API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 7th, 2018
262
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.72 KB | None | 0 0
raw download clone embed print report
  1. 'use strict';
  2. //require
  3. var mongoose = require('mongoose');
  4. var objectid = require('mongoose').ObjectID;
  5. var crypto = require('crypto'),
  6. algorithm = 'aes-256-ctr',
  7. password = 'd6F3Efeq';
  8. var session = require('express-session');
  9. var path = require('path');
  10. const express = require('express')
  11. const app = express();
  12. var multer = require('multer');
  13. var bodyParser = require('body-parser')
  14. var server = require('http').createServer(app);
  15. var socketapp = require("socket.io")(server);
  16. var fs = require('fs');
  17. var vm = require('vm');
  18. var cookieParser = require('cookie-parser');
  19.  
  20. const Vue = require('vue')
  21. var renderer = require('vue-server-renderer').createRenderer()
  22.  
  23.  
  24. //website settings
  25. app.use(express.static(__dirname + '/public'));
  26. app.use(bodyParser.urlencoded({
  27. extended: false
  28. }));
  29. //functions
  30.  
  31.  
  32. //passport
  33. app.use(require('express-session')({
  34. secret: '3D7B97B5CC044AC6B38E2242E089E62BBF3876C446478E7DBE81D0C774E2177C',
  35. }));
  36. app.use(cookieParser());
  37.  
  38. app.all('*', function (req, res, next) {
  39. res.header('Access-Control-Allow-Origin', '*');
  40. res.header('Access-Control-Allow-Headers', 'X-Requested-With');
  41. next();
  42. });
  43.  
  44.  
  45. var auth = function (req, res, next) {
  46.  
  47. if(req.session){
  48. if (req.session.anvandare) {
  49. mongoose.connect(dburl, function (err, db) {
  50. db.collection('users').findOne({
  51. username: req.session.user
  52. }, function (err, user) {
  53. if (!user) {
  54. req.session.destroy();
  55. res.redirect("/login");
  56.  
  57. } else {
  58. next()
  59. }
  60. });
  61. });
  62. } else {
  63. res.redirect('/login');
  64. };
  65. }else{
  66. res.redirect('/login');
  67. }
  68. };
  69.  
  70.  
  71. var rightuser = function (req, res, next) {
  72. if (req.session.anvandare == encrypt(req.params.name)) {
  73. next()
  74. } else {
  75. res.redirect('/customer')
  76. }
  77.  
  78. };
  79.  
  80. // mongoose schemas
  81.  
  82. var UserSchema = mongoose.Schema({
  83. username: String,
  84. password: String,
  85. email: String,
  86. joined: String,
  87. fullname: String,
  88. live: String,
  89. rafflescreated: String,
  90. raffleswon: String,
  91. coinflips: String,
  92. profileimage: String,
  93. });
  94.  
  95. var user = mongoose.model("users", UserSchema);
  96.  
  97.  
  98.  
  99.  
  100.  
  101. //encryption
  102. const ENCRYPTION_KEY = "JQEK1POIJT09WKO93AWGG5AMGEKJ4TDE";
  103. const IV_LENGTH = 16;
  104.  
  105. function encrypt(text) {
  106. let iv = new Buffer(IV_LENGTH);
  107. var enckey = ENCRYPTION_KEY;
  108. let cipher = crypto.createCipheriv('aes-256-cbc',ENCRYPTION_KEY, iv);
  109. let encrypted = cipher.update(text);
  110. encrypted = Buffer.concat([encrypted, cipher.final()]);
  111. return iv.toString('hex') + ':' + encrypted.toString('hex');
  112. }
  113.  
  114. function decrypt(text) {
  115. let textParts = text.split(':');
  116. let iv = new Buffer(textParts.shift(), 'hex');
  117. let encryptedText = new Buffer(textParts.join(':'), 'hex');
  118. let decipher = crypto.createDecipheriv('aes-256-cbc', new Buffer(ENCRYPTION_KEY), iv);
  119. let decrypted = decipher.update(encryptedText);
  120. decrypted = Buffer.concat([decrypted, decipher.final()]);
  121. return decrypted.toString();
  122. }
  123.  
