satori/kana
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

beta

Browse Source
This commit is contained in:
satori 2021-08-26 19:52:40 +08:00
parent f13a050ebe
commit 819919bc46
1 changed files with 157 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
index.js
View File

@ -2,22 +2,19 @@ import nedb from 'nedb'
import express from 'express'
import expressWs from 'express-ws'
import session from 'express-session'
import connect from 'connect-nedb-session'
import random from 'string-random'
import formidable from 'formidable'
import md5 from 'md5-node'
process.on('SIGINT', function() {
console.log('Got SIGINT. Press Control-D/Control-C to exit.');
process.exit(0);
});
console.log('Got SIGINT. Press Control-D/Control-C to exit.')
process.exit(0)
})
const app = expressWs(express()).app
const NedbStore = connect(session)
const databases = new Map() // 所有数据库
const wsstores = new Map() // 所有 websocket 连接
// 数据: 自动构建 db 列表 或自动载入所有库
const databases = new Map()
const db = (name) => (databases.get(name) || function(){
let database = new nedb({filename:`./data/db/${name}.db`,autoload:true,timestampData:true})
databases.set(name, database)
@ -25,7 +22,6 @@ const db = (name) => (databases.get(name) || function(){
}())
// 通道: 自动构建 ws 列表
const wsstores = new Map()
const wsstore = name => (wsstores.get(name) || function() {
let list = new Map()
wsstores.set(name, list)
@ -34,156 +30,64 @@ const wsstore = name => (wsstores.get(name) || function() {
// 组件: 要求登录 (普通成员路由参数附上uid以分离权限)
const online = function(req, res, next) {
if (req.session.account) return res.status(401).send('未登录')
if (!req.session.account) return res.status(401).send('未登录')
if (req.session.account.gid != 1) req.params.uid = req.session.account.uid
next()
}
// 组件: 管理权限
const admin = function(req, res, next) {
req.session.account.gid === 1 ? next() : res.status(403).send('没有权限')
}
// 组件: 移除输入非法信息 (但管理员允许输入)
const remove = function(req, res, next) {
if (req.session.account.gid != 1) {
let {_id, uid, createdAt, updatedAt, views, posts, likes, ...body} = req.body
req.body = body
const SessionStore = function (session) {
function NedbStore(options, cb) {
var callback = cb || function () {};
this.db = db('session');
this.db.loadDatabase(callback);
}
next()
}
NedbStore.prototype.__proto__ = session.Store.prototype;
NedbStore.prototype.get = function (sid, callback) {
this.db.findOne({ sid: sid }, function (err, sess) {
if (err) { return callback(err); }
if (!sess) { return callback(null, null); }
// 组件: 从缓存载入数据
// 组件: 移除输出敏感信息
return callback(null, sess.data);
});
};
NedbStore.prototype.set = function (sid, data, callback) {
this.db.update({ sid: sid }, { sid: sid, data: data }, { multi: false, upsert: true }, function (err) {
return callback(err);
});
};
NedbStore.prototype.destroy = function (sid, callback) {
this.db.remove({ sid: sid }, { multi: false }, function (err) {
return callback(err);
});
};
return NedbStore;
};
const session_store = new NedbStore({filename: './data/db/session.db'})
app.use(express.json())
app.use(express.urlencoded({ extended: false }))
app.use(session({
secret: 'keyboard cat',
name:'sid',
resave: false,
saveUninitialized: false,
cookie: { maxAge: 180 * 24 * 3600000 },
store: session_store,
}))
// 只允许管理权限访问
app.use('/session', online, admin)
app.use('/account', online, admin)
app.use('/message', online, admin)
app.use('/attach', online, admin)
app.use('/like', online, admin)
app.use('/data/file/', express.static('data/file'))
const session_store = new (SessionStore(session))
// 列表计量
const count_load = async function(name, query) {
await new Promise(resolve => db(name).count(query, (err, count) => resolve(count)))
}
