nodebb/src/controllers/user.js

'use strict';

var async = require('async');
var path = require('path');
var fs = require('fs');
var winston = require('winston');
var converter = require('json-2-csv');
var archiver = require('archiver');

var db = require('../database');
var user = require('../user');
var meta = require('../meta');
var posts = require('../posts');
var batch = require('../batch');
var events = require('../events');
var privileges = require('../privileges');
var accountHelpers = require('./accounts/helpers');

var userController = module.exports;

userController.getCurrentUser = function (req, res, next) {
	if (!req.loggedIn) {
		return res.status(401).json('not-authorized');
	}
	async.waterfall([
		function (next) {
			user.getUserField(req.uid, 'userslug', next);
		},
		function (userslug, next) {
			accountHelpers.getUserDataByUserSlug(userslug, req.uid, next);
		},
		function (userData) {
			res.json(userData);
		},
	], next);
};


userController.getUserByUID = function (req, res, next) {
	byType('uid', req, res, next);
};

userController.getUserByUsername = function (req, res, next) {
	byType('username', req, res, next);
};

userController.getUserByEmail = function (req, res, next) {
	byType('email', req, res, next);
};

function byType(type, req, res, next) {
	async.waterfall([
		function (next) {
			userController.getUserDataByField(req.uid, type, req.params[type], next);
		},
		function (data, next) {
			if (!data) {
				return next();
			}
			res.json(data);
		},
	], next);
}

userController.getUserDataByField = function (callerUid, field, fieldValue, callback) {
	async.waterfall([
		function (next) {
			if (field === 'uid') {
				next(null, fieldValue);
			} else if (field === 'username') {
				user.getUidByUsername(fieldValue, next);
			} else if (field === 'email') {
				user.getUidByEmail(fieldValue, next);
			} else {
				next(null, null);
			}
		},
		function (uid, next) {
			if (!uid) {
				return next(null, null);
			}
			userController.getUserDataByUID(callerUid, uid, next);
		},
	], callback);
};

userController.getUserDataByUID = function (callerUid, uid, callback) {
	if (!parseInt(uid, 10)) {
		return callback(new Error('[[error:no-user]]'));
	}
	async.waterfall([
		function (next) {
			privileges.global.can('view:users', callerUid, next);
		},
		function (canView, next) {
			if (!canView) {
				return next(new Error('[[error:no-privileges]]'));
			}
			async.parallel({
				userData: async.apply(user.getUserData, uid),
				settings: async.apply(user.getSettings, uid),
			}, next);
		},
		function (results, next) {
			if (!results.userData) {
				return next(new Error('[[error:no-user]]'));
			}

			results.userData.email = results.settings.showemail && !meta.config.hideEmail ? results.userData.email : undefined;
			results.userData.fullname = results.settings.showfullname && !meta.config.hideFullname ? results.userData.fullname : undefined;

			next(null, results.userData);
		},
	], callback);
};

userController.exportPosts = function (req, res, next) {
	async.waterfall([
		function (next) {
			var payload = [];
			batch.processSortedSet('uid:' + res.locals.uid + ':posts', function (pids, next) {
				posts.getPostsData(pids, function (err, posts) {
					if (err) {
						return next(err);
					}

					// Remove empty post references and convert newlines in content
					posts = posts.filter(Boolean).map(function (post) {
						post.content = '"' + post.content.replace(/\n/g, '\\n').replace(/"/g, '\\"') + '"';
						return post;
					});

					payload = payload.concat(posts);
					next();
				});
			}, function (err) {
				next(err, payload);
			});
		},
		function (payload, next) {
			converter.json2csv(payload, next, {
				checkSchemaDifferences: false,
				emptyFieldValue: '',
			});
		},
		function (csv) {
			res.set('Content-Type', 'text/csv').set('Content-Disposition', 'attachment; filename="' + req.params.uid + '_posts.csv"').send(csv);
		},
	], next);
};

userController.exportUploads = function (req, res, next) {
	const targetUid = res.locals.uid;
	const archivePath = path.join(__dirname, '../../build/export', targetUid + '_uploads.zip');
	const archive = archiver('zip', {
		zlib: { level: 9 }, // Sets the compression level.
	});
	const maxAge = 1000 * 60 * 60 * 24;	// 1 day
	const rootDirectory = path.join(__dirname, '../../public/uploads/');
	const trimPath = function (path) {
		return path.replace(rootDirectory, '');
	};
	let isFresh = false;
	const sendFile = function () {
		events.log({
			type: 'export:uploads',
			uid: req.uid,
			targetUid: targetUid,
			ip: req.ip,
			fresh: isFresh,
		});

		res.sendFile(targetUid + '_uploads.zip', {
			root: path.join(__dirname, '../../build/export'),
			headers: {
				'Content-Disposition': 'attachment; filename=' + targetUid + '_uploads.zip',
				maxAge: maxAge,
			},
		});
	};

