kaverti/website
5
0
Fork 1
Code Issues Pull requests Releases Wiki Activity
website/v2_routes/admin_user_list.js
Troplo 36ced86861 V1 and V2 API
2021-04-09 23:22:40 +10:00

97 lines
3.1 KiB
JavaScript
Raw Blame History

let bcrypt = require('bcryptjs')
let multer = require('multer')
let express = require('express')
let router = express.Router()
const auth = require('../lib/auth')
var Recaptcha = require('express-recaptcha').RecaptchaV3;
var recaptcha = new Recaptcha('6LdlbrwZAAAAAKvtcVQhVl_QaNOqmQ4PgyW3SKHy', '6LdlbrwZAAAAAMAWPVDrL8eNPxrws6AMDtLf1bgd');
var reCAPTCHASecret = "6LdlbrwZAAAAAKvtcVQhVl_QaNOqmQ4PgyW3SKHy";
const Errors = require('../lib/errors.js')
let {
User, Post, ProfilePicture, AdminToken, Thread, Category, Sequelize, Ip, Ban, sequelize
} = require('../models')
let pagination = require('../lib/pagination.js')
function setUserSession(req, res, username, UserId, admin) {
req.userData.loggedIn = true
req.userData.username = username
req.userData.id = UserId
res.cookie('username', username)
//Not for security purposes, just so client side can determine
//to show certain parts of ui or not (i.e. could trivially be spoofed
//but the server would not accept any api requests)
res.cookie('admin', !!admin)
if(admin) { req.userData.admin = true }
}
router.get('/', async function(req, res) {
if(req.userData.admin) {
try {
let sortFields = {
createdAt: 'X.id',
username: 'X.username',
threadCount: 'threadCount',
postCount: 'postCount',
email: 'X.email',
bot: 'X.bot'
};
let offset = Number.isInteger(+req.query.offset) ? +req.query.offset : 0;
let havingClause = '';
if (req.query.role === 'admin') {
havingClause = 'HAVING Users.admin = true';
} else if (req.query.role === 'user') {
havingClause = 'HAVING Users.admin = false';
} else {
havingClause = '';
}
if (req.query.search) {
//I.e. if there is not already a HAVING clause
if (!havingClause.length) {
havingClause = 'HAVING ';
} else {
havingClause += ' AND ';
}
havingClause += 'Users.username LIKE $search';
}
let sql = `
SELECT X.username, X.admin, X.bot, X.email, X.createdAt, X.postCount, COUNT(Threads.id) as threadCount
FROM (
SELECT Users.*, COUNT(Posts.id) as postCount
FROM Users
LEFT OUTER JOIN Posts
ON Users.id = Posts.UserId
GROUP BY Users.id
${havingClause}
) as X
LEFT OUTER JOIN Threads
ON X.id = Threads.UserId
GROUP BY X.id
ORDER BY ${sortFields[req.query.sort] || 'X.id'} ${req.query.order === 'asc' ? 'ASC' : 'DESC'}
LIMIT 15
OFFSET ${offset}
`;
let users = await sequelize.query(sql, {
model: User,
bind: {search: req.query.search + '%'}
});
res.json(users)
res.json(users)
} catch (e) { next(e) }
} else {
res.status(401)
res.json({
errors: [Errors.requestNotAuthorized]
})
}
})
module.exports = router;
Reference in a new issue View git blame Copy permalink