const count_load = async (name, query) => await new Promise(resolve => db(name).count(query, (err, count) => resolve(count)))
// 条件查询
const list_load = async function(name, query) {
await new Promise(resolve => db(name).find(query, function(err, docs) {
let list = []
for (let doc of docs) list.push({_id: doc.id})
resolve(list)
}))
}
const list_load = async (name, query) => await new Promise(resolve => db(name).find(query, function(err, docs) {
return resolve(docs.Map((item, index) => Object.assign({}, {_id: item.id})))
}))
// 账户: 账户列表
app.route('/account').get(online, function(req, res, next) {
// 账户列表 (列出所有账户并允许条件查询, 但移除敏感数据)
db('account').find({}, function(err, docs) {
res.json(docs)
})
}).post(remove, online, async function(req,res, next) {
let {salt, password, email, code, gid, ...account} = req.body
if (password) {
account.salt = random(32)
account.password = md5(password + account.salt)
}
if (!account.name) account.name = random(12) // 允许用户名登录则不可重复
if (!account.avatar) account.avatar = '' // default avatar
if (await count_load('account', {}) === 0) account.gid = 1 // 第一个用户默认是管理员
db('account').insert(account, function(err, doc) { // 注册账户
doc ? res.json(doc) : res.status(400).send('创建失败')
})
}).patch(online, function(req, res, next) {
// 修改当前账户
}).delete(online, function(req, res, next) {
// 注销当前账户 (将逐步删除所有库中此uid的数据)
if (req.session.account.gid === 1 && await count_load('account', {gid: 1}) === 1) {
return res.status(400).send('不可以删除唯一的管理员账户')
}
// TODO: 注意需要清空所有库中此uid的记录
})
const user_load = async (_id) => await new Promise(resolve => accounts.findOne({_id}, function(err, doc) {
if (!doc) return resolve(doc)
let { salt, password, mobile, email, ...user } = doc
return resolve(user)
}))
// 账户: 账户实体
app.route('/account/:id').get(function(req, res, next) {
db('account').findOne({_id: req.params.id}, function(err, doc) {
if (!doc) return res.status(404).send('账户不存在')
if (req.session?.account?.uid != doc._id && req.session?.account?.gid != 1) {
delete doc.email
delete doc.mobile
}
delete doc.salt
delete doc.password
res.json(doc)
})
}).delete(online, admin, function(req, res, next) {
if (req.session.account.gid !== 1 && req.session.account.uid !== req.params.id) {
return res.status(400).send('没有权限删除此账户')
}
if (await count_load('account', {_id: req.params.id, gid: 1}) === 1) {
return res.status(400).send('不可以删除唯一的管理员账户')
}
db('account').remove({_id: req.params.id}, function(err, count) {
count ? res.send('删除成功') : res.status(500).send('删除失败')
})
// TODO: 管理员删除指定账户
// TODO: 注意需要清空所有库中此uid的记录
})
// 会话: 会话列表
app.route('/session').get(function(req, res, next) {
// TODO: 读取会话列表 (当前有多少设备建立了多少会话)
// TODO: (管理员列出所有会话, 普通成员只列出自己的会话)
res.json(session_store.db.data)
}).post(function(req, res, next) { // 创建登录会话 (sign in)
db('account').findOne({name: account.name}, function(err, doc) {
if (!doc) return res.status(400).send('账户不存在')
if (md5(doc.salt + password) != doc.password) return res.status(400).send('密码错误')
req.session.regenerate(function(err) {
req.session.account = { uid: doc._id, gid:doc.gid ?? 0 }
let { salt, password, ...user} = doc
res.json(user)
})
})
}).delete(function(req, res, next) { // 注销当前登录会话 (sign out)
req.session.destroy(function(err) {
err ? res.status(500).send('错误') : res.json({message:"exit"})
})
})
// 会话: 会话实体
app.route('/session/:id').get(function(req, res, next) {
// 获得指定会话信息
}).delete(function(req, res, next) {
// 注销指定会话
})
// 对象: 对象列表
app.route('/:name').get(async function(req, res, next) {
if (req.query.tid) req.query.tid = Number(req.query.tid) // 某些查询参数需要转换类型(暂时)
if (req.query.top) req.query.top = Number(req.query.top) // 某些查询参数需要转换类型(暂时)
const ListView = async function(req, res, next) {
if (req.query.tid) req.query.tid = Number(req.query.tid) // 某些查询参数需要转换类型