	// Check for existing file, if exists and is < 1 day in age, send this instead
	try {
		fs.accessSync(archivePath, fs.constants.F_OK | fs.constants.R_OK);
		isFresh = (Date.now() - fs.statSync(archivePath).mtimeMs) < maxAge;
		if (isFresh) {
			return sendFile();
		}
	} catch (err) {
		// File doesn't exist, continue
	}

	const output = fs.createWriteStream(archivePath);
	output.on('close', sendFile);

	archive.on('warning', function (err) {
		switch (err.code) {
		case 'ENOENT':
			winston.warn('[user/export/uploads] File not found: ' + trimPath(err.path));
			break;

		default:
			winston.warn('[user/export/uploads] Unexpected warning: ' + err.message);
			break;
		}
	});

	archive.on('error', function (err) {
		switch (err.code) {
		case 'EACCES':
			winston.error('[user/export/uploads] File inaccessible: ' + trimPath(err.path));
			break;

		default:
			winston.error('[user/export/uploads] Unable to construct archive: ' + err.message);
			break;
		}

		res.sendStatus(500);
	});

	archive.pipe(output);
	winston.info('[user/export/uploads] Collating uploads for uid ' + targetUid);
	user.collateUploads(targetUid, archive, function (err) {
		if (err) {
			return next(err);
		}

		archive.finalize();
	});
};

userController.exportProfile = function (req, res, next) {
	const targetUid = res.locals.uid;
	async.waterfall([
		async.apply(db.getObjects.bind(db), ['user:' + targetUid, 'user:' + targetUid + ':settings']),
		function (objects, next) {
			Object.assign(objects[0], objects[1]);
			delete objects[0].password;

			converter.json2csv(objects[0], next);
		},
		function (csv) {
			res.set('Content-Type', 'text/csv').set('Content-Disposition', 'attachment; filename="' + targetUid + '_profile.csv"').send(csv);
		},
	], next);
};
more refactors 8 years ago			`'use strict';`

			`var async = require('async');`
endpoint to download user attachments, #6441 7 years ago			`var path = require('path');`
			`var fs = require('fs');`
			`var winston = require('winston');`
posts export endpoint for GDPR, re: #6441 7 years ago			`var converter = require('json-2-csv');`
endpoint to download user attachments, #6441 7 years ago			`var archiver = require('archiver');`
more refactors 8 years ago
profile export for #6441 + integration 7 years ago			`var db = require('../database');`
more refactors 8 years ago			`var user = require('../user');`
			`var meta = require('../meta');`
posts export endpoint for GDPR, re: #6441 7 years ago			`var posts = require('../posts');`
			`var batch = require('../batch');`
endpoint to download user attachments, #6441 7 years ago			`var events = require('../events');`
fix: #6806 3 new global privileges view:users view:tags view:groups 6 years ago			`var privileges = require('../privileges');`
more refactors 8 years ago			`var accountHelpers = require('./accounts/helpers');`

			`var userController = module.exports;`

			`userController.getCurrentUser = function (req, res, next) {`
closes #2304 7 years ago			`if (!req.loggedIn) {`
more refactors 8 years ago			`return res.status(401).json('not-authorized');`
			`}`
			`async.waterfall([`
			`function (next) {`
			`user.getUserField(req.uid, 'userslug', next);`
			`},`
			`function (userslug, next) {`
			`accountHelpers.getUserDataByUserSlug(userslug, req.uid, next);`
			`},`
			`function (userData) {`
			`res.json(userData);`
			`},`
			`], next);`
			`};`


			`userController.getUserByUID = function (req, res, next) {`
			`byType('uid', req, res, next);`
			`};`