  124. //multer upload fix
  125. var storage = multer.diskStorage({
  126. destination: 'public/uploads/',
  127. filename: function (req, file, cb) {
  128. crypto.pseudoRandomBytes(16, function (err, raw) {
  129. if (err) return cb(err)
  130.  
  131. cb(null, path.extname(file.originalname))
  132. })
  133. }
  134. })
  135.  
  136. var singlestorage = multer.diskStorage({
  137. destination: 'public/uploads/',
  138. filename: function(req,file,cb){
  139. cb(null, Date.now()+"-"+file.originalname )
  140. }
  141. });
  142.  
  143. var upload = multer({
  144. storage: storage
  145. })
  146.  
  147. var uploadsingle = multer({
  148. storage: singlestorage,
  149. });
  150.  
  151. //Mongoose settings
  152. mongoose.Promise = global.Promise;
  153. var Schema = mongoose.Schema;
  154. var dburl = 'mongodb://root:password@94.46.48.64:27017/RAFFLESTORE';
  155. mongoose.connect(dburl);
  156. mongoose.connection.on('error', function () {
  157. console.log('Could not connect to the database. Exiting now...');
  158. process.exit();
  159. });
  160. mongoose.connection.once('open', function () {
  161. console.log("Successfully connected to the database");
  162. })
  163. //mongoose schema
  164.  
  165.  
  166. //routing
  167. app.get('/', function (req, res) {
  168. res.sendFile(path.join(__dirname + '/public/index.html'));
  169. });
  170.  
  171.  
  172. app.get('/addproduct', function (req, res) {
  173. res.sendFile(path.join(__dirname + '/public/addproduct.html'));
  174. });
  175.  
  176.  
  177. //Get data from database
  178.  
  179. //get users
  180. app.get('/api/:name', (req, res, next) => {
  181. mongoose.connect(dburl, function (err, db) {
  182. var collection = db.collection(req.params.name).find({}).toArray(function (err, result) {
  183. if (err) throw err;
  184. res.json(result);
  185. db.close();
  186. });
  187. });
  188. });
  189.  
  190.  
  191. app.post('/addingproduct', upload.array('images', 10), (req, res) => {
  192. var imagesfiles = [];
  193.  
  194.  
  195. req.files.forEach(function (file) {
  196. imagesfiles.push(file.path);
  197. });
  198.  
  199.  
  200. var pdata = new Schema({
  201. productname: String,
  202. size: Number,
  203. tickets: Number,
  204. price: Number,
  205. description: String,
  206. images: [String]
  207. });
  208. console.log(imagesfiles);
  209. var products = mongoose.model("products", pdata);
  210.  
  211. var form = req.body;
  212. var productsdata = new products({
  213. productName: form.productname,
  214. size: form.size,
  215. tickets: form.tickets,
  216. price: form.price,
  217. images: imagesfiles,
  218. description: form.description
  219. });
  220. if (req.files) {
  221. productsdata.save()
  222. .then(item => {
  223. res.send("Product added!")
  224. });
  225. } else {
  226. res.send("Missing files")
  227. }
  228. });
  229.  
  230.  
  231. // Customer
  232.  
  233.  
  234. //customer regiuster schema
  235.  
  236. app.get('/customer', auth, rightuser, function (req, res) {
  237.  
  238.  
  239. });
  240. app.get('/customer/:name', function (req, res) {
  241.  
  242. mongoose.connect(dburl, function (err, db) {
  243. var collection = db.collection("users").findOne({
  244. username: encrypt(req.params.name)
  245. }, function (err, result) {
  246. var singeduser = decrypt(req.session.anvandare);
  247.  
  248. var customer = new Vue({
  249. template: require('fs').readFileSync('./public/customer.html', 'utf-8'),
  250. data: {
  251. username: req.params.name,
  252. fullname: result.fullname,
  253. from: result.live,
  254. time: result.joined,
  255. rafflescreated: result.rafflescreated,
  256. raffleswon: result.raffleswon,
  257. coinflips: result.coinflips,
  258. userid: result._id,
  259. image: "/uploads/" + result.profileimage.filename,
  260. rank: "default",
  261. signedinuser: singeduser,
  262. }
  263. })
  264. renderer.renderToString(customer, (err, html) => {
  265. if (err) {
  266. console.log(err)
  267. return
  268. }
  269. res.end(`${html}`)
  270. })
  271.  