if (req.query.top) req.query.top = Number(req.query.top) // 某些查询参数需要转换类型
if (req.query.uid || req.query.uid !== req.session?.account?.uid) {
req.query.public = true // 如果查询条件限定为自己的, 则不用限制范围到公开的
}
let { pagesize, page, like, ...query } = req.query
let { pagesize, page, like, post, ...query } = req.query
pagesize = Number(pagesize) || 20
let skip = ((Number(page) || 1) - 1) * pagesize
// 基于登录状态的查询, 查询点赞过的, 查询评论过的
if (req.session?.account?.uid) {
if (like) query.$or = await list_load('like',{name:req.params.name, uid:req.session.account.uid})
@ -193,18 +97,21 @@ app.route('/:name').get(async function(req, res, next) {
for (let item of docs) {
item.posts = await count_load('post', {name:req.params.name, id:item._id}) // 附加评论数量
item.likes = await count_load('like', {name:req.params.name, id:item._id}) // 附加点赞数量
if (user) item.user = await user_load(item.uid) // 附加用户信息
}
if (!req.params.name) {
docs.forEach(async item => {
let { salt, password, mobile, email, ...user } = item
item = user
})
}
if (req.params.user && item.uid && req.params.name !== 'user') docs.forEach(async item => {
item.user = await user_load(item.uid)
})
res.json(docs)
})
}).post(remove, online, function(req, res, next) {
db(req.params.name).insert({public:true, ...req.body}, function(err, doc) {
doc ? res.json(doc) : res.status(500).send('发布失败')
})
})
}
// 对象: 对象实体
app.route('/:name/:_id').get(function(req, res, next) {
const OneView = async function(req, res, next) {
db(req.params.name).findOne({_id: req.params._id}, async function(err, doc) {
if (err || !doc) return res.status(404).send('目标资源不存在')
if (!doc.public && doc.uid !== req.session?.account?.uid) {
@ -214,53 +121,119 @@ app.route('/:name/:_id').get(function(req, res, next) {
if (req.query.user) doc.user = await user_load(doc.uid)
res.send(doc)
})
}).put(remove, online, function(req, res, next) {
// TODO: 重写对象
}).patch(remove, online, function(req, res, next) {
// TODO: 修改对象
}).delete(remove, online, function(req, res, next) {
// TODO: 先移除依赖数据 like post...
let {name, ...query} = req.params
db(name).remove(query, function(err, count) {
count ? res.json({message:'ok'}) : res.status(403).send('没有权限操作')
// TODO: 当对象被删除时通过此连接通知所有在线终端
}
const object_create = async function(req, res, next) {
if (req.session?.account?.gid != 1) {
delete req.body._id // 普通用户禁止设置
delete req.body.uid // 普通用户禁止设置
delete req.body.top // 普通用户禁止设置
delete req.body.user // 普通用户禁止设置
delete req.body.createdAt // 普通用户禁止设置
delete req.body.updatedAt // 普通用户禁止设置
delete req.body.views // 普通用户禁止设置
delete req.body.posts // 普通用户禁止设置
delete req.body.likes // 普通用户禁止设置
delete req.body.files // 普通用户禁止设置
}
if (!req.params.name) {
req.body.name = req.body.name || random(12) // 默认用户名
req.body.avatar = req.body.avatar || '' // 默认用户头像
req.body.gid = (await count_load('user', {})) ? 0 : 1 // 默认是管理员为首个注册用户
req.body.salt = random(32) // 密码加盐
req.body.password = md5(req.body.password + req.body.salt) // 必要设置密码
req.body.public = true // 默认公开
} else if (req.session?.account?.uid) {
req.body.uid = req.session.account.uid // 为发表对象附上作者ID
req.body.public = true // 默认公开
}
db(req.params.name ?? 'user').insert(req.body, function(err, doc) {
doc ? res.json(doc) : res.status(500).send('创建失败')
})
}
const session_list = (req, res) => session_store.db.find({ "data.account.uid": req.session.account.uid }, function(err, docs) {
err ? res.status(500).send('错误') : res.json(docs)
})
const session_create = (req, res) => db('user').findOne({name: req.body.name}, function(err, doc) {
if (!doc) return res.status(400).send('账户不存在')
if (md5(req.body.password + doc.salt) !== doc.password) return res.status(400).send('密码错误')
req.session.regenerate(function(err) {
