cartRulesCheck : (req, res, next) => {
const token = jwt.verify(req.headers[`x-access-token`], `silverSecret`);
const userId = token._doc._id;
const order = req.params.orderId || req.params.cartId;
if (!token) {
const error = new Error(`Header x-access-token required`);
error.statusCode = 404;
next(error);
} else {
Order.findOne({ _id : order })
.then((orderFinded) => {
if (!orderFinded) {
const error = new Error(`Not Found`);
error.statusCode = 404;
next(error);
} else if (orderFinded.userId === userId) {
next()
} else {
const error = new Error(`Permission denied`);
error.statusCode = 403;
next(error)
}
})
.catch((error) => {
next(new Error(error))
})
}
}
module.exports = function (req, res) {
var token = req.cookies.surveyor;
if (!token) {
res.status(401).json({});
return;
}
var title = req.body.title;
var body = req.body.body;
var options = req.body.options;
crypto.verify(token).then(function (data) {
console.log('data', data);
}).then(function () {
return Survey.create({
title: title,
body: body,
options: options
});
}).then(function (results) {
console.log(results);
res.status(201).json({});
}).catch(function (error) {
console.log(error);
res.status(400).json({});
});
};
this.verify = function (data, optionalReporterOverride) {
var reporter = approvalsExtras.getCurrentReporter(optionalReporterOverride);
var writer = new StringWriter(options, data);
FileApprover.verify(namer, writer, reporter);
};
it('Should verify the packaged zxp', function (done) {
zxpSignCmd.verify(verifyOptions, function (error, result) {
expect(error).to.be.a('null');
done();
});
});
it('Should add info to the verification', function (done) {
verifyOptions.info = true;
zxpSignCmd.verify(verifyOptions, function (error, result) {
expect(error).to.be.a('null');
done();
});
});
it('Should throw an error because no input is provided', function (done) {
verifyOptions.input = null;
zxpSignCmd.verify(verifyOptions, function (error, result) {
expect(error).to.be.an('error');
expect(result).to.be.a('undefined');
done();
});
});
app.get('/users/verify', function(req, res){
usersImpl.verify(req.query.token, function(err, data){
if(err == undefined){
routeUtils.respond(req, res, data);
}else{
routeUtils.respond(req, res, err);
}
});
});
function(done) {
//Verify the captcha
reCaptcha.verify(req.body.grecaptcha, function(response) {
if (!response) {
done(null);
} else {
done("Invalid captcha!");
}
});
},
ProfileController.prototype.verify = function(req, res){
var
email = req.body.email,
pw = req.body.pw;
profileObj.verify(email, pw, function(err, obj){
if(err){
utilObj.errResponse(res, err);
}else{
utilObj.objResponse(res, obj);
}
});
}
module.exports = function validateAuth(req, res, next) {
let token = req.headers.token;
if(!token) return next({code: 400, error: `No token provided.`});
tokenCheck.verify(token)
.then(user => {
req.user = user;
next();
})
.catch(() => {
return next({
code: 403,
error: `Invalid token.`
});
});
};
adminCheck : (req, res, next) => {
const token = jwt.verify(req.headers[`x-access-token`], `silverSecret`);
const userId = token._doc._id;
User.findOne({ _id : userId })
.then((user) => {
if (!user || user.rules !== `Admin`) {
const error = new Error(`Permission denied`);
error.statusCode = 403;
next(error)
} else {
next()
}
})
.catch((error) => {
next(new Error(error))
})
},
checkOwnCar : (req, res, next) => {
const token = jwt.verify(req.headers[`x-access-token`], `silverSecret`);
const userId = token._doc._id;
const stockId = req.body.stockId;
User.findOne({ _id : userId })
.then((user) => {
if (!user) {
const error = new Error(`Permission denied, car not Found`);
error.statusCode = 403;
next(error)
} else {
next()
}
})
.catch((error) => {
next(new Error(error))
})
},
wizard.validateInput(config, function(err, results){
if (err){
callback(err, null);
} else {
wizard.verify(config, function(err, results){
if(err){
callback(err, null);
} else {
wizard.configure(config, function(err, results){
if(err){
callback(err, null);
} else {
callback(null, results);
// Launch Gateway
}
});
}
});
}
});
processImages: (req, res, next) => {
// Ignore requests outside of the uploads folder
if(!req.path.match(/^\/uploads\//)) return next();
// Ignore requests where no query params exist
if(typeof req.query !== 'object' || Object.keys(req.query).length === 0) return next();
// Decode the path and get the mime type
let targetFile = Path.join(__basedir, decodeURI(req.path));
let mimeType = Mime.lookup(targetFile);
// Ignore all files that aren't supported raster images
if(!['image/gif', 'image/jpeg', 'image/png'].includes(mimeType)) return next();
// Is the URL signed?
if(!SignedUrl.verify(req.originalUrl, process.env.AUTH_SECRET)) {
return res.status(HttpCodes.FORBIDDEN).end();
}
// Determine cache filename. We use a shortened hash of the path (relative to the app root) so
// we can cleanup cache files when the original gets deleted.
//
// Cache filenames are formatted like this:
//
// pathHash.key.extension
//
// - Where pathHash is the first 10 chars of SHA256(path), and path is relative to the website
// root (e.g. '/uploads/2017/03/image.jpg').
// - Where key is a key from a signed URL.
// - Where extension is the lowercase file extension
//
let key = req.query.key || '';
let extension = Path.extname(targetFile).toLowerCase();
let pathHash = Crypto.createHash('sha256').update(decodeURI(req.path)).digest('hex').substring(0, 10);
let cacheFile = Path.join(__basedir, 'cache/images', pathHash + '.' + key + extension);
// Check for an existing cache file
Fs.stat(cacheFile, (err) => {
if(!err) {
// We have a hit! Send the file from cache.
res.header('Content-Type', mimeType).sendFile(cacheFile);
return;
}
// Nothing in cache. Does the target file exist?
Fs.stat(targetFile, (err) => {
if(err) return next();
// Process the image
Promise.resolve(Gm(targetFile))
// Skip animated images since resize, crop, rotate, etc. produce undesired results. It
// *is* possible to process animations, but it's very time consuming, memory intensive,
// and the resulting files are usually much larger than the originals due to the loss of
// optimizations.
//
// See: github.com/Postleaf/postleaf/issues/44
//
.then((image) => {
return new Promise((resolve, reject) => {
image.identify('%n\n', (err, info) => {
if(err) reject(err);
info = info.split('\n');
let numFrames = parseInt(info[0]);
if(numFrames > 1) {
reject(new Error('Unable to process images with animation.'));
}
resolve(image);
});
});
})
// Resize
.then((image) => {
return new Promise((resolve, reject) => {
if(req.query.width || req.query.height) {
let width = req.query.width ? parseInt(req.query.width) : null;
let height = req.query.height ? parseInt(req.query.height) : null;
// Determine the image's current size
image.size((err, size) => {
if(err) return reject(err);
// Only resize if requested dimensions are smaller than the original
if(width < size.width && height < size.height) {
image.resize(width, height);
}
resolve(image);
});
} else {
resolve(image);
}
});
})
// Crop
.then((image) => {
if(req.query.crop) {
let crop = req.query.crop.split(',');
let x1 = parseInt(crop[0]);
let y1 = parseInt(crop[1]);
let x2 = parseInt(crop[2]);
let y2 = parseInt(crop[3]);
let cropWidth = Math.abs(x2 - x1);
let cropHeight = Math.abs(y2 - y1);
let x = Math.min(x1, x2);
let y = Math.min(y1, y2);
if(cropWidth > 0 && cropHeight > 0) {
image.crop(cropWidth, cropHeight, x, y);
}
}
return image;
})
// Thumbnail
.then((image) => {
return new Promise((resolve, reject) => {
if(req.query.thumbnail) {
let args = req.query.thumbnail.split(',');
let width = args[0] ? parseInt(args[0]) : null;
let height = args[1] ? parseInt(args[1]) : width;
if(!width && !height) return resolve(image);
// Determine the image's current size
image.size((err, size) => {
if(err) return reject(err);
if(size.width < size.height) {
// Resize to width and crop to the desired height
image
.resize(width, null)
.gravity('Center')
.crop(width, height);
} else {
// Resize to height and crop to desired width
image
.resize(null, height)
.gravity('Center')
.crop(width, height);
}
resolve(image);
});
} else {
resolve(image);
}
});
})
// Rotate
.then((image) => {
if(req.query.rotate) {
let angle = parseInt(req.query.rotate);