			`userController.getUserByUsername = function (req, res, next) {`
			`byType('username', req, res, next);`
			`};`

			`userController.getUserByEmail = function (req, res, next) {`
			`byType('email', req, res, next);`
			`};`

			`function byType(type, req, res, next) {`
more user tests 8 years ago			`async.waterfall([`
			`function (next) {`
			`userController.getUserDataByField(req.uid, type, req.params[type], next);`
			`},`
			`function (data, next) {`
			`if (!data) {`
			`return next();`
			`}`
			`res.json(data);`
fix tests 8 years ago			`},`
more user tests 8 years ago			`], next);`
more refactors 8 years ago			`}`

			`userController.getUserDataByField = function (callerUid, field, fieldValue, callback) {`
			`async.waterfall([`
			`function (next) {`
			`if (field === 'uid') {`
			`next(null, fieldValue);`
			`} else if (field === 'username') {`
			`user.getUidByUsername(fieldValue, next);`
			`} else if (field === 'email') {`
			`user.getUidByEmail(fieldValue, next);`
			`} else {`
fix tests 8 years ago			`next(null, null);`
more refactors 8 years ago			`}`
			`},`
			`function (uid, next) {`
			`if (!uid) {`
fix tests 8 years ago			`return next(null, null);`
more refactors 8 years ago			`}`
			`userController.getUserDataByUID(callerUid, uid, next);`
			`},`
			`], callback);`
			`};`

			`userController.getUserDataByUID = function (callerUid, uid, callback) {`
			`if (!parseInt(uid, 10)) {`
			`return callback(new Error('[[error:no-user]]'));`
			`}`
fix: #6806 3 new global privileges view:users view:tags view:groups 6 years ago			`async.waterfall([`
			`function (next) {`
			`privileges.global.can('view:users', callerUid, next);`
			`},`
			`function (canView, next) {`
			`if (!canView) {`
			`return next(new Error('[[error:no-privileges]]'));`
			`}`
			`async.parallel({`
			`userData: async.apply(user.getUserData, uid),`
			`settings: async.apply(user.getSettings, uid),`
			`}, next);`
			`},`
			`function (results, next) {`
			`if (!results.userData) {`
			`return next(new Error('[[error:no-user]]'));`
			`}`
more refactors 8 years ago
fix: #6806 3 new global privileges view:users view:tags view:groups 6 years ago			`results.userData.email = results.settings.showemail && !meta.config.hideEmail ? results.userData.email : undefined;`
			`results.userData.fullname = results.settings.showfullname && !meta.config.hideFullname ? results.userData.fullname : undefined;`
more refactors 8 years ago
fix: #6806 3 new global privileges view:users view:tags view:groups 6 years ago			`next(null, results.userData);`
			`},`
			`], callback);`
more refactors 8 years ago			`};`
posts export endpoint for GDPR, re: #6441 7 years ago
			`userController.exportPosts = function (req, res, next) {`
			`async.waterfall([`
			`function (next) {`
			`var payload = [];`
closes #6523, closes #6524 7 years ago			`batch.processSortedSet('uid:' + res.locals.uid + ':posts', function (pids, next) {`
			`posts.getPostsData(pids, function (err, posts) {`
posts export endpoint for GDPR, re: #6441 7 years ago			`if (err) {`
			`return next(err);`
			`}`

fix post export crashing if a pid reference doesn't resolve to an actual post object 7 years ago			`// Remove empty post references and convert newlines in content`
			`posts = posts.filter(Boolean).map(function (post) {`
posts export endpoint for GDPR, re: #6441 7 years ago			`post.content = '"' + post.content.replace(/\n/g, '\\n').replace(/"/g, '\\"') + '"';`
			`return post;`
			`});`

