adminsGroupped;
    }));
}));

router.get('/admin/list/footer', handleErrorAsync(async (req, res) => {
    return res.json(shuffle(await caches.adminsFooter.fetch(async () => {
        const fromDb = await req.db.all(SQL`
            SELECT u.username, p.footerName, p.footerAreas, p.locale
            FROM users u
            LEFT JOIN profiles p ON p.userId = u.id
            WHERE p.locale = ${global.config.locale}
              AND p.footerName IS NOT NULL AND p.footerName != ''
              AND p.footerAreas IS NOT NULL AND p.footerAreas != ''
        `);

        const fromConfig = global.config.contact.authors || [];

        return [...fromDb, ...fromConfig];
    })));
}));

router.get('/admin/users', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('users')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    return res.json({});

    const users = await req.db.all(SQL`
        SELECT u.id, u.username, u.email, u.roles, u.avatarSource, p.locale
        FROM users u
        LEFT JOIN profiles p ON p.userId = u.id
        ORDER BY u.id DESC
    `);

    const authenticators = await req.db.all(SQL`
        SELECT userId, type FROM authenticators
        WHERE type IN (`.append(Object.keys(socialLoginConfig).map(k => `'${k}'`).join(',')).append(SQL`)
        AND (validUntil IS NULL OR validUntil > ${now()})
    `));

    const groupedUsers = {};
    for (let user of users) {
        if (groupedUsers[user.id] === undefined) {
            groupedUsers[user.id] = {
                ...user,
                locale: undefined,
                profiles: user.locale ? [user.locale] : [],
                avatar: await avatar(req.db, user),
                socialConnections: [],
            }
        } else {
            groupedUsers[user.id].profiles.push(user.locale);
        }
    }

    for (let auth of authenticators) {
        groupedUsers[auth.userId].socialConnections.push(auth.type);
    }

    return res.json(groupedUsers);
}));

router.get('/admin/stats', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('panel')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    const stats = fs.existsSync(statsFile)
        ? JSON.parse(fs.readFileSync(statsFile))
        : await calculateStats(req.db, buildLocaleList(global.config.locale));

    for (let locale in stats.locales) {
        if (stats.locales.hasOwnProperty(locale) && !req.isGranted('panel', locale)) {
            delete stats.locales[locale];
        }
    }

    return res.json(stats);
}));

const normalise = s => s.trim().toLowerCase();

router.post('/admin/ban/:username', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('users')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    await req.db.get(SQL`
        UPDATE users
        SET bannedReason = ${req.body.reason || null} 
        WHERE lower(trim(replace(replace(replace(replace(replace(replace(replace(replace(replace(username, 'Ą', 'ą'), 'Ć', 'ć'), 'Ę', 'ę'), 'Ł', 'ł'), 'Ń', 'ń'), 'Ó', 'ó'), 'Ś', 'ś'), 'Ż', 'ż'), 'Ź', 'ż'))) = ${normalise(req.params.username)}
    `);

    return res.json(true);
}));

router.get('/admin/suspicious', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('users')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    return res.json(await req.db.all(SQL`
        SELECT users.id, users.username, profiles.locale FROM profiles
        LEFT JOIN users ON profiles.userId = users.id
        WHERE users.suspiciousChecked != 1
          AND users.bannedReason IS NULL
          AND (
              lower(customFlags) LIKE '%super%'
           OR lower(description) LIKE '%super%'
           OR lower(customFlags) LIKE '%phobe%'
           OR lower(description) LIKE '%phobe%'
           OR lower(customFlags) LIKE '%phobic%'
           OR lower(description) LIKE '%phobic%'
           OR lower(customFlags) LIKE '%terf%'
           OR lower(description) LIKE '%terf%'
           OR lower(customFlags) LIKE '%radfem%'
           OR lower(description) LIKE '%radfem%'
           OR lower(customFlags) LIKE '%gender critical%'
           OR lower(description) LIKE '%gender critical%'
        )
        ORDER BY users.id DESC
    `));
}));

router.post('/admin/suspicious/checked/:id', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('users')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    await req.db.get(SQL`
        UPDATE users
        SET suspiciousChecked = 1
        WHERE id=${req.params.id}
    `);

    return res.json(true);
}));

export default router;
#87 move backend to express 2020-10-31 13:33:59 -07:00			`import { Router } from 'express';`
			`import SQL from 'sql-template-strings';`
#88 select avatar source 2020-11-02 12:12:15 -08:00			`import avatar from '../avatar';`
#74 social login - admin panel 2020-11-02 12:45:45 -08:00			`import {config as socialLoginConfig} from "../social";`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`import {buildDict, now, shuffle, handleErrorAsync, buildLocaleList} from "../../src/helpers";`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00			`import locales from '../../src/locales';`
#216 optimise stats 2021-06-09 23:45:13 -07:00			`import {calculateStats, statsFile} from '../../src/stats';`
			`import fs from 'fs';`
fix cache invalidation 2021-07-02 16:15:44 -07:00			`import { caches } from "../../src/cache";`
#87 move backend to express 2020-10-31 13:33:59 -07:00
			`const router = Router();`

