Created
August 5, 2019 06:11
-
-
Save erdarafika/d2a4c897d98ea28b7342578b099ec23f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const express = require('express') | |
| const requestIp = require('request-ip') | |
| const useragent = require('express-useragent') | |
| const mongoose = require('mongoose') | |
| const Promise = require('bluebird') | |
| const cors = require('cors') | |
| const helmet = require('helmet') | |
| const bodyParser = require('body-parser') | |
| const app = express() | |
| const router = require('./router') | |
| const passwordHash = require('pbkdf2-password-hash') | |
| const async = require('async') | |
| const whilst = async.whilst | |
| const jwt = require('jsonwebtoken') | |
| const ejwt = require('express-jwt') | |
| const guard = require('express-jwt-permissions')() | |
| const uuidv1 = require('uuid/v1') | |
| const config = require('./config/main') | |
| const enc = require('./config/encrypt') | |
| const port = config.port | |
| mongoose.Promise = global.Promise; | |
| mongoose.connect(config.database); | |
| const mdb = mongoose.connection; | |
| const multer = require('multer'); | |
| const upload = multer(); | |
| const GridFsStorage = require('multer-gridfs-storage'); | |
| const Grid = require('gridfs-stream'); | |
| Grid.mongo = mongoose.mongo; | |
| const gfs = Grid(mdb.db); | |
| const box_url = 'https://s3.nexsi.io'; | |
| const checkForPermissions = guard | |
| .check([ | |
| ['group:user'], | |
| ['group:admin'], | |
| ['group:root'] | |
| ]) | |
| .unless({path: [ | |
| '/api/auth/sign-up', | |
| '/api/auth/sign-in', | |
| '/api/auth/invitation-email-verification', | |
| '/api/auth/email-verification', | |
| '/api/auth/check-invited-user', | |
| '/api/auth/get-invited-user', | |
| '/api/auth/forgot-password', | |
| '/api/auth/check-phone-verified', | |
| '/api/auth/reset-password', | |
| '/api/auth/check-gauth', | |
| '/api/4dm1n/sign-in', | |
| '/api/4dm1n/root-sign-in', | |
| '/api/4dm1n/root-sms-token', | |
| '/api/4dm1n/root-email-token', | |
| '/api/user/on-going-phase', | |
| '/api/user/contact-us', | |
| '/api/user/subscriber', | |
| '/api/user/get-nes-usd', | |
| '/api/user/check-invitation-code', | |
| '/api/user/member-level', | |
| '/api/user/agent-check' | |
| ]}) | |
| app.disable('x-powered-by') | |
| app.use(helmet()) | |
| app.use(helmet.noCache()) | |
| app.use(function(req, res, next) { | |
| res.header('Access-Control-Allow-Origin', '*'); | |
| res.header('Access-Control-Allow-Methods', 'PUT, GET, POST, DELETE, OPTIONS'); | |
| res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, Authorization, Access-Control-Allow-Credentials'); | |
| res.header('Access-Control-Allow-Credentials', 'true'); | |
| next(); | |
| }) | |
| app.use(bodyParser.urlencoded({ extended: true })) | |
| app.use(bodyParser.json()) | |
| app.use(requestIp.mw({ attributeName : 'ip_address' })) | |
| app.use(useragent.express()) | |
| app.use(cors()) | |
| app.use(ejwt({ secret: config.secret}).unless({path: [ | |
| '/api/auth/sign-up', | |
| '/api/auth/sign-in', | |
| '/api/auth/invitation-email-verification', | |
| '/api/auth/email-verification', | |
| '/api/auth/check-invited-user', | |
| '/api/auth/get-invited-user', | |
| '/api/auth/forgot-password', | |
| '/api/auth/check-phone-verified', | |
| '/api/auth/reset-password', | |
| '/api/auth/check-gauth', | |
| '/api/4dm1n/sign-in', | |
| '/api/4dm1n/root-sign-in', | |
| '/api/4dm1n/root-sms-token', | |
| '/api/4dm1n/root-email-token', | |
| '/api/user/on-going-phase', | |