			`payload = payload.concat(posts);`
			`next();`
			`});`
			`}, function (err) {`
			`next(err, payload);`
			`});`
			`},`
disable strict checking of object schema in post upload CSV generation, #6490 7 years ago			`function (payload, next) {`
			`converter.json2csv(payload, next, {`
			`checkSchemaDifferences: false,`
			`emptyFieldValue: '',`
			`});`
			`},`
closes #6523, closes #6524 7 years ago			`function (csv) {`
			`res.set('Content-Type', 'text/csv').set('Content-Disposition', 'attachment; filename="' + req.params.uid + '_posts.csv"').send(csv);`
			`},`
			`], next);`
posts export endpoint for GDPR, re: #6441 7 years ago			`};`
endpoint to download user attachments, #6441 7 years ago
			`userController.exportUploads = function (req, res, next) {`
closes #6523, closes #6524 7 years ago			`const targetUid = res.locals.uid;`
			`const archivePath = path.join(__dirname, '../../build/export', targetUid + '_uploads.zip');`
endpoint to download user attachments, #6441 7 years ago			`const archive = archiver('zip', {`
			`zlib: { level: 9 }, // Sets the compression level.`
			`});`
			`const maxAge = 1000 * 60 * 60 * 24; // 1 day`
			`const rootDirectory = path.join(__dirname, '../../public/uploads/');`
			`const trimPath = function (path) {`
			`return path.replace(rootDirectory, '');`
			`};`
			`let isFresh = false;`
			`const sendFile = function () {`
			`events.log({`
			`type: 'export:uploads',`
			`uid: req.uid,`
closes #6523, closes #6524 7 years ago			`targetUid: targetUid,`
endpoint to download user attachments, #6441 7 years ago			`ip: req.ip,`
			`fresh: isFresh,`
			`});`

closes #6523, closes #6524 7 years ago			`res.sendFile(targetUid + '_uploads.zip', {`
endpoint to download user attachments, #6441 7 years ago			`root: path.join(__dirname, '../../build/export'),`
			`headers: {`
closes #6523, closes #6524 7 years ago			`'Content-Disposition': 'attachment; filename=' + targetUid + '_uploads.zip',`
endpoint to download user attachments, #6441 7 years ago			`maxAge: maxAge,`
			`},`
			`});`
			`};`

			`// Check for existing file, if exists and is < 1 day in age, send this instead`
			`try {`
			`fs.accessSync(archivePath, fs.constants.F_OK \| fs.constants.R_OK);`
			`isFresh = (Date.now() - fs.statSync(archivePath).mtimeMs) < maxAge;`
			`if (isFresh) {`
			`return sendFile();`
			`}`
			`} catch (err) {`
			`// File doesn't exist, continue`
			`}`

			`const output = fs.createWriteStream(archivePath);`
			`output.on('close', sendFile);`

			`archive.on('warning', function (err) {`
			`switch (err.code) {`
			`case 'ENOENT':`
			`winston.warn('[user/export/uploads] File not found: ' + trimPath(err.path));`
			`break;`

			`default:`
			`winston.warn('[user/export/uploads] Unexpected warning: ' + err.message);`
			`break;`
			`}`
			`});`

			`archive.on('error', function (err) {`
			`switch (err.code) {`
			`case 'EACCES':`
			`winston.error('[user/export/uploads] File inaccessible: ' + trimPath(err.path));`
			`break;`

			`default:`
			`winston.error('[user/export/uploads] Unable to construct archive: ' + err.message);`
			`break;`
			`}`

			`res.sendStatus(500);`
			`});`

			`archive.pipe(output);`
closes #6523, closes #6524 7 years ago			`winston.info('[user/export/uploads] Collating uploads for uid ' + targetUid);`
			`user.collateUploads(targetUid, archive, function (err) {`
endpoint to download user attachments, #6441 7 years ago			`if (err) {`
			`return next(err);`
			`}`

			`archive.finalize();`
			`});`
			`};`
profile export for #6441 + integration 7 years ago
			`userController.exportProfile = function (req, res, next) {`
closes #6523, closes #6524 7 years ago			`const targetUid = res.locals.uid;`
profile export for #6441 + integration 7 years ago			`async.waterfall([`
closes #6523, closes #6524 7 years ago			`async.apply(db.getObjects.bind(db), ['user:' + targetUid, 'user:' + targetUid + ':settings']),`
profile export for #6441 + integration 7 years ago			`function (objects, next) {`
			`Object.assign(objects[0], objects[1]);`
			`delete objects[0].password;`

			`converter.json2csv(objects[0], next);`
			`},`
closes #6523, closes #6524 7 years ago			`function (csv) {`
			`res.set('Content-Type', 'text/csv').set('Content-Disposition', 'attachment; filename="' + targetUid + '_profile.csv"').send(csv);`
			`},`
			`], next);`
profile export for #6441 + integration 7 years ago			`};`