if(angle > 0 && angle < 360) {
image.rotate('transparent', angle);
}
}
return image;
})
// Flip
.then((image) => {
switch(req.query.flip) {
case 'h':
image.flop();
break;
case 'v':
image.flip();
break;
case 'both':
image.flip().flop();
break;
}
return image;
})
// Grayscale
.then((image) => {
if(req.query.grayscale) {
image.type('Grayscale');
}
return image;
})
// Colorize
.then((image) => {
if(req.query.colorize) {
let rgb = req.query.colorize.split(',');
let red = 100 - (parseInt(rgb[0]) || 0);
let green = 100 - (parseInt(rgb[1]) || 0);
let blue = 100 - (parseInt(rgb[2]) || 0);
if(
red >= 0 && red <= 100 &&
green >= 0 && green <= 100 &&
blue >= 0 && blue <= 100
) {
image.colorize(red, green, blue);
}
}
return image;
})
// Blur
.then((image) => {
if(req.query.blur) {
let radius = parseInt(req.query.blur);
if(radius > 0) {
image.blur(0, radius);
}
}
return image;
})
// Colors
.then((image) => {
if(req.query.colors) {
let colors = parseInt(req.query.colors);
if(colors > 0) {
image.colors(colors);
}
}
return image;
})
// Quality
.then((image) => {
if(req.query.quality) {
let quality = parseInt(req.query.quality);
if(quality >= 1 && quality <= 100) {
image.quality(quality);
}
}
return image;
})
// Write and serve the image to cache
.then((image) => {
// Create the cache directory if it doesn't exist
Mkdirp.sync(Path.dirname(cacheFile));
// Write the cache file
image.write(cacheFile, (err) => {
if(err) throw new Error(err);
res.header('Content-Type', mimeType).sendFile(cacheFile);
return;
});
})
// Something went wrong, fallback and serve the static image
.catch(() => next());
});
});
}
it('should allow `rowspan`', function() {
var result = whitelister.verify('rowspan');
expect(result).to.be.ok();
});
it('should return true when the tag is in the whitelist', function() {
var result = whitelister.verify('style');
expect(result).to.be.ok();
});
return new Promise((resolve, reject) => {
jwt.verify(token, sekrit, (err, payload) => {
if(err) return reject(err);
return resolve(payload);
});
});
it('should allow `bgcolor`', function() {
var result = whitelister.verify('bgcolor');
expect(result).to.be.ok();
});
it('should allow `font-face`', function() {
var result = whitelister.verify('font-face');
expect(result).to.be.ok();
});
it('should return false when the tag is not in the whitelist', function() {
var result = whitelister.verify('hack');
expect(result).not.to.be.ok();
});
addToOrder : (req, res, next) => {
const token = jwt.verify(req.headers[`x-access-token`], `silverSecret`);
const userId = token._doc._id;
const stockId = req.body.stockId;
const orderId = req.body.orderId;
if (!userId || !stockId) {
const error = new Error(`UserId,StockId required`);
error.statusCode = 404;
next(error);
} else if (orderId) {
Orders.findOneAndUpdate({
orderId : orderId
},
{ $push : { items : { stockId : stockId } } })
.then((temp) => {
if (!temp) {
const order = new Orders();
order.items.push({ stockId : stockId });
order.userId = userId;
order.save((error) => {
if (error) {
next(error)
}
});
res.json(order._id)
} else {
res.json(temp._id)
}
})
.catch((error) => {
next(new Error(error))
})
} else {
Orders.findOneAndUpdate({
userId : userId
},
{ $push : { items : { stockId : stockId } } })
.then((temp) => {
if (!temp) {
const order = new Orders();
order.items.push({ stockId : stockId });
order.userId = userId;
order.save((error) => {
if (error) {
next(error)
} else {
res.json(order._id)
}
});
} else {
res.json(temp._id)
}
})
.catch((error) => {
next(new Error(error))
})
}
},
it('should allow `src`', function() {
var result = whitelister.verify('src');
expect(result).to.be.ok();
});