306 lines
No EOL
9.5 KiB
JavaScript
306 lines
No EOL
9.5 KiB
JavaScript
// server.js
|
|
require('dotenv').config();
|
|
|
|
const fs = require('fs');
|
|
const fsp = require('fs/promises');
|
|
const path = require('path');
|
|
const jsonServer = require('json-server');
|
|
const jwt = require('jsonwebtoken');
|
|
const bcrypt = require('bcrypt');
|
|
|
|
const scanPhoto = require('./scanner/scanPhoto.js');
|
|
const { WEB_ROOT, INDEX_PATH } = require('./config');
|
|
|
|
const SECRET_KEY = process.env.JWT_SECRET || '123456789';
|
|
const EXPIRES_IN = process.env.JWT_EXPIRES || '1h';
|
|
const PORT = process.env.SERVER_PORT || 4000;
|
|
|
|
const server = jsonServer.create();
|
|
|
|
// -----------------------------------------------------
|
|
// STATIC FILES
|
|
// -----------------------------------------------------
|
|
server.use(
|
|
jsonServer.defaults({
|
|
static: path.join(__dirname, '../public'),
|
|
})
|
|
);
|
|
|
|
// -----------------------------------------------------
|
|
// CONFIG ENDPOINT (PUBBLICO)
|
|
// -----------------------------------------------------
|
|
server.get('/config', (req, res) => {
|
|
res.json({
|
|
baseUrl: process.env.BASE_URL,
|
|
pathFull: process.env.PATH_FULL,
|
|
});
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// ROUTER DB
|
|
// -----------------------------------------------------
|
|
let router;
|
|
if (fs.existsSync('./api_v1/db.json')) {
|
|
router = jsonServer.router('./api_v1/db.json');
|
|
} else {
|
|
const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
|
|
fs.writeFileSync('api_v1/db.json', initialData);
|
|
router = jsonServer.router('./api_v1/db.json');
|
|
}
|
|
|
|
// -----------------------------------------------------
|
|
// USERS DB
|
|
// -----------------------------------------------------
|
|
const userdb = JSON.parse(fs.readFileSync('./api_v1/users.json', 'utf-8'));
|
|
server.use(jsonServer.bodyParser);
|
|
|
|
// -----------------------------------------------------
|
|
// JWT HELPERS
|
|
// -----------------------------------------------------
|
|
function createToken(payload) {
|
|
return jwt.sign(payload, SECRET_KEY, { expiresIn: EXPIRES_IN });
|
|
}
|
|
|
|
const denylist = new Map();
|
|
|
|
function addToDenylist(token) {
|
|
try {
|
|
const decoded = jwt.decode(token);
|
|
const exp = decoded?.exp || Math.floor(Date.now() / 1000) + 60;
|
|
denylist.set(token, exp);
|
|
} catch {
|
|
denylist.set(token, Math.floor(Date.now() / 1000) + 60);
|
|
}
|
|
}
|
|
|
|
function isRevoked(token) {
|
|
const exp = denylist.get(token);
|
|
if (!exp) return false;
|
|
if (exp * 1000 < Date.now()) {
|
|
denylist.delete(token);
|
|
return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
function verifyToken(token) {
|
|
return jwt.verify(token, SECRET_KEY);
|
|
}
|
|
|
|
function isAuthenticated({ email, password }) {
|
|
return (
|
|
userdb.users.findIndex(
|
|
(user) => user.email === email && bcrypt.compareSync(password, user.password)
|
|
) !== -1
|
|
);
|
|
}
|
|
|
|
// -----------------------------------------------------
|
|
// RESET DB (utility interna usata da /initDB)
|
|
// -----------------------------------------------------
|
|
function resetDB() {
|
|
const initialData = fs.readFileSync('api_v1/initialDB.json', 'utf8');
|
|
fs.writeFileSync('api_v1/db.json', initialData);
|
|
router.db.setState(JSON.parse(initialData));
|
|
console.log('DB resettato');
|
|
}
|
|
|
|
// -----------------------------------------------------
|
|
// HOME
|
|
// -----------------------------------------------------
|
|
server.get('/', (req, res) => {
|
|
res.sendFile(path.resolve('public/index.html'));
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// LOGIN (PUBBLICO)
|
|
// -----------------------------------------------------
|
|
server.post('/auth/login', (req, res) => {
|
|
const { email, password } = req.body;
|
|
const user = userdb.users.find((u) => u.email === email);
|
|
|
|
if (!user || !bcrypt.compareSync(password, user.password)) {
|
|
return res.status(401).json({ status: 401, message: 'Incorrect email or password' });
|
|
}
|
|
|
|
const token = createToken({
|
|
id: user.id,
|
|
email: user.email,
|
|
name: user.name,
|
|
});
|
|
|
|
res.status(200).json({
|
|
token,
|
|
name: user.name,
|
|
});
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// LOGOUT
|
|
// -----------------------------------------------------
|
|
server.post('/auth/logout', (req, res) => {
|
|
const auth = req.headers.authorization || '';
|
|
const [scheme, token] = auth.split(' ');
|
|
if (scheme === 'Bearer' && token) {
|
|
addToDenylist(token);
|
|
}
|
|
return res.status(204).end();
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// JWT MIDDLEWARE (tutte le rotte tranne /auth/*)
|
|
// -----------------------------------------------------
|
|
server.use(/^(?!\/auth).*$/, (req, res, next) => {
|
|
const auth = req.headers.authorization || '';
|
|
const [scheme, token] = auth.split(' ');
|
|
|
|
if (scheme !== 'Bearer' || !token) {
|
|
return res.status(401).json({ status: 401, message: 'Bad authorization header' });
|
|
}
|
|
if (isRevoked(token)) {
|
|
return res.status(401).json({ status: 401, message: 'Token revoked' });
|
|
}
|
|
|
|
try {
|
|
const decoded = verifyToken(token);
|
|
req.user = decoded;
|
|
next();
|
|
} catch (err) {
|
|
return res
|
|
.status(401)
|
|
.json({ status: 401, message: 'Error: access_token is not valid' });
|
|
}
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// FILTRO AUTOMATICO PER USER (GET)
|
|
// - Non-Admin: forzo user=[<nome>, 'Common'] così vedono anche la Common
|
|
// - Admin: vede tutto senza forzature
|
|
// -----------------------------------------------------
|
|
server.use((req, res, next) => {
|
|
if (req.method === 'GET' && req.user && req.user.name !== 'Admin') {
|
|
const u = req.user.name;
|
|
const q = req.query.user;
|
|
const base = q ? (Array.isArray(q) ? q : [q]) : [];
|
|
req.query.user = Array.from(new Set([...base, u, 'Common']));
|
|
}
|
|
next();
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// SCAN FOTO
|
|
// - Admin: scansiona tutti gli utenti + Common
|
|
// - Non-Admin: scansiona solo la propria area (NO Common)
|
|
// -----------------------------------------------------
|
|
server.get('/scan', async (req, res) => {
|
|
try {
|
|
if (req.user && req.user.name === 'Admin') {
|
|
await scanPhoto(undefined, 'Admin');
|
|
return res.send({
|
|
status: 'Scansione completata',
|
|
user: 'Admin',
|
|
scope: 'tutti gli utenti + Common',
|
|
});
|
|
}
|
|
|
|
// Non-Admin → solo la sua area (niente Common)
|
|
await scanPhoto(undefined, req.user.name);
|
|
res.send({
|
|
status: 'Scansione completata',
|
|
user: req.user.name,
|
|
scope: 'utente corrente',
|
|
});
|
|
} catch (err) {
|
|
console.error('Errore scan:', err);
|
|
res.status(500).json({ error: 'Errore durante lo scan', details: err.message });
|
|
}
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// FILE STATICI
|
|
// -----------------------------------------------------
|
|
server.get('/files', (req, res) => {
|
|
const requested = req.query.file || '';
|
|
const publicDir = path.resolve(path.join(__dirname, '../public'));
|
|
const resolved = path.resolve(publicDir, requested);
|
|
|
|
if (!resolved.startsWith(publicDir)) {
|
|
return res.status(400).json({ error: 'Invalid path' });
|
|
}
|
|
if (!fs.existsSync(resolved) || fs.statSync(resolved).isDirectory()) {
|
|
return res.status(404).json({ error: 'Not found' });
|
|
}
|
|
res.sendFile(resolved);
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// RESET DB MANUALE + rimozione index.json
|
|
// -----------------------------------------------------
|
|
server.get('/initDB', async (req, res) => {
|
|
try {
|
|
resetDB();
|
|
|
|
// <root>/public/photos/index.json (coerente con indexStore.js)
|
|
const absIndexPath = path.resolve(__dirname, '..', WEB_ROOT, INDEX_PATH);
|
|
|
|
try {
|
|
await fsp.unlink(absIndexPath);
|
|
console.log('initDB: index.json rimosso ->', absIndexPath);
|
|
} catch (err) {
|
|
if (err && err.code === 'ENOENT') {
|
|
console.log('initDB: index.json non trovato, niente da cancellare:', absIndexPath);
|
|
} else {
|
|
console.error('initDB: errore cancellando index.json:', err);
|
|
}
|
|
}
|
|
|
|
res.json({ status: 'DB resettato', indexRemoved: true, indexPath: absIndexPath });
|
|
} catch (err) {
|
|
console.error('initDB: errore generale:', err);
|
|
res.status(500).json({ status: 'errore', message: err.message });
|
|
}
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// UPSERT anti-duplicato per /photos (prima del router)
|
|
// Se id esiste -> aggiorna; altrimenti crea
|
|
// -----------------------------------------------------
|
|
server.post('/photos', (req, res, next) => {
|
|
try {
|
|
const id = req.body && req.body.id;
|
|
if (!id) return next();
|
|
|
|
const db = router.db; // lowdb instance
|
|
const col = db.get('photos');
|
|
const existing = col.find({ id }).value();
|
|
|
|
if (existing) {
|
|
col.find({ id }).assign(req.body).write();
|
|
return res.status(200).json(req.body);
|
|
}
|
|
return next(); // non esiste: crea con il router
|
|
} catch (e) {
|
|
console.error('UPSERT /photos error:', e);
|
|
return res.status(500).json({ error: 'upsert failed' });
|
|
}
|
|
});
|
|
|
|
// -----------------------------------------------------
|
|
// ROUTER JSON-SERVER
|
|
// -----------------------------------------------------
|
|
server.use(router);
|
|
|
|
// -----------------------------------------------------
|
|
// START SERVER
|
|
// -----------------------------------------------------
|
|
server.listen(PORT, () => {
|
|
console.log(`Auth API server running on port ${PORT} ...`);
|
|
});
|
|
|
|
// Pulizia denylist
|
|
setInterval(() => {
|
|
const nowSec = Math.floor(Date.now() / 1000);
|
|
for (const [tok, exp] of denylist.entries()) {
|
|
if (exp < nowSec) denylist.delete(tok);
|
|
}
|
|
}, 60 * 1000); |