Merge pull request #64 from neonexus/master

Started build out of workable user management...

Author: neonexus

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [v3.1.0](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.0.3...v3.1.0) (2022-09-05)
+
+### Features
+
+* Built start of new user management page, mostly for proof-of-concept purposes.
+* Built "semi-smart" pagination front-end components. More tweaks are required.
+
 ## [v3.0.3](https://github.com/neonexus/sails-react-bootstrap-webpack/compare/v3.0.2...v3.0.3) (2022-08-18)
 
 ### Features

Dockerfile

@@ -6,6 +6,7 @@ RUN apt-get install -y curl ntp nano
 RUN mkdir /var/www && mkdir /var/www/myapp
 WORKDIR /var/www/myapp
 
+# If you change the exposed port, you need to also change the environment variable PORT below to the same port, or nothing will work
 EXPOSE 1337
 # REMEMBER! NEVER STORE SECRETS, DEK's, PASSWORDS, OR ANYTHING OF A SENSITIVE NATURE IN SOURCE CONTROL (INCLUDING THIS FILE)! USE ENVIRONMENT VARIABLES!
 ENV PORT=1337 DB_HOSTNAME=dockerdb DB_USERNAME=dockeruser DB_PASSWORD=dockerpass DB_NAME=docker DB_PORT=3306 DB_SSL=true DATA_ENCRYPTION_KEY=1234abcd4321asdf0987lkjh SESSION_SECRET=0987poiuqwer1234zxcvmnbv
@@ -14,9 +15,16 @@ ENV PORT=1337 DB_HOSTNAME=dockerdb DB_USERNAME=dockeruser DB_PASSWORD=dockerpass
 COPY package.json /var/www/myapp/package.json
 RUN npm install
 
-COPY . /var/www/myapp/
+# More caching help
+COPY ./* /var/www/myapp/
+COPY config /var/www/myapp/config
+COPY assets /var/www/myapp/assets
+COPY webpack /var/www/myapp/webpack
 RUN npm run build
 
+# Copy the reset of the app
+COPY . /var/www/myapp/
+
 # Expose the compiled public assets, so Nginx can route to them, instead of using Sails to do the file serving.
 VOLUME /var/www/myapp/.tmp/public
 

api/controllers/admin/create-user.js

@@ -18,7 +18,6 @@ module.exports = {
 
         password: {
             type: 'string',
-            required: true,
             maxLength: 70
         },
 
@@ -36,6 +35,11 @@ module.exports = {
                 'user',
                 'admin'
             ]
+        },
+
+        setPassword: {
+            type: 'boolean',
+            defaultsTo: true
         }
     },
 
@@ -52,10 +56,18 @@ module.exports = {
     },
 
     fn: async (inputs, exits) => {
-        const isPasswordValid = sails.helpers.isPasswordValid.with({
-            password: inputs.password,
-            user: {firstName: inputs.firstName, lastName: inputs.lastName, email: inputs.email}
-        });
+        let password = inputs.password;
+        let isPasswordValid;
+
+        if (inputs.setPassword) {
+            isPasswordValid = sails.helpers.isPasswordValid.with({
+                password: inputs.password,
+                user: {firstName: inputs.firstName, lastName: inputs.lastName, email: inputs.email}
+            });
+        } else {
+            isPasswordValid = true;
+            password = sails.helpers.generateToken();
+        }
 
         if (isPasswordValid !== true) {
             return exits.badRequest(isPasswordValid);
@@ -71,7 +83,7 @@ module.exports = {
             id: 'c', // required, but auto-generated
             firstName: inputs.firstName,
             lastName: inputs.lastName,
-            password: inputs.password,
+            password,
             role: inputs.role,
             email: inputs.email
         }).meta({fetch: true}).exec((err, newUser) => {
@@ -81,6 +93,10 @@ module.exports = {
                 return exits.serverError(err);
             }
 