| '/api/user/contact-us', | |
| '/api/user/subscriber', | |
| '/api/user/get-nes-usd', | |
| '/api/user/check-invitation-code', | |
| '/api/user/member-level', | |
| '/api/user/agent-check' | |
| ]})) | |
| app.use(checkForPermissions) | |
| app.use(express.static(__dirname)) | |
| const storage_img = GridFsStorage({ | |
| gfs : gfs, | |
| filename: function (req, file, cb) { | |
| if (!file.originalname.match(/\.(jpg|jpeg|png|PNG|JPEG|JPG)$/)) { | |
| return cb(null, err('Only image files are allowed!'), false); | |
| } | |
| const datetimestamp = Date.now(); | |
| cb(null, req.user.aud + datetimestamp + '.' + file.originalname.split('.')[file.originalname.split('.').length -1]); | |
| }, | |
| metadata: function(req, file, cb) { | |
| cb(null, { originalname: file.originalname, uploaded_by: req.user.aud}); | |
| }, | |
| root: 'box' | |
| }); | |
| const storage_doc = GridFsStorage({ | |
| gfs : gfs, | |
| filename: function (req, file, cb) { | |
| if (!file.originalname.match(/\.(pdf|doc|docx|xls|xlsx)$/)) { | |
| return cb(null, err('Only document files are allowed!'), false); | |
| } | |
| const datetimestamp = Date.now(); | |
| cb(null, req.user.aud + datetimestamp + '.' + file.originalname.split('.')[file.originalname.split('.').length -1]); | |
| }, | |
| metadata: function(req, file, cb) { | |
| cb(null, { originalname: file.originalname, uploaded_by: req.user.aud}); | |
| }, | |
| root: 'box' | |
| }); | |
| app.post('/api/file/upload/img', guard.check(['group:user']), (req, res, next) => { | |
| const upload = multer({ | |
| storage: storage_img, | |
| limits:{ | |
| fileSize: 5000000 // 5mb | |
| } | |
| }).single('file'); | |
| upload(req,res,function(err){ | |
| if(err){ | |
| err.max_image_size = 'Only JPG, JPEG, PNG files that have less than or equal 5MB are allowed.'; | |
| res.status(422).json({code:422, message:err}); | |
| return; | |
| } | |
| return res.status(200).json({ | |
| code: 200, | |
| message: 'Success.', | |
| img_url: box_url+'/api/file/'+req.file.filename | |
| }) | |
| }); | |
| }); | |
| app.post('/api/file/upload/doc', guard.check(['group:user']), (req, res, next) => { | |
| const upload = multer({ | |
| storage: storage_doc, | |
| limits:{ | |
| fileSize: 5000000 // 5mb | |
| } | |
| }).single('file'); | |
| upload(req,res,function(err){ | |
| if(err){ | |
| err.max_image_size = 'Only PDF, DOC, DOCX, XLS, XLSX files that have less than or equal 5MB are allowed.'; | |
| res.status(422).json({code:422, message:err}); | |
| return; | |
| } | |
| return res.status(200).json({ | |
| code: 200, | |
| message: 'Success.', | |
| img_url: box_url+'/api/file/'+req.file.filename | |
| }) | |
| }); | |
| }); | |
| app.get('/api/file/:filename', guard.check(['group:user']), function(req, res){ | |
| gfs.collection('box'); | |
| gfs.files.find({filename: req.params.filename}).toArray(function(err, files){ | |
| if(!files || files.length === 0){ | |
| return res.status(404).json({ | |
| code: 404, | |
| message: "Not found." | |
| }); | |
| } | |
| var readstream = gfs.createReadStream({ | |
| filename: files[0].filename, | |
| root: "box" | |
| }); | |
| res.set('Content-Type', files[0].contentType) | |
| return readstream.pipe(res); | |
| }); | |
| }); | |
| router(app) | |
| app.use(function (err, req, res, next) { | |
| if (err.name === 'UnauthorizedError') { | |
| res.status(403).json({ | |
| code: 403, message: 'Forbidden...' | |
| }) | |
| } | |
| }) | |
| const server = app.listen(port) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment