-
Notifications
You must be signed in to change notification settings - Fork 2
/
cloud.js
290 lines (260 loc) · 8.12 KB
/
cloud.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
const User = Parse.Object.extend('User');
const Post = Parse.Object.extend('Post');
const Comment = Parse.Object.extend('Comment');
const Message = Parse.Object.extend('Message');
const ALog = Parse.Object.extend('ALog');
const { upyun, bucket, service } = require('./upyun')
const { getConfig , mail } = require('./mail')
const shortId = require('shortid')
const url = process.env.PRODUCTION_URL;
async function noticeUser(from, to, type, meta){
let msg = new Message()
let acl = new Parse.ACL()
acl.setPublicWriteAccess(false)
acl.setPublicReadAccess(false)
acl.setReadAccess(to, true)
acl.setWriteAccess(to, true)
msg.set('from', from)
msg.set('to', to)
msg.set('type', type)
msg.set('read', false)
msg.set(type, meta)
msg.setACL(acl)
return await msg.save()
}
Parse.Cloud.define("img_sign", async function (req) {
return upyun.sign.getHeaderSign(bucket, req.params.method, req.params.path)
});
Parse.Cloud.define("view_post", async function (req) {
let id = req.params.id;
let query = new Parse.Query(Post)
query.equalTo('objectId', id)
let post = await query.first({useMasterKey: true})
if (!post) return null
const view = post.get('view') + 1
post.set('view', view)
await post.save(null, { useMasterKey: true})
return post
});
Parse.Cloud.define("post_comment", async function (req) {
let {post_id, comment_id} = req.params
let from_user_id = req.user.id
let query = new Parse.Query(Post)
query.equalTo('objectId', post_id)
let post = await query.first({useMasterKey: true})
if (!post) return null
let comment = new Comment()
comment.id = comment_id
comment = await comment.fetch()
post.add('comments', comment)
post.set('lastupdate', new Date())
console.log(post.get('author').id);
let from = User.createWithoutData(from_user_id)
let to = post.get('author')
await noticeUser(from, to, 'comment', {
title: post.get('title'),
post_id: post.id,
comment: comment.get('text')
})
await post.save(null, { useMasterKey: true})
return post
});
Parse.Cloud.define("del_comment", async function (req) {
let {post_id, comment_id} = req.params
let user_id = req.user.id
let query = new Parse.Query(Post)
let isAdmin = await check_admin(user_id)
query.equalTo('objectId', post_id)
let post = await query.first({useMasterKey: true})
if (!post) return null
let comment = new Parse.Query(Comment)
comment.equalTo('objectId', comment_id)
comment = await comment.first()
console.log(comment);
if (comment.get('author').id != user_id || !isAdmin) {
return '';
}
console.log(comment);
post.remove('comments', comment)
await post.save(null, { useMasterKey: true})
return post
});
Parse.Cloud.define("check_admin", async function (req) {
let id = req.user.id;
if (!id) {
return ''
}
const query = new Parse.Query(Parse.Role)
const user = new Parse.Query(Parse.User)
query.equalTo('name', 'Administrator')
user.equalTo('objectId', id)
query.matchesQuery('users', user)
return await query.find({useMasterKey: true})
});
async function check_admin(id) {
const query = new Parse.Query(Parse.Role)
const user = new Parse.Query(Parse.User)
query.equalTo('name', 'Administrator')
user.equalTo('objectId', id)
query.matchesQuery('users', user)
return (await query.find({useMasterKey: true})).length > 0
}
Parse.Cloud.define("del_post_comments", async function (req) {
let id = req.user.id;
let post_id = req.params.id;
let isAdmin = check_admin(id)
const query = new Parse.Query(Post)
query.equalTo('objectId', post_id)
query.include('comments')
query.include('author')
let post = await query.first()
if (post.get('author').id != id && !isAdmin) {
const log = new ALog()
log.set('level', 3)
log.set('user_id', id)
log.set('msg', `疑似被攻击, 用户Id为 ${id} 的正在请求他无权删除的东西`)
await log.save()
return "no permition"
}
if (post && post.get('comments')) {
return await Promise.all(post.get('comments').map(c => c.destroy({ useMasterKey: true })))
}
return 'no post'
});
Parse.Cloud.define('check_username', async (req) => {
const username = req.params.username
if (!username) {
return {
canUse: false
}
}
const query = new Parse.Query(User);
query.equalTo("username", username);
let user = await query.first({useMasterKey: true})
if (user) {
return {
canUse: false
}
}
return {
canUse: true
}
})
Parse.Cloud.beforeDelete("Post", async function (request) {
const id = request.user.id
const post = request.object
let isAdmin = check_admin(id)
const log = new ALog()
log.set('level', 1)
log.set('user_id', id)
log.set('admin', isAdmin ? true : false)
log.set('msg', `用户Id为 ${id} 删除了文章`)
log.set('title', post.get('title'))
log.set('text', post.get('text'))
await log.save()
});
Parse.Cloud.beforeFind("User", async function (request) {
const user = request.object
const avatar = user.get('avatar')
user.set('avatar', 'http://52yaoyao.test.upcdn.net' + avatar)
return user
});
async function newToken(user) {
const token = shortId.generate()
user.set("verifyToken", token);
await user.save(null, {useMasterKey: true})
return token
}
async function findUserById(id) {
const q = new Parse.Query(User)
q.equalTo('objectId', id)
return await q.first({ useMasterKey: true })
}
async function findUserByEmail(email) {
const q = new Parse.Query(User)
q.equalTo("email", email);
return await q.first({ useMasterKey: true })
}
Parse.Cloud.define("send_register", async function(req) {
const {id, email} = req.params
let user = null
if (id) {
user = await findUserById(id)
}else {
user = await findUserByEmail(email);
}
if (!user) {
throw new Parse.Error(101, "没有该用户");
}
const token = await newToken(user)
try {
const ret = await mail.sendMail(getConfig(user.get("email"), "激活账号邮件", "register", {
link: url + '/hooks/register?token=' + token + '&user=' + user.id
}));
return 'success'
} catch (error) {
return error
}
});
Parse.Cloud.define("send_password", async function(req) {
const { id, email} = req.params
let user = null
if (id) {
user = await findUserById(id)
} else {
user = await findUserByEmail(email);
}
if (!user) {
throw new Parse.Error(101, "没有该用户");
}
const token = await newToken(user)
try {
return mail.sendMail(getConfig(user.get("email"), "找回密码邮件", "password", {
link: url + '/hooks/password?token=' + token + '&user=' + user.id
}));
} catch (error) {
throw new Parse.Error(101, error);
}
});
Parse.Cloud.define("send_change", async function (req) {
const { id, email } = req.params;
let user = null
if (id) {
user = await findUserById(id)
} else {
user = await findUserByEmail(email);
}
if (!user) {
throw new Parse.Error(101, "没有该用户");
}
const token = await newToken(user)
try {
return mail.sendMail(getConfig(user.get("email"), "修改邮件地址邮件", "change", {
code: token
}));
} catch (error) {
throw new Parse.Error(101, error.toString());
}
});
Parse.Cloud.define("send_verify", async function(req) {
const { id, password, email, verify, token } = req.params;
const user = await findUserById(id);
if (!user) {
throw new Parse.Error(101, "没有该用户");
}
const private_token = user.get('verifyToken')
if (private_token != token) {
throw new Parse.Error(101, "token 不匹配");
}
if (password) {
user.setPassword(password)
}
if (email) {
user.setEmail(email)
}
if (verify) {
user.set("emailVerified", true);
}
await newToken(user);
return 'success'
});