#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/admin/list', handleErrorAsync(async (req, res) => {`
fix cache invalidation 2021-07-02 16:15:44 -07:00			`return res.json(await caches.admins.fetch(async () => {`
[optim] more caching 2021-06-17 14:29:47 -07:00			const admins = await req.db.all(SQL`
			`SELECT u.username, p.teamName, p.locale, u.id, u.email, u.avatarSource`
			`FROM users u`
			`LEFT JOIN profiles p ON p.userId = u.id`
			`WHERE p.teamName IS NOT NULL`
			`AND p.teamName != ''`
			`ORDER BY RANDOM()`
			`);
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00
[optim] more caching 2021-06-17 14:29:47 -07:00			`const adminsGroupped = buildDict(function* () {`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`yield [global.config.locale, []];`
[optim] more caching 2021-06-17 14:29:47 -07:00			`for (let [locale, , , published] of locales) {`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`if (locale !== global.config.locale && published) {`
[optim] more caching 2021-06-17 14:29:47 -07:00			`yield [locale, []];`
			`}`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00			`}`
[optim] more caching 2021-06-17 14:29:47 -07:00			`yield ['', []];`
			`});`
			`for (let admin of admins) {`
			`admin.avatar = await avatar(req.db, admin);`
			`delete admin.id;`
			`delete admin.email;`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00
[optim] more caching 2021-06-17 14:29:47 -07:00			`if (adminsGroupped[admin.locale] !== undefined) {`
			`adminsGroupped[admin.locale].push(admin);`
			`} else {`
			`adminsGroupped[''].push(admin);`
			`}`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00			`}`

[optim] more caching 2021-06-17 14:29:47 -07:00			`return adminsGroupped;`
			`}));`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/admin/list/footer', handleErrorAsync(async (req, res) => {`
fix cache invalidation 2021-07-02 16:15:44 -07:00			`return res.json(shuffle(await caches.adminsFooter.fetch(async () => {`
[optim] more caching 2021-06-17 14:29:47 -07:00			const fromDb = await req.db.all(SQL`
			`SELECT u.username, p.footerName, p.footerAreas, p.locale`
			`FROM users u`
			`LEFT JOIN profiles p ON p.userId = u.id`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`WHERE p.locale = ${global.config.locale}`
[optim] more caching 2021-06-17 14:29:47 -07:00			`AND p.footerName IS NOT NULL AND p.footerName != ''`
			`AND p.footerAreas IS NOT NULL AND p.footerAreas != ''`
			`);
allow footer credits without a card 2021-04-06 11:48:44 -07:00
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`const fromConfig = global.config.contact.authors \|\| [];`
allow footer credits without a card 2021-04-06 11:48:44 -07:00
[optim] more caching 2021-06-17 14:29:47 -07:00			`return [...fromDb, ...fromConfig];`
			`})));`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#164 dynamic /team page and footer 2021-01-12 11:06:59 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/admin/users', handleErrorAsync(async (req, res) => {`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (!req.isGranted('users')) {`
#87 move backend to express 2020-10-31 13:33:59 -07:00			`return res.status(401).json({error: 'Unauthorised'});`
			`}`

quick fix for database issues 2021-06-03 01:28:53 -07:00			`return res.json({});`

#87 move backend to express 2020-10-31 13:33:59 -07:00			const users = await req.db.all(SQL`
#88 select avatar source 2020-11-02 12:12:15 -08:00			`SELECT u.id, u.username, u.email, u.roles, u.avatarSource, p.locale`
#87 move backend to express 2020-10-31 13:33:59 -07:00			`FROM users u`
			`LEFT JOIN profiles p ON p.userId = u.id`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`ORDER BY u.id DESC`
#87 move backend to express 2020-10-31 13:33:59 -07:00			`);

#74 social login - admin panel 2020-11-02 12:45:45 -08:00			const authenticators = await req.db.all(SQL`
			`SELECT userId, type FROM authenticators`
			WHERE type IN (`.append(Object.keys(socialLoginConfig).map(k => `'${k}'`).join(',')).append(SQL`)
			`AND (validUntil IS NULL OR validUntil > ${now()})`
			`));