  272. });
  273. });
  274. });
  275.  
  276. app.post('/updatesettings', uploadsingle.single('image'), function (req, res) {
  277. if (req.file) {
  278. console.log("file uploaded");
  279. var image = req.file;
  280. } else {
  281. console.log("no image")
  282. var image = req.body.profileimage
  283. }
  284.  
  285. var items = {
  286. fullname: req.body.fullname,
  287. live: req.body.live,
  288. profileimage: image
  289. }
  290.  
  291. mongoose.connect(dburl, function (err, db) {
  292.  
  293. db.collection("users").updateOne({
  294. "_id": mongoose.Types.ObjectId(req.body.id)
  295. }, {
  296. $set: items
  297. },
  298. function (err, result) {
  299. if (err) {
  300. res.send(err)
  301. } else {
  302. res.redirect("/customer");
  303. db.close()
  304. }
  305. });
  306. });
  307. });
  308.  
  309. app.post('/updatesecurity', function (req, res) {
  310. var items = {
  311. password: encrypt(req.body.password),
  312. email: encrypt(req.body.email)
  313. }
  314.  
  315. mongoose.connect(dburl, function (err, db) {
  316. db.collection("users").updateOne({
  317. "_id": mongoose.Types.ObjectId(req.body.id)
  318. }, {
  319. $set: items
  320. },
  321. function (err, result) {
  322. if (err) {
  323. res.send(err)
  324. } else {
  325. res.redirect("/customer");
  326. db.close()
  327. }
  328. });
  329. });
  330. });
  331.  
  332.  
  333. //register user
  334.  
  335. app.get('/register', function (req, res) {
  336. res.sendFile(path.join(__dirname + '/public/userregister.html'));
  337. });
  338.  
  339. app.post('/registeruser', function (req, res) {
  340. var joined = new Date()
  341. var month = joined.getMonth() + 1
  342. var day = joined.getDate()
  343. var year = joined.getFullYear()
  344. var fulljoined = month + "-" + day + "-" + year
  345.  
  346. var registeruser = new user({
  347. username: encrypt(req.body.username),
  348. password: encrypt(req.body.password),
  349. email: encrypt(req.body.mail),
  350. joined: fulljoined,
  351. fullname: "undefined",
  352. live: "undefined",
  353. rafflescreated: 0,
  354. raffleswon: 0,
  355. coinflips: 0,
  356. profileimage: "/img/defaultprofileimg.png",
  357. rank: "default",
  358.  
  359.  
  360. });
  361.  
  362. registeruser.save(function (err, data) {
  363. if (err) {
  364. console.log(err);
  365. res.send("There has been an error, We doing our best to fix this problem")
  366. } else {
  367. res.redirect('/customer')
  368. }
  369.  
  370. });
  371. });
  372.  
  373. //register login
  374.  
  375. app.get('/login', function (req, res) {
  376. res.sendFile(path.join(__dirname + '/public/userlogin.html'));
  377. });
  378.  
  379. app.post('/userlogin', function (req, res) {
  380. mongoose.connect(dburl, function (err, db) {
  381. var collection = db.collection("users").findOne({
  382. username: encrypt(req.body.username)
  383. }, function (err, user) {
  384. if (!user) {
  385. res.send("invalid username or password ")
  386. } else {
  387. var password = decrypt(user.password)
  388. if (req.body.password === password) {
  389. req.session.anvandare = encrypt(req.body.username);
  390. res.redirect('/customer/' + req.body.username);
  391. res.end()
  392. } else {
  393. res.send("invalid username or password")
  394. }
  395. }
  396. });
  397.  
  398. });
  399. });
  400.  
  401. app.get('/logout', function (req, res) {
  402.  
  403. req.session.destroy(function (err) {
  404. res.redirect('/login')
  405. })
  406. });
  407.  
  408.  
  409.  
  410.  
  411.  
  412.  
  413.  
  414. //produkter
  415.  
  416.  
  417.  
  418.  
  419.  
  420.  
  421. app.listen(80, () => console.log('Listening to port 80!'))
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!