req.session.account = { uid: doc._id, gid: doc.gid ?? 0 }
let { salt, password, ...user} = doc
res.json(user)
})
})
// 对象: 子级对象列表
app.route('/:name/:id/:child').get(function(req, res, next) {
db(req.params.child).find({name:req.params.name, id:req.params.id}, function(err, docs) {
res.json(docs)
})
}).post(function(req, res, next) {
formidable({
multiples: true,
uploadDir: 'data/file',
keepExtensions: true,
maxFieldsSize: 200 * 1024 * 1024
}).parse(req, function(err, fields, files) {
const session_delete_self = (req, res) => req.session.destroy(function(err) {
err ? res.status(500).send('错误') : res.send('退出登录')
})
// TODO: 必须是自己的 UID
const session_delete = (req, res) => req.sessionStore.destroy(req.params.sid, function(err) {
err ? res.status(500).send('错误') : res.send('退出登录')
})
const home = (req, res) => res.send(`<DOCTYPE html><p> Hello World</p>`)
const files_delete = (req, res) => res.status(400).send('拒绝操作')
const files_upload = (req, res) => {
formidable({ multiples: true, uploadDir: 'data/file', keepExtensions: true, maxFieldsSize: 200 * 1024 * 1024 }).parse(req, function(err, fields, files) {
let list = []
for (let key in files) {
let arr = Array.isArray(files[key]) ? files[key] : [files[key]]
arr.forEach(({size, path, name, type}) => list.push({size, path, name, type}))
}
db(req.params.name).update({_id:req.params.id}, {$addToSet: {file:list}}, {}, function (err, count, docs) {
console.log(count, docs)
res.send('ok')
db(req.params.name).update({_id:req.params._id}, {$addToSet: {file:list}}, {}, function (err, count, docs) {
if (!count) return res.status(404).send('目标挂载对象不存在')
res.send(docs)
})
})
})
}
// 对象: 子级对象实体
app.route('/:name/:id/:child/:_id').get(function(req, res, next) {
db(req.params.child).findOne({name:req.params.name, id:req.params.id}, function(err, doc) {
doc ? res.json(doc) : res.status(404).send('对象不存在')
const object_remove = async function(req, res, next) {
// TODO: 账户操作 会话操作 收藏操作
if (!req.params.name) {
if (req.session.account.gid !== 1 && req.session.account.uid !== req.params.id) {
return res.status(400).send('没有权限删除此账户')
}
if (await count_load('account', {_id: req.params.id, gid: 1}) === 1) {
return res.status(400).send('不可以删除唯一的管理员账户')
}
}
// TODO: 先移除依赖数据 like post...
let {name, ...query} = req.params
db(name).remove(query, function(err, count) {
count ? res.send('删除成功') : res.status(403).send('删除失败')
// TODO: 当对象被删除时通过此连接通知所有在线终端
})
}).delete(online, function(req, res, nuxt) {
let { child, query } = req.params
db.name(child).remove(query, function(err, count) {
count ? res.json('delete ok') : res.status(400).send('拒绝操作')
}
// app.use('/like', online, admin)
// app.use('/data/file/', express.static('data/file'))
const profile = function(req, res) {
return db('user').findOne({_id: req.session.account.uid}, function(err, doc) {
if (err) return res.status(401).send('尚未登录')
delete doc.salt
delete doc.password
return res.json(doc)
})
})
}
app.use(express.json())
app.use(express.urlencoded({ extended: false }))
app.use(session({secret: 'shizukana', name:'sid', resave: false, saveUninitialized: false, cookie: { maxAge: 180 * 24 * 3600000 }, store: session_store}))
app.route('/').get(home)
app.route('/user').post(object_create)
app.route('/account').get(online, profile)
app.route('/session').get(online, session_list).post(session_create).delete(online, session_delete_self)
app.route('/session/:sid').delete(online, session_delete) // 会话
app.route('/:name').get(ListView).post(online, object_create) // 列表
app.route('/:name/:_id').get(OneView).put().patch().delete(online, object_remove) // 对象
app.route('/:name/:_id/files').post(online, files_upload)
app.route('/:name/:_id/files/:id').delete(online, files_delete)
app.listen(2333)