#87 move backend to express 2020-10-31 13:33:59 -07:00			`const groupedUsers = {};`
			`for (let user of users) {`
			`if (groupedUsers[user.id] === undefined) {`
			`groupedUsers[user.id] = {`
			`...user,`
			`locale: undefined,`
			`profiles: user.locale ? [user.locale] : [],`
#88 select avatar source 2020-11-02 12:12:15 -08:00			`avatar: await avatar(req.db, user),`
#74 social login - admin panel 2020-11-02 12:45:45 -08:00			`socialConnections: [],`
#87 move backend to express 2020-10-31 13:33:59 -07:00			`}`
			`} else {`
			`groupedUsers[user.id].profiles.push(user.locale);`
			`}`
			`}`

#74 social login - admin panel 2020-11-02 12:45:45 -08:00			`for (let auth of authenticators) {`
			`groupedUsers[auth.userId].socialConnections.push(auth.type);`
			`}`

#87 move backend to express 2020-10-31 13:33:59 -07:00			`return res.json(groupedUsers);`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#87 move backend to express 2020-10-31 13:33:59 -07:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/admin/stats', handleErrorAsync(async (req, res) => {`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (!req.isGranted('panel')) {`
#101 stats - server 2020-11-24 15:54:02 -08:00			`return res.status(401).json({error: 'Unauthorised'});`
			`}`

#216 optimise stats 2021-06-09 23:45:13 -07:00			`const stats = fs.existsSync(statsFile)`
			`? JSON.parse(fs.readFileSync(statsFile))`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`: await calculateStats(req.db, buildLocaleList(global.config.locale));`
[admin][stats] flags 2020-11-27 11:30:21 -08:00
#216 optimise stats 2021-06-09 23:45:13 -07:00			`for (let locale in stats.locales) {`
			`if (stats.locales.hasOwnProperty(locale) && !req.isGranted('panel', locale)) {`
			`delete stats.locales[locale];`
#101 stats - server 2020-11-24 15:54:02 -08:00			`}`
			`}`

#216 optimise stats 2021-06-09 23:45:13 -07:00			`return res.json(stats);`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#101 stats - server 2020-11-24 15:54:02 -08:00
#174 better banning 2021-06-16 07:08:38 -07:00			`const normalise = s => s.trim().toLowerCase();`

			`router.post('/admin/ban/:username', handleErrorAsync(async (req, res) => {`
			`if (!req.isGranted('users')) {`
			`return res.status(401).json({error: 'Unauthorised'});`
			`}`

			await req.db.get(SQL`
			`UPDATE users`
			`SET bannedReason = ${req.body.reason \|\| null}`
			`WHERE lower(trim(replace(replace(replace(replace(replace(replace(replace(replace(replace(username, 'Ą', 'ą'), 'Ć', 'ć'), 'Ę', 'ę'), 'Ł', 'ł'), 'Ń', 'ń'), 'Ó', 'ó'), 'Ś', 'ś'), 'Ż', 'ż'), 'Ź', 'ż'))) = ${normalise(req.params.username)}`
			`);

			`return res.json(true);`
			`}));`

#217 overview of suspicious profiles 2021-06-16 07:48:24 -07:00			`router.get('/admin/suspicious', handleErrorAsync(async (req, res) => {`
			`if (!req.isGranted('users')) {`
			`return res.status(401).json({error: 'Unauthorised'});`
			`}`

			return res.json(await req.db.all(SQL`
			`SELECT users.id, users.username, profiles.locale FROM profiles`
			`LEFT JOIN users ON profiles.userId = users.id`
			`WHERE users.suspiciousChecked != 1`
			`AND users.bannedReason IS NULL`
			`AND (`
			`lower(customFlags) LIKE '%super%'`
			`OR lower(description) LIKE '%super%'`
			`OR lower(customFlags) LIKE '%phobe%'`
			`OR lower(description) LIKE '%phobe%'`
[admin] more keywords for sus accounts 2021-06-23 08:24:16 -07:00			`OR lower(customFlags) LIKE '%phobic%'`
			`OR lower(description) LIKE '%phobic%'`
			`OR lower(customFlags) LIKE '%terf%'`
			`OR lower(description) LIKE '%terf%'`
			`OR lower(customFlags) LIKE '%radfem%'`
			`OR lower(description) LIKE '%radfem%'`
			`OR lower(customFlags) LIKE '%gender critical%'`
			`OR lower(description) LIKE '%gender critical%'`
#217 overview of suspicious profiles 2021-06-16 07:48:24 -07:00			`)`
			`ORDER BY users.id DESC`
			`));
			`}));`

			`router.post('/admin/suspicious/checked/:id', handleErrorAsync(async (req, res) => {`
			`if (!req.isGranted('users')) {`
			`return res.status(401).json({error: 'Unauthorised'});`
			`}`

			await req.db.get(SQL`
			`UPDATE users`
			`SET suspiciousChecked = 1`
			`WHERE id=${req.params.id}`
			`);

			`return res.json(true);`
			`}));`

#87 move backend to express 2020-10-31 13:33:59 -07:00			`export default router;`