+            /**
+             * We should probably email the new user their new account info here if the password was generated (!inputs.setPassword)...
+             */
+
             return exits.ok({user: newUser});
         });
     }

api/controllers/admin/get-users.js

@@ -0,0 +1,55 @@
+module.exports = {
+    friendlyName: 'Get Users',
+
+    description: 'Get paginated list of users',
+
+    inputs: {
+        page: {
+            description: 'The page number to return',
+            type: 'number',
+            defaultsTo: 1,
+            min: 1
+        },
+
+        limit: {
+            description: 'The amount of users to return',
+            type: 'number',
+            defaultsTo: 25,
+            min: 10,
+            max: 500
+        }
+    },
+
+    exits: {
+        ok: {
+            responseType: 'ok'
+        },
+        badRequest: {
+            responseType: 'badRequest'
+        },
+        serverError: {
+            responseType: 'serverError'
+        }
+    },
+
+    fn: async (inputs, exits) => {
+        const pagination = sails.helpers.paginateForQuery.with({
+            limit: inputs.limit,
+            page: inputs.page
+        });
+
+        const users = await sails.models.user.find(_.omit(pagination, ['page']));
+
+        let out = await sails.helpers.paginateForJson.with({
+            model: sails.models.user,
+            query: pagination,
+            objToWrap: {users: []}
+        });
+
+        // We assign the users to the object afterward, so we can run our safety checks.
+        // Otherwise, if we were to put the users object into "objToWrap", they would be transformed, and the "customToJSON" feature would no longer work, and hashed passwords would leak.
+        out.users = users;
+
+        return exits.ok(out);
+    }
+};

api/helpers/create-log.js

@@ -30,9 +30,9 @@ module.exports = {
 
         const newLog = {
             data: inputs.data,
-            user: user,
-            account: account,
-            request: request,
+            user,
+            account,
+            request,
             description: inputs.description
         };
 

api/helpers/generate-token.js

@@ -23,7 +23,7 @@ module.exports = {
             crypto.createHmac('sha256', sails.config.session.secret).update(
                 crypto.randomBytes(21) // cryptographically-secure random characters
                 + moment(new Date()).format() // throw in the current time stamp
-                + 'I am a tea pot' // the best HTTP status code
+                + 'I\'m a tea pot' // the best HTTP status code
                 + inputs.extra // an optional way to add a bit more randomness to the mix
                 + crypto.randomBytes(21)
             ).digest('hex')

api/helpers/is-password-valid.js

@@ -26,7 +26,7 @@ module.exports = {
 
         if (inputs.password.length > 70) {
             // this 70-character limit is not arbitrary, it is the max size of MySQL utf8mb4 encoding
-            // (71 characters balloons past the 191 character limit of utf8mb4 varchar columns after hashing)
+            // (71 characters balloons past the 191-character limit of utf8mb4 varchar columns after hashing)
             errors.push('WOW. Password length is TOO good. Max is 70 characters. Sorry.');
         }
 

api/models/User.js

@@ -50,7 +50,7 @@ module.exports = {
             type: 'string',
             isEmail: true,
             required: true,
-            unique: true,
+            // unique: true, // can NOT be unique, if we are using soft-deleted users; controller must deal with uniqueness
             columnType: 'varchar(191)'
         },
 

api/responses/badRequest.js

@@ -9,7 +9,8 @@ module.exports = async function badRequest(msg) {
     const out = {
         success: false,
         errors: await sails.helpers.simplifyErrors(msg),
-        errorMessages: await sails.helpers.getErrorMessages(msg)
+        errorMessages: await sails.helpers.getErrorMessages(msg),
+        raw: msg
     };
 
     res.status(400).json(out);

api/responses/created.js

@@ -11,7 +11,7 @@ module.exports = async function created(data) {
     }
 
     data = sails.helpers.keepModelsSafe(data);
-    data = sails.helpers.setCookies(data, res);
+    data = sails.helpers.setOrRemoveCookies(data, res);
     data = await sails.helpers.updateCsrf(data, req);
 
     const out = _.merge({success: true}, data);