var express = require('express'); var router = express.Router(); var util = require('util'); var mysql = require('mysql'); var utils = require('../../../src/utils'); var crossCtl = require('../../../src/crossCtl'); var path = require('path'); var passport = require('passport'); var moment = require('moment'); var async = require('async'); const fs = require('fs'); // operation /* router.use(function (req, res, next) { next()/ }) */ function checkFilePriv(fid, req, cb) { crossCtl.getFidInfo(fid, null, function (error, fileInfo) { console.log('checkFilePriv(), error=', error); console.log('checkFilePriv(), fileInfo=', fileInfo); if (error) { cb(500, error.message ? error.message : error.toString(), fileInfo); } else { if (fileInfo.responseCode !== 200) { cb(fileInfo.responseCode, fileInfo.responseMessage, fileInfo); } else { let bid = fileInfo['attached_to']; let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; let uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); if (bid == null) { if (fileInfo['secure_enabled'] == 1) { if (req.infos.userInfo.adminFlag == true) { cb(200, 'ok', fileInfo); } else if (fileInfo['uid'] == uid) { cb(200, 'ok', fileInfo); } else { cb(401, 'Unauthorized', fileInfo); } } else { cb(200, 'ok', fileInfo); } } else { crossCtl.getBoardInfo(bid, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { cb(404, 'not found', fileInfo); } else { cb( 500, error.message ? error.message : error.toString(), fileInfo ); } } else { console.log('boardInfo = ', boardInfo); console.log('in checkFilePriv(), userLevel = ', userLevel); if (userLevel >= boardInfo['read_level_min'] == false) { cb(401, 'Unauthorized', fileInfo); } else { cb(200, 'ok', fileInfo); } } }); } } } }); } router.get('/download/:fidName', function (req, res) { var fidName = req.params.fidName; var tmpAry = fidName.split('.'); var fid = tmpAry[0]; checkFilePriv(fid, req, function (resultCode, resultMessage, fileInfo) { if (resultCode != 200) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: resultCode, responseMessage: resultMessage, }); } else { crossCtl.cache.useFile(fileInfo.path); req.workTag .res() .status(200) .type(fileInfo.type) .download(fileInfo.path, fileInfo.name); } }); }); router.get('/file/:fidName', function (req, res) { var fidName = req.params.fidName; var tmpAry = fidName.split('.'); var fid = tmpAry[0]; checkFilePriv(fid, req, function (resultCode, resultMessage, fileInfo) { if (resultCode != 200) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: resultCode, responseMessage: resultMessage, }); } else { crossCtl.cache.useFile(fileInfo.path); let mimeType = utils.getMimeFromPath(fileInfo.name); req.workTag.res().status(200).type(mimeType).sendFile(fileInfo.path); } }); }); router.get('/file/:fid/:name', function (req, res) { var fid = req.params.fid; var name = req.params.name; checkFilePriv(fid, req, function (resultCode, resultMessage, fileInfo) { if (resultCode != 200) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: resultCode, responseMessage: resultMessage, }); } else { crossCtl.cache.useFile(fileInfo.path); let mimeType = utils.getMimeFromPath(fileInfo.name); req.workTag.res().status(200).type(mimeType).sendFile(fileInfo.path); } }); }); router.post('/upload', function (req, res) { if (req.isAuthenticated()) { crossCtl.handleUpload(req, function (err, fields, files) { if (err) { utils.log( 'error', '/upload, err : ' + JSON.stringify(err) + ' ' + utils.__where() ); responseCode = 500; responseMessage = err.toString(); req.workTag .res() .status(responseCode) .send({ ...req.workTag.responsePacket, responseCode: responseCode, responseMessage: responseMessage, }); } else { console.log('fields=', fields); console.log('files=', files); var uploadedUrls = []; for (var i = 0; i < files.length; i++) { // name, size, type, localUrl uploadedUrls.push(files[i]); } var newHero = { ...fields, files: uploadedUrls, airList: fields.airList ? JSON.parse(fields.airList) : null, }; req.body = newHero; switch (newHero.target) { case 'support:ask': case 'support:reply': handleInsert(req, res); break; case 'just': req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', files: files, }); break; default: req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + newHero.target, }); } } }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } }); router.get('/dummy', function (req, res) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); }); // i18n.setLocale(req, req.session.lang ? req.session.lang : 'ko'); router.get('/apple/endpoint', function (req, res) { console.log('apple/endpoint with get, req.query =', req.query); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); }); router.post('/apple/endpoint', function (req, res) { console.log('apple/endpoint with post, req.body =', req.body); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); }); router.get('/set-lang', function (req, res) { req.session.lang = req.query.lang ? req.query.lang : 'ko'; req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); }); router.post('/signup', function (req, res, next) { var type = 0; var key = req.body.userName; var token = req.body.password; var defaultLevel = 0; var qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_white_list WHERE uid = ' + mysql.escape(key) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; crossCtl.db.doEasyQuery(qry, function (err, results) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { if (results.length !== 1 && crossCtl.sConfig.allowSignup === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'not in a white list', }); } else { defaultLevel = results.length == 1 ? results[0].level : defaultLevel; utils.getHash(token, function (err, hash) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { var user_info = crossCtl.normalizeUserInfo('id/password', { email: key, password: key, }); var prefDataJson = { account_info: user_info, newAccountFlag: true, }; var post = { site_id: crossCtl.sConfig.type, name: user_info.name, auth_type: type, auth_key: key, auth_token: hash, pref_data: JSON.stringify(prefDataJson), user_level: defaultLevel, }; qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_account_users SET ? '; crossCtl.db.doEasyQueryPost(qry, post, function (err, results) { if (err) { if (err.code == 'ER_DUP_ENTRY') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: -1, responseMessage: 'User already registered', }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } } else { var serial = results.insertId; var uid = utils.uuid('uid_' + serial); req.body.password = '******'; crossCtl.logUserAction(uid, 'new', utils.dumpReq(req)); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_account_users SET uid = ' + mysql.escape(uid) + ' WHERE serial = ' + serial; crossCtl.db.doEasyQuery(qry, function (err, results) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } crossCtl.passEventToLocalHandler( 'addUser', { uid: uid, user_info: user_info }, function (error) { if (error) { utils.log( 'error', 'on crossCtl.passEventToLocalHandler(), error =', error ); } } ); }); } }); } }); } } }); }); router.post('/reset', function (req, res, next) { var type = 0; var key = req.body.userName; var qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_account_users WHERE auth_key = ' + mysql.escape(key) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND auth_type = 0' + ' AND status = 0'; crossCtl.db.doEasyQuery(qry, function (err, results) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { if (results.length == 0) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'no user found', }); } else { var userInfo = results[0]; var uid = userInfo.uid; var requestInfoDump = utils.dumpReq(req); var token = uid + '_jollyINAJungle_' + new Date().getTime(); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_reset_list SET status = 4 WHERE uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; crossCtl.db.doEasyQuery(qry, function (err, results) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { utils.getHash(token, function (err, hash) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { var post = { site_id: crossCtl.sConfig.type, uid: uid, token: hash, created_hint: requestInfoDump, }; qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_reset_list SET ? '; crossCtl.db.doEasyQueryPost(qry, post, function (err, results) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { /* crossCtl.passEventToLocalHandler( 'resetReq', { uid: uid, user_info: JSON.parse( utils.dumpReq(req) ), }, function (error) { if (error) { utils.log( 'error', 'on crossCtl.passEventToLocalHandler(), error =', error ); } } ); */ var resetLink = 'https://' + crossCtl.sConfig.baseUrl + '/user/reset-password?key=' + hash; utils.mail.sendMailRaw( key, crossCtl.sConfig.name + ' 비밀번호 재설정 링크', '다음 링크를 방문하여 비밀번호를 재설정 하세요. 신청하신 적이 없다면 무시하셔도 안전합니다. 재설정 링크', function (error) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } ); } }); } }); } }); } } }); }); function handleLoadDaily(req, cb) { var uid = req.user.uid; if (req.body.token) { req.body.token = '******'; } var req_dump = req.session.req_dump; req.session.req_dump = undefined; crossCtl.logUserAction( uid, 'signin', req_dump === undefined ? utils.dumpReq(req) : req_dump ); crossCtl.loadUserDaily(uid, function (error, dailyJson) { if (error) { utils.log( 'error', 'error at loadUserDaily() : ' + req_dump ? req_dump : utils.dumpReq(req) + ' ' + utils.__where() ); cb(error); } else { crossCtl.doWorkOnDailyWithTransaction( uid, function (dailyJson, afterCallback) { // afterCallback(error, afterDailyJson, finalCallback) if (dailyJson.loginCount === undefined) { dailyJson.loginCount = 1; } else { dailyJson.loginCount += 1; } if (dailyJson.loginCount === 1) { crossCtl.giveCreditToUser( req.user.uid, 0, 1, 'daily login gift', 'system', function (error, result) { if (error) { utils.log( 'error', 'giveCreditToUser(), daily login gift, error =' + error ); } afterCallback(error, dailyJson, function (error, result) { cb(error); }); } ); } else { crossCtl.giveCreditToUser( req.user.uid, 1, 1, 'daily login gift - bad value test', 'system', function (error, result) { if (error) { utils.log( 'error', 'giveCreditToUser(), daily login gift, error =' + error ); } afterCallback(error, dailyJson, function (error, result) { cb(error); }); } ); } }, function (error, result) { if (error) { utils.log( 'error', 'doWorkOnDailyWithTransaction(), error =' + error ); } cb(error); } ); } }); } router.post('/signin', function (req, res, next) { // console.log('at /api/signin, req.body=', req.body) var responseJson = {}; var passcard = req.headers['user-agent'] != undefined ? req.headers['user-agent'] : ''; if ( (passcard.startsWith('Dart/') && passcard.endsWith(' (dart:io)')) || passcard == 'usm' ) { } else { if ( crossCtl.sConfig.minBuildNumber != undefined && req.body.buildNumber == undefined ) { req.body.buildNumber = crossCtl.sConfig.minBuildNumber; } } if (crossCtl.sConfig.minBuildNumber != undefined) { if (req.body.buildNumber == undefined) { req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: 426, responseMessage: 'Upgrade Required. Required buildNumber = ' + crossCtl.sConfig.minBuildNumber, minBuildNumber: crossCtl.sConfig.minBuildNumber, }); return; } else if ( parseInt(req.body.buildNumber) < crossCtl.sConfig.minBuildNumber ) { req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: 426, responseMessage: 'Upgrade Required. Required buildNumber = ' + crossCtl.sConfig.minBuildNumber, minBuildNumber: crossCtl.sConfig.minBuildNumber, }); return; } } passport.authenticate('api-login', function (err, user, info) { if (err) { req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: utils.__line(), responseMessage: err.message, ...responseJson, }); } else { if (user.auth_flag === false) { req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: utils.__line(), responseMessage: 'user.auth_flag === false', ...responseJson, }); } else { req.login(user, (loginErr) => { if (loginErr) { responseJson = { error: util.inspect(loginErr) }; req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: utils.__line(), responseMessage: 'login error', ...responseJson, }); } else { handleLoadDaily(req, function (error) { req.session.user = user; responseJson = { user: user }; req.workTag.res().send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', ...responseJson, }); }); } }); } } })(req, res, next); }); /* POST home page. */ router.get('/signout', function (req, res, next) { if (req.isAuthenticated() == true) { crossCtl.logUserAction(req.user.uid, 'signout', utils.dumpReq(req)); } req.logout(); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); }); router.post('/withdrawal', function (req, res, next) { if (!req.isAuthenticated()) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { var uid = req.user.uid; var hero = req.body; // console.log("withdrawal, hero=", hero); var qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_account_users SET auth_key = concat(' + mysql.escape('withdrawal_') + ', auth_key, ' + mysql.escape('_' + utils.shortid.generate()) + '), status = 4, withdrawal_info = ' + mysql.escape(JSON.stringify(hero)) + ' WHERE uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); req.logout(); crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'withdrawal, uid =', uid, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { if (results.affectedRows === 0) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else if (results.affectedRows > 1) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'bad affectedRows. affectedRows= ' + results.affectedRows, }); } else { crossCtl.logUserAction(uid, 'withdrawal', utils.dumpReq(req)); crossCtl.passEventToLocalHandler( 'withdrawal', { req: req, uid: uid }, function (error) { if (error) { utils.log( 'error', 'withdrawal handle error in localHandler. error = ' + JSON.stringify(error) + ' ' + utils.__where() ); } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } ); } } }); } }); /* router.get('/businessinfo', function (req, res) { crossCtl.loadBusinessInfo(function (error, businessInfo) { if (error) { req.workTag.responsePacket.responseCode = 500 req.workTag.responsePacket.responseMessage = error } else { req.workTag.responsePacket.responseCode = 200 req.workTag.responsePacket.responseMessage = 'ok' req.workTag.responsePacket.businessInfo = businessInfo } req.workTag.res().status(req.workTag.responsePacket.responseCode).send({ ...req.workTag.responsePacket }) }) }) router.post('/businessinfo', function (req, res) { if (req.infos.userInfo.adminFlag === false) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized' }) } else { var businessInfo = req.body.businessInfo console.log('req.body=', req.body) if (businessInfo === null) { crossCtl.deleteBusinessInfo(function (error) { if (error) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error }) } else { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', businessInfo: null }) } }) } else { console.log('businessInfo=', businessInfo) crossCtl.saveBusinessInfo(businessInfo, function (error) { if (error) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error }) } else { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', businessInfo: businessInfo }) } }) } } }) router.get('/maintenance', function (req, res) { crossCtl.loadMaintenanceInfo(function (error, maintenanceInfo) { if (error) { req.workTag.responsePacket.responseCode = 500 req.workTag.responsePacket.responseMessage = error } else { maintenanceInfo.until = utils.dateFormat(maintenanceInfo.until, '%Y-%m-%dT%H:%M', false) req.workTag.responsePacket.responseCode = 200 req.workTag.responsePacket.responseMessage = 'ok' req.workTag.responsePacket.maintenanceInfo = maintenanceInfo } req.workTag.res().status(req.workTag.responsePacket.responseCode).send({ ...req.workTag.responsePacket }) }) }) router.post('/maintenance', function (req, res) { if (req.infos.userInfo.adminFlag === false) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized' }) } else { var currentMaintenanceInfo = crossCtl.getMaintenanceInfo() var maintenanceInfo = req.body.maintenanceInfo // console.log('req.body=', req.body) if (maintenanceInfo === null) { if (currentMaintenanceInfo !== null) { // crossCtl.sms.sendSMS('01050277214', '01021811127', 'Maintenance End!') } crossCtl.deleteMaintenanceInfo(function (error) { if (error) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error }) } else { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', maintenanceInfo: null }) } }) } else { var requestIP = utils.getIPFromReq(req) var staffIPs = crossCtl.getStaffIPs() if (!staffIPs.includes(requestIP)) { staffIPs[staffIPs.length] = requestIP } maintenanceInfo['staff-ips'] = staffIPs.toString() // console.log('maintenanceInfo=', maintenanceInfo) if (currentMaintenanceInfo === null) { // crossCtl.sms.sendSMS('01050277214', '01021811127', 'Maintenance Start!') } else { // crossCtl.sms.sendSMS('01050277214', '01021811127', 'Maintenance Update!') } crossCtl.saveMaintenanceInfo(maintenanceInfo, function (error) { if (error) { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error }) } else { req.workTag.res().status(200).send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', maintenanceInfo: maintenanceInfo }) } }) } } }) */ router.post('/select', function (req, res) { var hero = req.body; // console.log('hero=', hero) console.log('req.sessionID = ', req.sessionID); var authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; var qry = ''; let boardInfoActiveOnlyflag = true; switch (hero.target) { case 'shortUrl': authorized = req.isAuthenticated(); // req.isAuthenticated() qry = hero.target; break; case 'admin:white': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_white_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(hero.hero); break; case 'board:info:all': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = hero.target; boardInfoActiveOnlyflag = false; break; case 'board:info': authorized = true; // req.isAuthenticated() qry = hero.target; break; case 'board:infoBACKUP': authorized = true; // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_board_info WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND id = ' + mysql.escape(hero.hero) + (req.infos.userInfo.adminFlag ? '' : ' AND status = 0'); break; case 'board': authorized = true; // req.isAuthenticated() qry = hero.target; break; case 'log:user': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_user_log WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND serial = ' + mysql.escape(hero.hero); break; case 'maintenance': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_maintenance_info WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; break; case 'businessInfo': authorized = true; qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_business_info WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; break; case 'inquiry': authorized = req.isAuthenticated(); // req.isAuthenticated() if (req.infos.userInfo.adminFlag == true) { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_inquiry_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND serial = ' + mysql.escape(hero.hero); } else { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_inquiry_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid) + ' AND serial = ' + mysql.escape(hero.hero); } break; case 'notice': authorized = req.isAuthenticated(); // req.isAuthenticated() if (req.infos.userInfo.adminFlag == true) { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_notice_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND serial = ' + mysql.escape(hero.hero); } else { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_notice_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0 AND serial = ' + mysql.escape(hero.hero); } break; case 'faq': authorized = req.isAuthenticated(); // req.isAuthenticated() if (req.infos.userInfo.adminFlag == true) { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_faq_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND serial = ' + mysql.escape(hero.hero); } else { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_faq_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0 AND serial = ' + mysql.escape(hero.hero); } break; case 'me': authorized = req.isAuthenticated(); // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_account_users WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid) + ' AND status = 0'; break; case 'admin:user:byid': authorized = req.infos.userInfo.adminFlag; qry = 'SELECT ' + '*, ' + crossCtl.db.options.database + '.tbl_account_users.serial as serial' + ' FROM ' + crossCtl.db.options.database + '.tbl_account_users ' + 'LEFT JOIN ' + crossCtl.db.options.database + '.tbl_profile_list ON ' + crossCtl.db.options.database + '.tbl_account_users.uid = ' + crossCtl.db.options.database + '.tbl_profile_list.uid ' + 'WHERE ' + crossCtl.db.options.database + '.tbl_account_users.uid = ' + mysql.escape(hero.hero); console.log('qry = ', qry); break; case 'admin:user': authorized = req.infos.userInfo.adminFlag; qry = 'SELECT ' + '*, ' + crossCtl.db.options.database + '.tbl_account_users.serial as serial' + ' FROM ' + crossCtl.db.options.database + '.tbl_account_users ' + 'LEFT JOIN ' + crossCtl.db.options.database + '.tbl_profile_list ON ' + crossCtl.db.options.database + '.tbl_account_users.uid = ' + crossCtl.db.options.database + '.tbl_profile_list.uid ' + 'WHERE ' + crossCtl.db.options.database + '.tbl_account_users.serial = ' + mysql.escape(hero.hero); console.log('qry = ', qry); break; case 'user': authorized = true; // req.isAuthenticated() qry = hero.target; break; case 'profile': if (hero.hero !== undefined) { authorized = true; // req.isAuthenticated() qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_profile_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND pid = ' + mysql.escape(hero.hero) + ' AND status = 0'; } else { authorized = req.isAuthenticated(); qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_profile_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid) + ' AND status = 0'; } break; case 'settings': authorized = req.isAuthenticated(); qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_setting_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid) + ' AND status = 0'; break; default: } if (qry === '') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + hero.target, }); } else if (authorized === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { if (qry === hero.target) { switch (hero.target) { case 'huk': req.workTag.responsePacket.data = []; req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); break; case 'shortUrl': crossCtl.setShortUrlInfo( uid, hero.hero, function (error, shortUrlInfo) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { console.log('shortUrlInfo = ', shortUrlInfo); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', shortUrlId: shortUrlInfo.short_id, }); } } ); break; case 'board:info': case 'board:info:all': crossCtl.getBoardInfo( hero.hero, boardInfoActiveOnlyflag, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } } else { console.log('boardInfo = ', boardInfo); if (userLevel >= boardInfo['read_level_min'] == false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', data: [boardInfo], }); } } } ); break; case 'board': crossCtl.getBoardInfo(hero.boardId, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } } else { console.log('boardInfo = ', boardInfo); if (userLevel >= boardInfo['read_level_min'] == false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_board_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND cid = ' + mysql.escape(hero.hero) + ' AND status = 0'; crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { let filteredResult = results; if (filteredResult.length > 0) { filteredResult[0].myFlag = filteredResult[0].uid == uid; delete filteredResult[0].uid; delete filteredResult[0].site_id; } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', data: filteredResult, metaData: { attachmentEnabled: boardInfo['attachment_enabled'] == 1, commentEnabled: boardInfo['comment_enabled'] == 1, }, }); crossCtl.doTheHit(req, hero.target, hero.hero); } }); } } }); break; case 'user': req.workTag.responsePacket.data = [ { isAuthenticated: req.isAuthenticated(), uid: req.isAuthenticated() ? crossCtl.sConfig.type == 'usm' ? req.user.account_info.uid : null : null, userInfo: req.isAuthenticated() ? req.infos.userInfo : {}, isHighLeveled: req.isAuthenticated() ? req.user.account_info.user_level > 1 : false, isOp: req.isAuthenticated() ? req.user.account_info.user_level == 3 : false, isSuperOp: req.isAuthenticated() ? req.user.account_info.user_level == 4 : false, isAdmin: req.isAuthenticated() ? req.user.account_info.user_level == 5 : false, isApproved: req.isAuthenticated() ? req.user.account_info.user_level > 0 : false, }, ]; req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); break; default: req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + hero.target, }); } } else { crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'select, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { var filteredResult = results; if (hero.target === 'profile') { if (results.length > 0) { delete filteredResult[0].uid; filteredResult[0].infos = utils.safeJSON(filteredResult[0].infos); if (hero.hero == undefined) { filteredResult[0].addon = req.user.user_info; } delete filteredResult[0].serial; delete filteredResult[0].site_id; delete filteredResult[0].status; delete filteredResult[0].updated; delete filteredResult[0].created; // delete filteredResult[0].infos; filteredResult[0].fromAir = false; } } else if (hero.target === 'settings') { if (filteredResult.length > 0) { filteredResult[0].settings = JSON.parse( filteredResult[0].settings ); delete filteredResult[0].uid; delete filteredResult[0].site_id; } } else if (hero.target === 'board') { if (filteredResult.length > 0) { filteredResult[0].myFlag = filteredResult[0].uid == uid; delete filteredResult[0].uid; delete filteredResult[0].site_id; } } if (filteredResult.length == 0) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'not found', data: filteredResult, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', data: filteredResult, }); } } }); } } }); var packetPool = {}; var packetAry = []; router.post('/insert', function (req, res) { handleInsert(req, res); }); function handleInsert(req, res) { var hero = req.body; console.log('hero=', hero); var authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; var qry = ''; var post = {}; var tmpIdGenerated = utils.shortid.generate(); switch (hero.target) { case 'comment': authorized = req.isAuthenticated(); qry = hero.target; break; case 'admin:white': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_white_list SET ? '; post = { site_id: crossCtl.sConfig.type, uid: hero.uid, level: hero.level, memo: hero.memo, }; break; case 'board:info': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_board_info SET ? '; post = { bid: tmpIdGenerated, id: hero.boardId, site_id: crossCtl.sConfig.type, title: hero.title, description: hero.description, read_level_min: hero.readLevelMin, write_level_min: hero.writeLevelMin, comment_enabled: hero.commentEnabled == true ? 1 : 0, attachment_enabled: hero.attachmentEnabled == true ? 1 : 0, ago_enabled: hero.agoEnabled == true ? 1 : 0, memo: hero.memo, }; break; case 'board': authorized = true; // req.isAuthenticated() qry = hero.target; break; case 'packet': authorized = true; // req.isAuthenticated() qry = hero.target; break; case 'inquiry': authorized = req.isAuthenticated(); // req.isAuthenticated() qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_inquiry_list SET ? '; post = { site_id: crossCtl.sConfig.type, uid: uid, name: mysql.escape( req.isAuthenticated() ? req.infos.userInfo['userName'] : '?' ), title: hero.title, question: hero.question, attachment_from: JSON.stringify(hero.attachmentFrom), flags: hero.flags, }; utils.mail.sendMailRaw('netsafe@kiso.or.kr', '[1:1문의]' + hero.title, hero.question) break; case 'notice': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_notice_list SET ? '; post = { site_id: crossCtl.sConfig.type, uid: uid, title: hero.title, detail: hero.detail, flags: hero.flags, }; break; case 'faq': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_faq_list SET ? '; post = { site_id: crossCtl.sConfig.type, uid: uid, question: hero.question, answer: hero.answer, }; break; case 'support:ask': console.log('on support:ask, hero=', hero); authorized = req.isAuthenticated(); qry = hero.target; break; case 'support:reply': authorized = req.infos.userInfo.adminFlag; qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_support_list SET ? '; // type : send received, system post = { site_id: crossCtl.sConfig.type, type: 'received', session_id: hero.sessionId, uid: hero.uid, name: req.infos.userInfo.profile.display_name, from_id: uid, message: hero.message, }; break; default: } if (qry === '') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + hero.target, }); } else if (authorized === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { if (qry === hero.target) { if (hero.target == 'packet') { hero.parsedResponse = JSON.parse(hero.response); // packetPool var tmpPacketUrlToken = hero.url .replace('https://usm-dev.inspond.com/api/', '') .replace('/', '_'); if (packetPool[tmpPacketUrlToken] == undefined) { packetPool[tmpPacketUrlToken] = {}; } var targetPool = packetPool[tmpPacketUrlToken]; var targetToken = hero.params.target; if (targetPool[targetToken] == undefined) { targetPool[targetToken] = {}; } targetPool[targetToken] = { url: hero.url, method: hero.method, params: hero.params, response: hero.parsedResponse, }; packetAry.push({ url: hero.url, method: hero.method, params: hero.params, response: hero.parsedResponse, }); var logStreamA = fs.createWriteStream('packets.txt', { flags: 'w', }); // use {flags: 'a'} to append and {flags: 'w'} to erase and write a new file logStreamA.end(JSON.stringify(packetAry, null, 4)); var logStream = fs.createWriteStream('packet.txt', { flags: 'w', }); // use {flags: 'a'} to append and {flags: 'w'} to erase and write a new file logStream.end(JSON.stringify(packetPool, null, 4)); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } else if (hero.target == 'support:ask') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_support_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0 AND uid = ' + mysql.escape(uid) + ' ORDER BY serial DESC LIMIT 1'; crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { var lastRecord = results.length > 0 ? results[0] : null; var currentSessionId = tmpIdGenerated; if (lastRecord != null) { currentSessionId = lastRecord.session_id; } qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_support_list SET ? '; post = { site_id: crossCtl.sConfig.type, type: 'send', session_id: currentSessionId, uid: uid, name: req.infos.userInfo.profile.display_name, from_id: uid, message: hero.message, attachment: hero.files ? JSON.stringify({ files: hero.files, airList: hero.airList, }) : null, }; crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { var msgBase = { collapse_key: currentSessionId, notification: { title: '일대일 문의 접수', body: hero.message, }, data: { eventTag: 'support:new', location: '/admin/support', title: '일대일 문의 접수', body: hero.message, }, }; crossCtl.sendFCMToLeveledUser( 5, msgBase, function (error, response) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } ); } }); } }); } else if (hero.target == 'comment') { crossCtl.handleComment('insert', req, function (error) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { switch (hero.for) { case 'post': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_post_list SET comment_count = comment_count + 1 WHERE pid = ' + mysql.escape(hero.hero); break; case 'board': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET comment_count = comment_count + 1 WHERE cid = ' + mysql.escape(hero.hero); break; default: qry = ''; } if (qry != '') { crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', pid: hero.hero, }); } }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } }); } else if (hero.target == 'board') { console.log('hero=', hero); crossCtl.getBoardInfo(hero.boardId, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } } else { if (boardInfo == undefined) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'target board not found', hero: hero, }); } else if (userLevel < boardInfo['write_level_min']) { console.log('traped by write_level_min'); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { console.log('pass write_level_min test'); qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_board_list SET ? '; post = { site_id: crossCtl.sConfig.type, board_id: boardInfo['bid'], cid: tmpIdGenerated, uid: uid, name: req.isAuthenticated() ? req.infos.userInfo['userName'] : '?', profile_url: req.isAuthenticated() ? req.infos.userInfo['profileUrl'] : '', title: hero.title, content: hero.content, flags: JSON.stringify(['new']), attachments: JSON.stringify(hero.attachments), }; crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', cid: tmpIdGenerated, }); } }); } // do gatekeeping } }); } else { switch (hero.target) { case 'huk': req.workTag.responsePacket.data = []; break; default: } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } else { crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (hero.target == 'support:reply') { var msgBase = { collapse_key: hero.sessionId, notification: { title: '일대일 문의 답변', body: hero.message, }, data: { eventTag: 'support:reply', location: '/support', title: '일대일 문의 답변', body: hero.message, }, }; crossCtl.sendFcmToUids( [hero.uid], msgBase, function (error, response) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } ); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } }); } } } router.post('/update', function (req, res) { handleUpdate(req, res); }); function handleUpdate(req, res) { var hero = req.body; console.log('hero=', hero); var authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; var qry = ''; var post = {}; switch (hero.target) { case 'like': case 'report': authorized = req.isAuthenticated(); qry = hero.target; break; case 'password:reset': authorized = true; qry = hero.target; break; case 'password': authorized = req.isAuthenticated(); qry = hero.target; break; case 'admin:password': authorized = req.infos.userInfo.adminFlag; qry = hero.target; break; case 'hit': authorized = req.isAuthenticated(); // req.isAuthenticated() switch (hero.for) { case 'board': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET ' + ' hit_count = hit_count + 1 WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'post': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_post_list SET ' + ' hit_count = hit_count + 1 WHERE pid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; } break; case 'admin:white': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_white_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { level: hero.level, memo: hero.memo, status: hero.status, }; break; case 'board:info': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_info SET' + ' id = ' + mysql.escape(hero.boardId) + ', title = ' + mysql.escape(hero.title) + ', description = ' + mysql.escape(hero.description) + ', read_level_min = ' + mysql.escape(hero.readLevelMin) + ', write_level_min = ' + mysql.escape(hero.writeLevelMin) + ', comment_enabled = ' + mysql.escape(hero.commentEnabled) + ', attachment_enabled = ' + mysql.escape(hero.attachmentEnabled) + ', ago_enabled = ' + mysql.escape(hero.agoEnabled) + ', memo = ' + mysql.escape(hero.memo) + ', status = ' + mysql.escape(hero.status) + ' WHERE bid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'board': authorized = true; qry = hero.target; break; case 'boardBAK': authorized = req.isAuthenticated(); // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET' + ' name = ' + mysql.escape( req.isAuthenticated() ? req.infos.userInfo['userName'] : 'anonym' ) + ', profile_url = ' + mysql.escape( req.isAuthenticated() ? req.infos.userInfo['profileUrl'] : '' ) + ', title = ' + mysql.escape(hero.title) + ', content = ' + mysql.escape(hero.content) + ', attachments = ' + mysql.escape(JSON.stringify(hero.attachments)) + ', status = ' + mysql.escape(hero.status) + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND board_id = ' + mysql.escape(hero.boardId) + ' AND uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'inquiry': authorized = req.isAuthenticated(); // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_inquiry_list SET ' + ' title = ' + mysql.escape(hero.title) + ', question = ' + mysql.escape(hero.question) + ', attachment_from = ' + mysql.escape(JSON.stringify(hero.attachmentFrom)) + ', status = ' + mysql.escape(hero.status) + ' WHERE serial = ' + mysql.escape(hero.hero) + ' AND uid = ' + mysql.escape(uid) + ' AND status = 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'inquiry:admin': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_inquiry_list SET ' + ' `by` = ' + mysql.escape( req.isAuthenticated() ? req.infos.userInfo['userName'] : '?' ) + ' ,answer = ' + mysql.escape(hero.answer) + ', attachment_to = ' + mysql.escape(JSON.stringify(hero.attachmentTo)) + ', memo = ' + mysql.escape(hero.memo) + ', status = ' + mysql.escape(hero.status) + ' WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'profile': authorized = req.isAuthenticated(); qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_profile_list SET ? ON DUPLICATE KEY UPDATE display_name = ' + mysql.escape(hero.displayName) + ', photo_url = ' + mysql.escape(hero.photoUrl) + ', infos = ' + mysql.escape(JSON.stringify(hero.infos)); post = { site_id: crossCtl.sConfig.type, uid: uid, display_name: hero.displayName, photo_url: hero.photoUrl, infos: JSON.stringify(hero.infos), }; break; case 'admin:limitCount': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_account_users SET limit_count = ' + mysql.escape(hero.limitCount) + ' WHERE uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); console.log('qry = ', qry); break; case 'admin:level': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_account_users SET user_level = ' + mysql.escape(hero.level) + ' WHERE uid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'admin:profile': authorized = req.infos.userInfo.adminFlag; qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_profile_list SET ? ON DUPLICATE KEY UPDATE display_name = ' + mysql.escape(hero.displayName) + ', photo_url = ' + mysql.escape(hero.photoUrl) + ', infos = ' + mysql.escape(JSON.stringify(hero.infos)); post = { site_id: crossCtl.sConfig.type, uid: hero.hero, display_name: hero.displayName, photo_url: hero.photoUrl, infos: JSON.stringify(hero.infos), }; break; case 'admin:withdrawal': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_account_users SET auth_key = concat(' + mysql.escape('withdrawal_') + ', auth_key, ' + mysql.escape('_' + utils.shortid.generate()) + '), status = 4, withdrawal_info = ' + mysql.escape( '운영자에 의한 탈퇴처리 ' + JSON.stringify(req.infos.userInfo) ) + ' WHERE uid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'settings': authorized = req.isAuthenticated(); qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_setting_list SET ? ON DUPLICATE KEY UPDATE settings = ' + mysql.escape(hero.settings); post = { site_id: crossCtl.sConfig.type, uid: uid, settings: hero.settings, }; break; case 'fcmToken': if (crossCtl.sConfig.type == 'hatch') { authorized = true; } else { authorized = req.isAuthenticated(); } // authorized = true qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_fcm_tokens SET ? ON DUPLICATE KEY UPDATE uid = ' + mysql.escape(uid) + ', hit_count = hit_count + 1, status = 0, nick = ' + mysql.escape(req.infos.userInfo.profile.display_name); post = { tid: utils.shortid.generate(), site_id: crossCtl.sConfig.type, token: hero.token, duid: hero.duid, uid: uid, nick: req.infos.userInfo.profile.display_name, }; req.session.fcmInfo = post; break; case 'fcm': authorized = req.isAuthenticated(); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_fcm_tokens SET last_received = NOW() WHERE uid = ' + mysql.escape(uid) + ' AND duid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = {}; break; case 'notice': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_notice_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { title: hero.title, detail: hero.detail, flags: hero.flags, status: hero.status, }; break; case 'faq': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_faq_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { question: hero.question, answer: hero.answer, status: hero.status, }; break; case 'support': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_support_list SET ? WHERE uid = ' + mysql.escape(uid) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { session_id: utils.shortid.generate(), status: 4, }; break; case 'maintenance': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_maintenance_info SET ? WHERE status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); var requestIP = utils.getIPFromReq(req); var staffIPs = crossCtl.getStaffIPs(); if (!staffIPs.includes(requestIP)) { staffIPs[staffIPs.length] = requestIP; } post = { site_id: crossCtl.sConfig.type, title: hero.title, description: hero.description, until: hero.until, type: hero.type, }; post['staff-ips'] = staffIPs.toString(); break; case 'businessInfo': authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_business_info SET ? WHERE status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { site_id: crossCtl.sConfig.type, name: hero.name, owner: hero.owner, address: hero.address, phone: hero.phone, email: hero.email, phone: hero.phone, registration_number: hero.registration_number, capp_biz_cd: hero.capp_biz_cd, note: hero.note, }; break; default: } if (qry === '') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + hero.target, }); } else if (authorized === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { if (qry === hero.target) { if (hero.target === 'like') { crossCtl.handleLike(req, function (error, resultPack) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { console.log('resultPack=', resultPack); if (hero.for === 'post') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_post_list SET ' + resultPack.amountTag + ' WHERE pid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } else if (hero.for === 'comment') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_comment_list SET ' + resultPack.amountTag + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } else if (hero.for === 'board') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET ' + resultPack.amountTag + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'update, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (hero.for === 'post') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_post_list WHERE pid = ' + mysql.escape(hero.hero); } else if (hero.for === 'comment') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_comment_list WHERE cid = ' + mysql.escape(hero.hero); } else if (hero.for === 'board') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_board_list WHERE cid = ' + mysql.escape(hero.hero); } crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'update, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { var finalResult = { hero: hero.hero, oldTag: resultPack.oldTag, oldCount: resultPack.oldCount, newTag: resultPack.newTag, newCount: resultPack.newCount, like_count: results[0].like_count, dislike_count: results[0].dislike_count, likeToggleFlag: crossCtl.sConfig.likeToggleFlag, }; req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', finalResult: finalResult, }); } }); } }); } }); } else if (hero.target === 'report') { crossCtl.handleReport(req, function (error, resultPack) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { console.log('resultPack=', resultPack); if (hero.for === 'post') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_post_list SET ' + resultPack.amountTag + ' WHERE pid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } else if (hero.for === 'comment') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_comment_list SET ' + resultPack.amountTag + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } else if (hero.for === 'board') { qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET ' + resultPack.amountTag + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); } crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'update, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (hero.for === 'post') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_post_list WHERE pid = ' + mysql.escape(hero.hero); } else if (hero.for === 'comment') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_comment_list WHERE cid = ' + mysql.escape(hero.hero); } else if (hero.for === 'board') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_board_list WHERE cid = ' + mysql.escape(hero.hero); } crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'update, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { var finalResult = { hero: hero.hero, oldTag: resultPack.oldTag, oldCount: resultPack.oldCount, newTag: resultPack.newTag, newCount: resultPack.newCount, report_count: results[0].report_count, }; req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', finalResult: finalResult, }); } }); } }); } }); } else if (hero.target === 'password') { crossCtl.changePassword( uid, hero.password_current, hero.password_new, hero.password_again, function (err) { if (err) { console.log('err=', err); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } ); } else if (hero.target === 'admin:password') { crossCtl.changePasswordByAdmin( hero.hero, '', hero.password_new, hero.password_again, function (err) { if (err) { console.log('err=', err); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } ); } else if (hero.target === 'password:reset') { crossCtl.changePasswordByResetKey( hero.hero, '', hero.passwordNew, hero.passwordAgain, function (err) { if (err) { console.log('err=', err); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: err.message ? err.message : err.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } ); } else if (hero.target == 'board') { crossCtl.getBoardInfo(hero.boardId, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { cb( { responseCode: 404, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { cb( { responseCode: 500, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (boardInfo == undefined) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'target board not found', hero: hero, }); } else if (userLevel < boardInfo['write_level_min']) { console.log('traped by write_level_min'); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { console.log('pass write_level_min test'); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET' + ' name = ' + mysql.escape( req.isAuthenticated() ? req.infos.userInfo['userName'] : 'anonym' ) + ', profile_url = ' + mysql.escape( req.isAuthenticated() ? req.infos.userInfo['profileUrl'] : '' ) + ', title = ' + mysql.escape(hero.title) + ', content = ' + mysql.escape(hero.content) + ', attachments = ' + mysql.escape(JSON.stringify(hero.attachments)) + ', status = ' + mysql.escape(hero.status) + ' WHERE cid = ' + mysql.escape(hero.hero) + ' AND board_id = ' + mysql.escape(boardInfo['bid']) + ' AND uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } }); } // do gatekeeping } }); } else { switch (hero.target) { case 'huk': req.workTag.responsePacket.data = []; break; default: } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } else { // console.log('qry=', qry) // console.log('post=', post) crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (hero.target === 'maintenance' || hero.target === 'businessInfo') { if (results.affectedRows === 0) { qry = 'INSERT INTO ' + crossCtl.db.options.database + '.' + (hero.target === 'maintenance' ? 'tbl_maintenance_info' : 'tbl_business_info') + ' SET ?'; crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { crossCtl.redis.publishMessage({ cmd: hero.target === 'maintenance' ? 'maintenance' : 'business', }); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } }); } else { crossCtl.redis.publishMessage({ cmd: hero.target === 'maintenance' ? 'maintenance' : 'business', }); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } else if (hero.target === 'board:info') { crossCtl.redis.publishMessage({ cmd: 'update', target: hero.target, hero: hero.hero, }); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } else if (hero.target === 'profile') { if (crossCtl.sConfig.type == 'linkcare') { var tmpQry = 'UPDATE linkcare.tbl_family_list SET profile_url = ' + mysql.escape(hero.photoUrl) + ' WHERE uid = ' + mysql.escape(uid); console.log('qry = ', tmpQry); crossCtl.db.doEasyQuery(tmpQry, function (error, results) {}); } crossCtl.loadProfile(req.user, function (err, result) { if (hero.password !== undefined) { crossCtl.chanePassword(uid, hero.password, function (err) { if (err) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } }); } } } router.post('/delete', function (req, res) { var hero = req.body; console.log('hero=', hero); var authorized = req.infos.userInfo.adminFlag; // req.isAuthenticated() var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; var qry = ''; var post = {}; switch (hero.target) { case 'board:info': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_info SET ? WHERE bid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; post = { status: 4, }; break; case 'board': authorized = true; qry = hero.target; break; case 'fcmToken': authorized = req.isAuthenticated(); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_fcm_tokens SET ? WHERE tid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { status: 4, }; break; case 'notice': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_notice_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { status: 4, }; break; case 'faq': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_faq_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { status: 4, }; break; case 'support:ask': authorized = req.isAuthenticated(); qry = hero.target; /* qry = "UPDATE " + crossCtl.db.options.database + ".tbl_support_list SET ? WHERE uid = " + mysql.escape(uid) + " AND status = 0" + " AND site_id = " + mysql.escape(crossCtl.sConfig.type) + " AND session_id = " + mysql.escape(hero.hero); post = { status: 4, }; */ break; case 'file': authorized = req.infos.userInfo.adminFlag; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_file_list SET ? WHERE serial = ' + mysql.escape(hero.hero) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); post = { status: 4, }; break; case 'maintenance': authorized = req.infos.userInfo.adminFlag; qry = hero.target; break; case 'businessInfo': authorized = req.infos.userInfo.adminFlag; qry = hero.target; break; case 'comment': authorized = req.isAuthenticated(); qry = hero.target; break; default: } if (qry === '') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + hero.target, }); } else if (authorized === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { if (qry === hero.target) { if (hero.target === 'maintenance') { crossCtl.deleteMaintenanceInfo(function (error) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', maintenanceInfo: null, }); } }); } else if (hero.target === 'businessInfo') { crossCtl.deleteBusinessInfo(function (error) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', businessInfo: null, }); } }); } else if (hero.target === 'support:ask') { qry = 'SELECT * FROM ' + crossCtl.db.options.database + '.tbl_support_list WHERE site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0 AND uid = ' + mysql.escape(uid) + ' ORDER BY serial DESC LIMIT 1'; crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'select, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (results.length == 0) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'no session to close', hero: hero, }); } else { var currentSessionId = results[0].session_id; qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_support_list SET ? WHERE uid = ' + mysql.escape(uid) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND session_id = ' + mysql.escape(currentSessionId); post = { status: 4, }; crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'update, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { qry = 'INSERT INTO ' + crossCtl.db.options.database + '.tbl_support_list SET ? '; post = { site_id: crossCtl.sConfig.type, type: 'system', session_id: currentSessionId, uid: uid, name: req.infos.userInfo.profile.display_name, from_id: uid, message: '사용자에 의해 상담이 종료되었습니다.', status: 4, }; crossCtl.db.doEasyQueryPost( qry, post, function (error, results) { if (error) { utils.log( 'error', 'delete, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } ); } }); } } }); } else if (hero.target === 'comment') { crossCtl.handleComment('delete', req, function (error) { if (error) { utils.log( 'error', 'delete, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { switch (hero.from) { case 'post': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_post_list SET comment_count = comment_count - 1 WHERE pid = ' + mysql.escape(hero.tid); break; case 'board': qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET comment_count = comment_count - 1 WHERE cid = ' + mysql.escape(hero.tid); break; default: qry = ''; } if (qry != '') { crossCtl.db.doEasyQuery(qry, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', pid: hero.hero, }); } }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } }); } else if (hero.target == 'board') { crossCtl.getBoardInfo(hero.boardId, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { cb( { responseCode: 404, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { cb( { responseCode: 500, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (boardInfo == undefined) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'target board not found', hero: hero, }); } else if (userLevel < boardInfo['write_level_min']) { console.log('traped by write_level_min'); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', }); } else { console.log('pass write_level_min test'); qry = 'UPDATE ' + crossCtl.db.options.database + '.tbl_board_list SET ? WHERE cid = ' + mysql.escape(hero.hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND board_id = ' + mysql.escape(boardInfo['bid']); (' AND status = 0'); post = { status: 4, }; console.log('qry = ', qry); crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'insert, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } }); } // do gatekeeping } }); } else { switch (hero.target) { case 'huk': req.workTag.responsePacket.data = []; break; default: } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } else { crossCtl.db.doEasyQueryPost(qry, post, function (error, results) { if (error) { utils.log( 'error', 'delete, hero =', hero, ', error=', error, utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), hero: hero, }); } else { if (hero.target === 'file') { crossCtl.getFidInfoBySerial(hero.hero, function (error, results) { if (error) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), }); } else { if (results.length !== 1) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 404, responseMessage: 'target not found', }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); var fidKey = results[0].fid + '::' + results[0].name; crossCtl.redis.publishMessage({ cmd: 'file', fidKey: fidKey, }); } } }); } else if (hero.target === 'board:info') { crossCtl.redis.publishMessage({ cmd: 'update', target: hero.target, hero: hero.hero, }); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', }); } } }); } } }); function preListWork(req, res, cb) { let target = req.query.target; let hero = req.query.hero; let draw = req.query.draw; let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; switch (target) { case 'board': // 접근 권한이 있는지체크하고 오케이 된 경우에만 다음 작업으로 넘어가자. crossCtl.getBoardInfo(hero, true, function (error, boardInfo) { if (error) { if (error.toString().startsWith('Error: #404')) { cb( { responseCode: 404, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { cb( { responseCode: 500, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } } else { console.log('result of getBoardInfo = ', boardInfo); console.log('read_level_min = ', boardInfo['read_level_min']); console.log('write_level_min = ', boardInfo['write_level_min']); console.log('userLevel = ', userLevel); console.log('condition = ', userLevel < boardInfo['read_level_min']); // do gatekeeping if (userLevel < boardInfo['read_level_min']) { console.log('traped by read_level_min'); cb( { responseCode: 401, responseMessage: 'Unauthorized', draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { console.log('pass read_level_min test'); cb(null, boardInfo); } } }); break; default: cb(null, null); } } function doListWork(req, res, metaData, cb) { var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); var lang = req.infos.lang; moment.locale(lang); var user_info = req.isAuthenticated() ? req.user.user_info : {}; let userLevel = req.isAuthenticated() ? req.user.account_info.user_level : -1; var response = {}; var target = req.query.target; var hero = req.query.hero; var draw = req.query.draw; var start = req.query.start ? req.query.start : 0; var length = req.query.length ? req.query.length : 10; var selectClause = '*'; var tableName = ''; var joinClause = ''; var whereClause = ''; var groupByClause = ''; var orderByClause = 'serial DESC'; var columns = req.query.columns; var order = req.query.order ? req.query.order : []; // orderByClause = '' for (var i = 0; i < order.length; i++) { if (orderByClause !== '') { orderByClause = orderByClause + ', '; } orderByClause = orderByClause + columns[order[i].column].data + ' ' + order[i].dir.toUpperCase(); } // console.log('orderByClause=', orderByClause) var authorized = req.infos.userInfo.adminFlag; switch (target) { case 'admin:board:info:deactivated': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_board_info'; whereClause = ' status <> 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:white': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_white_list'; whereClause = ' site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:board:info:active': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_board_info'; whereClause = ' status = 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'like': authorized = true; tableName = crossCtl.db.options.database + '.tbl_like_list'; whereClause = 'domain = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid); break; case 'comment:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_comment_list'; whereClause = 'tid = ' + mysql.escape(hero) + ' AND status < 4 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial ASC'; break; case 'board': console.log('read_level_min = ', metaData['read_level_min']); console.log('userLevel = ', userLevel); console.log('condition = ', userLevel >= metaData['read_level_min']); authorized = userLevel >= metaData['read_level_min']; console.log('board, authorized = ', authorized); tableName = crossCtl.db.options.database + '.tbl_board_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND board_id = ' + mysql.escape(metaData['bid']) + ' AND status = 0'; orderByClause = 'serial DESC'; break; case 'inquiry': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(uid) + ' AND status = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'inquiry:all': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry:all': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' site_id = ' + mysql.escape(crossCtl.sConfig.type); /* whereClause = ' status = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); */ orderByClause = 'serial DESC'; break; case 'admin:inquiry:wait': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' status = 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry:done': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' status = 2 OR status = 4' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry:user': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'fcmToken:active': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_fcm_tokens'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'files:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_file_list'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'notice:all': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'notice:active': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; break; case 'notice:deleted': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'status <> 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:my': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_support_list'; whereClause = 'uid = ' + mysql.escape(uid) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial ASC'; break; case 'support:all': tableName = crossCtl.db.options.database + '.tbl_support_list'; groupByClause = 'uid'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:active': tableName = crossCtl.db.options.database + '.tbl_support_list'; groupByClause = 'session_id'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:user': tableName = crossCtl.db.options.database + '.tbl_support_list'; // whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0' whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:user:active': tableName = crossCtl.db.options.database + '.tbl_support_list'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'admin:users:level:all': console.log('in get.list, req.sessionID = ', req.sessionID); authorized = req.infos.userInfo.adminFlag; selectClause = '*, ' + crossCtl.db.options.database + '.tbl_account_users.serial as serial'; tableName = crossCtl.db.options.database + '.tbl_account_users'; joinClause = 'LEFT JOIN ' + crossCtl.db.options.database + '.tbl_profile_list ON ' + crossCtl.db.options.database + '.tbl_account_users.uid = ' + crossCtl.db.options.database + '.tbl_profile_list.uid '; whereClause = tableName + '.site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND ' + tableName + '.status = 0'; orderByClause = crossCtl.db.options.database + '.tbl_account_users.' + 'serial DESC'; break; case 'faq:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'list_order DESC'; break; case 'faq:all': tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'faq:deleted': tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'status <> 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:active': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:all': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:withdrawal': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 4' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:deleted': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 9' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:user': tableName = crossCtl.db.options.database + '.tbl_user_log'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:user:active': tableName = crossCtl.db.options.database + '.tbl_user_log'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:credit': tableName = crossCtl.db.options.database + '.tbl_credit_log'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:credit:active': tableName = crossCtl.db.options.database + '.tbl_credit_log'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'statistics': tableName = crossCtl.db.options.database + '.tbl_statistics_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; default: } if (tableName === '') { cb( { responseCode: 500, responseMessage: 'unknown target : ' + target, draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else if (authorized === false) { cb( { responseCode: 401, responseMessage: 'Unauthorized', draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { var targetPageNumber = parseInt(start / length) + 1; var targetPageSize = length; // console.log('targetPageNumber=', targetPageNumber) // console.log('targetPageSize=', targetPageSize) crossCtl.getPagedList( selectClause, tableName, joinClause, whereClause, groupByClause, orderByClause, targetPageSize, targetPageNumber, function (error, results) { var data = []; if (error) { utils.log( 'error', 'error : ' + JSON.stringify(error) + ' ' + utils.__where() ); cb( { responseCode: 500, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }, null ); } else { // console.log('results.fileList=', results.fileList) cb(null, { metaData: metaData, results: results }); } } ); } } function postListWork(req, res, metaData, cb) { var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); var lang = req.infos.lang; moment.locale(lang); var user_info = req.isAuthenticated() ? req.user.user_info : {}; var target = req.query.target; var hero = req.query.hero; var draw = req.query.draw; var rawList = metaData.results.fileList; var filteredMetaData = JSON.parse(JSON.stringify(metaData.metaData)); var filteredData = []; switch (target) { case 'board': delete filteredMetaData.serial; delete filteredMetaData.bid; delete filteredMetaData.site_id; delete filteredMetaData.level_min; delete filteredMetaData.read_level_min; delete filteredMetaData.write_level_min; delete filteredMetaData.memo; delete filteredMetaData.status; delete filteredMetaData.updated; delete filteredMetaData.creaed; break; default: } for (var i = 0; i < rawList.length; i++) { var tmpObject = JSON.parse(JSON.stringify(rawList[i])); if (tmpObject.uid == uid) { tmpObject.myFlag = true; } else { tmpObject.myFlag = false; } /* if (tmpObject.created !== undefined) { tmpObject.created = moment(tmpObject.created).format("LLLL") } if (tmpObject.updated !== undefined) { tmpObject.updated = moment(tmpObject.updated).format("LLLL") } */ switch (target) { case 'board': delete tmpObject.uid; break; case 'admin:users:level:all': // tmpObject.serial let tmpUserInfo = utils.safeJSON(tmpObject.infos); tmpObject.name = tmpObject.display_name; tmpObject.email = tmpUserInfo.email ? tmpUserInfo.email : ''; tmpObject.phone = tmpUserInfo.phone ? tmpUserInfo.phone : ''; tmpObject.memo = tmpUserInfo.memo ? tmpUserInfo.memo : ''; let tmpMailParts = tmpObject.email.split('@'); console.log('tmpMailParts=', tmpMailParts); console.log('tmpObject.email=', tmpObject.email); if (tmpMailParts.length > 1) { tmpObject.domain = tmpObject.email.replace(tmpMailParts[0] + '@', ''); } else { tmpObject.domain = 'unknown'; } switch (tmpObject.user_level) { case 0: case 1: case 2: tmpObject.role = 'user'; break; case 3: tmpObject.role = 'op'; break; case 4: tmpObject.role = 'super'; break; case 5: tmpObject.role = 'admin'; break; default: tmpObject.role = 'unknown'; break; } /* delete tmpObject.auth_key; delete tmpObject.auth_token; delete tmpObject.auth_type; delete tmpObject.coach_id; delete tmpObject.credit_bonus; delete tmpObject.credit_real; delete tmpObject.lock_flag; delete tmpObject.pref_data; delete tmpObject.role_tag; delete tmpObject.site_id; // delete tmpObject.uid; delete tmpObject.withdrawal_info; delete tmpObject.site_id; delete tmpObject.display_name; delete tmpObject.infos; delete tmpObject.photo_url; // delete tmpObject.pid; delete tmpObject.status; delete tmpObject.user_level; */ break; case 'notice:active': case 'notice:all': case 'notice:deleted': break; case 'support:my': case 'support:all': case 'support:all:active': case 'support:user': case 'support:user:active': break; case 'faq:active': case 'faq:all': case 'faq:deleted': break; case 'users:active': case 'users:all': case 'users:withdrawal': case 'users:deleted': break; case 'log:user': case 'log:user:all': break; case 'log:credit': case 'log:credit:all': break; case 'statistics': break; default: } filteredData[filteredData.length] = tmpObject; // console.log('tmpObject=', tmpObject) } cb(null, { responseCode: 200, responseMessage: 'ok', draw: draw, recordsTotal: metaData.results.totalCount, pageSize: metaData.results.pageSize, totalPageCount: metaData.results.totalPageCount, currentPageNumber: metaData.results.currentPageNumber, recordsFiltered: filteredData.length, metaData: filteredMetaData, data: filteredData, }); } function handleListWork(req, res) { preListWork(req, res, function (errorResponseData, metaData) { if (errorResponseData) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, ...errorResponseData, }); } else { doListWork(req, res, metaData, function (errorResponseData, results) { if (errorResponseData) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, ...errorResponseData, }); } else { postListWork( req, res, results, function (errorResponseData, responseData) { if (errorResponseData) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, ...errorResponseData, }); } else { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, ...responseData, }); } } ); } }); } }); } router.get('/list', function (req, res) { handleListWork(req, res); }); router.get('/listBack', function (req, res) { // console.log('/list, query=', req.query) var uid = req.isAuthenticated() ? req.user.uid : utils.uuid('uid_' + req.sessionID); var lang = req.infos.lang; moment.locale(lang); var user_info = req.isAuthenticated() ? req.user.user_info : {}; var response = {}; var target = req.query.target; var hero = req.query.hero; var draw = req.query.draw; var start = req.query.start ? req.query.start : 0; var length = req.query.length ? req.query.length : 10; var selectClause = '*'; var tableName = ''; var joinClause = ''; var whereClause = ''; var groupByClause = ''; var orderByClause = 'serial DESC'; var columns = req.query.columns; var order = req.query.order ? req.query.order : []; // orderByClause = '' for (var i = 0; i < order.length; i++) { if (orderByClause !== '') { orderByClause = orderByClause + ', '; } orderByClause = orderByClause + columns[order[i].column].data + ' ' + order[i].dir.toUpperCase(); } // console.log('orderByClause=', orderByClause) var authorized = req.infos.userInfo.adminFlag; switch (target) { case 'admin:board:info:deactivated': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_board_info'; whereClause = ' status <> 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:board:info:active': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_board_info'; whereClause = ' status = 0 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'like': authorized = true; tableName = crossCtl.db.options.database + '.tbl_like_list'; whereClause = 'domain = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND uid = ' + mysql.escape(uid); break; case 'comment:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_comment_list'; whereClause = 'tid = ' + mysql.escape(hero) + ' AND status < 4 AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial ASC'; break; case 'board': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_board_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND board_id = ' + mysql.escape(hero) + ' AND status = 0'; orderByClause = 'serial DESC'; break; case 'inquiry': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(uid) + ' AND status = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'inquiry:all': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(uid) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' status = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry:done': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' status = 2 OR status = 4' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'admin:inquiry:user': authorized = req.infos.userInfo.adminFlag; tableName = crossCtl.db.options.database + '.tbl_inquiry_list'; whereClause = ' uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial DESC'; break; case 'fcmToken:active': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_fcm_tokens'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'files:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_file_list'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'notice:all': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'notice:active': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0'; break; case 'notice:deleted': tableName = crossCtl.db.options.database + '.tbl_notice_list'; whereClause = 'status <> 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:my': authorized = req.infos.userInfo.loginFlag; tableName = crossCtl.db.options.database + '.tbl_support_list'; whereClause = 'uid = ' + mysql.escape(uid) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'serial ASC'; break; case 'support:all': tableName = crossCtl.db.options.database + '.tbl_support_list'; groupByClause = 'uid'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:active': tableName = crossCtl.db.options.database + '.tbl_support_list'; groupByClause = 'session_id'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:user': tableName = crossCtl.db.options.database + '.tbl_support_list'; // whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND status = 0' whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'support:user:active': tableName = crossCtl.db.options.database + '.tbl_support_list'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'admin:users:level:all': console.log('in get.list, req.sessionID = ', req.sessionID); authorized = req.infos.userInfo.adminFlag; selectClause = '*, ' + crossCtl.db.options.database + '.tbl_account_users.serial as serial'; tableName = crossCtl.db.options.database + '.tbl_account_users'; joinClause = 'LEFT JOIN ' + crossCtl.db.options.database + '.tbl_profile_list ON ' + crossCtl.db.options.database + '.tbl_account_users.uid = ' + crossCtl.db.options.database + '.tbl_profile_list.uid '; whereClause = tableName + '.site_id = ' + mysql.escape(crossCtl.sConfig.type) + ' AND ' + tableName + '.status = 0'; orderByClause = crossCtl.db.options.database + '.tbl_account_users.' + 'serial DESC'; break; case 'faq:active': authorized = true; tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); orderByClause = 'list_order DESC'; break; case 'faq:all': tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'faq:deleted': tableName = crossCtl.db.options.database + '.tbl_faq_list'; whereClause = 'status <> 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:active': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 0' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:all': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:withdrawal': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 4' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'users:deleted': tableName = crossCtl.db.options.database + '.tbl_account_users'; whereClause = 'status = 9' + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:user': tableName = crossCtl.db.options.database + '.tbl_user_log'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:user:active': tableName = crossCtl.db.options.database + '.tbl_user_log'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:credit': tableName = crossCtl.db.options.database + '.tbl_credit_log'; whereClause = 'uid = ' + mysql.escape(hero) + ' AND site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'log:credit:active': tableName = crossCtl.db.options.database + '.tbl_credit_log'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; case 'statistics': tableName = crossCtl.db.options.database + '.tbl_statistics_list'; whereClause = 'site_id = ' + mysql.escape(crossCtl.sConfig.type); break; default: } if (tableName === '') { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: 'unknown target : ' + target, draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }); } else if (authorized === false) { req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 401, responseMessage: 'Unauthorized', draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }); } else { var targetPageNumber = parseInt(start / length) + 1; var targetPageSize = length; // console.log('targetPageNumber=', targetPageNumber) // console.log('targetPageSize=', targetPageSize) crossCtl.getPagedList( selectClause, tableName, joinClause, whereClause, groupByClause, orderByClause, targetPageSize, targetPageNumber, function (error, results) { var data = []; if (error) { utils.log( 'error', 'error : ' + JSON.stringify(error) + ' ' + utils.__where() ); req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 500, responseMessage: error.message ? error.message : error.toString(), draw: draw, recordsTotal: 0, recordsFiltered: 0, data: [], }); } else { // console.log('results.fileList=', results.fileList) var rawList = results.fileList; var filteredData = []; for (var i = 0; i < rawList.length; i++) { var tmpObject = JSON.parse(JSON.stringify(rawList[i])); if (tmpObject.uid == uid) { tmpObject.myFlag = true; } else { tmpObject.myFlag = false; } /* if (tmpObject.created !== undefined) { tmpObject.created = moment(tmpObject.created).format("LLLL") } if (tmpObject.updated !== undefined) { tmpObject.updated = moment(tmpObject.updated).format("LLLL") } */ switch (target) { case 'board': delete tmpObject.uid; break; case 'admin:users:level:all': // tmpObject.serial let tmpUserInfo = utils.safeJSON(tmpObject.infos); tmpObject.name = tmpObject.display_name; tmpObject.email = tmpUserInfo.email ? tmpUserInfo.email : ''; tmpObject.phone = tmpUserInfo.phone ? tmpUserInfo.phone : ''; tmpObject.memo = tmpUserInfo.memo ? tmpUserInfo.memo : ''; let tmpMailParts = tmpObject.email.split('@'); console.log('tmpMailParts=', tmpMailParts); console.log('tmpObject.email=', tmpObject.email); if (tmpMailParts.length > 1) { tmpObject.domain = tmpObject.email.replace( tmpMailParts[0] + '@', '' ); } else { tmpObject.domain = 'unknown'; } switch (tmpObject.user_level) { case 0: case 1: case 2: tmpObject.role = 'user'; break; case 3: tmpObject.role = 'op'; break; case 4: tmpObject.role = 'super'; break; case 5: tmpObject.role = 'admin'; break; default: tmpObject.role = 'unknown'; break; } /* delete tmpObject.auth_key; delete tmpObject.auth_token; delete tmpObject.auth_type; delete tmpObject.coach_id; delete tmpObject.credit_bonus; delete tmpObject.credit_real; delete tmpObject.lock_flag; delete tmpObject.pref_data; delete tmpObject.role_tag; delete tmpObject.site_id; // delete tmpObject.uid; delete tmpObject.withdrawal_info; delete tmpObject.site_id; delete tmpObject.display_name; delete tmpObject.infos; delete tmpObject.photo_url; // delete tmpObject.pid; delete tmpObject.status; delete tmpObject.user_level; */ break; case 'notice:active': case 'notice:all': case 'notice:deleted': break; case 'support:my': case 'support:all': case 'support:all:active': case 'support:user': case 'support:user:active': break; case 'faq:active': case 'faq:all': case 'faq:deleted': break; case 'users:active': case 'users:all': case 'users:withdrawal': case 'users:deleted': break; case 'log:user': case 'log:user:all': break; case 'log:credit': case 'log:credit:all': break; case 'statistics': break; default: } filteredData[filteredData.length] = tmpObject; // console.log('tmpObject=', tmpObject) } req.workTag .res() .status(200) .send({ ...req.workTag.responsePacket, responseCode: 200, responseMessage: 'ok', draw: draw, recordsTotal: results.totalCount, recordsFiltered: results.totalCount, pageSize: results.pageSize, totalPageCount: results.totalPageCount, currentPageNumber: results.currentPageNumber, recordsFiltered: results.totalCount, data: filteredData, }); } } ); } }); module.exports = router;