Merge pull request #65 from WaifuAPI/staging

Staging

Author: kyrea

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "waifu.it",
-  "version": "4.8.0",
+  "version": "4.9.1",
   "description": "Random API Serving Anime stuff",
   "author": "Aeryk",
   "private": true,
@@ -28,7 +28,7 @@
     "is-interactive": "^1.0.0",
     "moment": "^2.29.4",
     "mongodb": "^3.6.9",
-    "mongoose": "^5.13.20",
+    "mongoose": "^8.9.5",
     "ora": "^5.4.1",
     "owoify-js": "^2.0.0",
     "path": "^0.12.7",

package.json

@@ -0,0 +1,56 @@
+import createError from 'http-errors';
+import System from '../../../models/schemas/System.js';
+
+// Get membership details
+const getMembership = async (req, res, next) => {
+  const key = req.headers.key;
+
+  // Check for valid access key in headers
+  if (!key || key !== process.env.ACCESS_KEY) {
+    return res.status(401).json({
+      message: 'Unauthorized',
+    });
+  }
+
+  try {
+    // Check if any data exists
+    let membershipData = await System.findOne({}, { membership: 1, _id: 0 });
+
+    // If no data exists, insert sample data (only runs once)
+    if (!membershipData) {
+      membershipData = await System.findOne({}, { membership: 1, _id: 0 });
+    }
+
+    // Get valid keys dynamically from schema data
+    const validFields = Object.keys(membershipData.membership);
+    // Parse query parameters correctly
+    const queryParams = req.query.q ? req.query.q.split(',').map(param => param.trim()) : [];
+    // If no query params, return full membership object
+    if (queryParams.length === 0) {
+      return res.status(200).json(membershipData);
+    }
+
+    // Validate query parameters
+    const selectedFields = queryParams.filter(field => validFields.includes(field));
+
+    if (selectedFields.length === 0) {
+      return res.status(400).json({ message: 'Invalid query parameter(s)' });
+    }
+
+    // Construct projection object dynamically
+    const projection = selectedFields.reduce((acc, field) => ({ ...acc, [`membership.${field}`]: 1 }), { _id: 0 });
+
+    // Fetch only the requested fields
+    const result = await System.findOne({}, projection);
+
+    if (!result) {
+      return next(createError(404, 'No membership data found'));
+    }
+
+    res.status(200).json(result);
+  } catch (error) {
+    return next(error);
+  }
+};
+
+export { getMembership };

src/controllers/v4/internal/membership.js

@@ -28,36 +28,149 @@ const retrieveUserProfile = async (req, res, next) => {
 };
 
 /**
- * Fetches user profile data based on the provided user ID and Reset Token.
+ * Processes user actions such as addquota, removequota, updaterole, banuser and updatetoken
  *
  * @param {Object} req - Express request object.
  * @param {Object} res - Express response object.
  * @param {Function} next - Express next middleware function.
- * @returns {Object} - User profile data.
+ * @returns {Object} - Response with action results or errors.
  */
-const updateUserToken = async (req, res, next) => {
+const processUserAction = async (req, res, next) => {
   const key = req.headers.key;
+
   // Check for valid access key in headers
   if (!key || key !== process.env.ACCESS_KEY) {
     return res.status(401).json({
       message: 'Unauthorized',
     });
   }
-  const user = await Users.findById(req.params.id);
-  if (!user) {
-    return res.status(404).json({ message: 'User not found' }); // User not found
-  }
 
-  // Update user's token in the database
-  await Users.updateOne(
-    { _id: { $eq: req.params.id } },
-    { $set: { token: generateToken(req.params.id, process.env.HMAC_KEY) } },
-  );
+  const userId = req.params.id;
+  const { action, amount, reason, executor, expiry } = req.body; // Extract fields from the request body
 
-  // This will return the data however it won't be the latest one after updating the token
-  return res.status(200).json({
-    message: 'Token reset successfully.',
-  });
+  try {
+    // Fetch user by ID
+    const user = await Users.findById(userId);
+    if (!user) {
+      return res.status(404).json({ message: 'User not found' }); // User not found
+    }
+
+    let updatedUser;
+
+    // Handle different actions
+    switch (action) {
+      case 'addquota':
+        if (!amount || amount <= 0) {
+          return res.status(400).json({ message: 'Invalid quota amount' });
+        }
+        user.req_quota = (user.req_quota || 0) + Number(amount);
+
+        // Update status history
+        user.status_history.push({
+          _id: user.status_history.length + 1,
+          timestamp: new Date(),
+          reason: reason || 'Quota added',
+          value: `+${amount} quota`,
+          executor: executor || 'system',
+        });
+
+        updatedUser = await user.save();
+        break;
+
+      case 'removequota':
+        if (!amount || amount <= 0) {
+          return res.status(400).json({ message: 'Invalid quota amount' });
+        }
+        if ((user.req_quota || 0) < amount) {
+          return res.status(400).json({ message: 'Insufficient quota' });
+        }
+        user.req_quota = (user.req_quota || 0) - Number(amount);
+
+        // Update status history
+        user.status_history.push({
+          _id: user.status_history.length + 1,
+          timestamp: new Date(),
+          reason: reason || 'Quota removed',
+          value: `-${amount} quota`,
+          executor: executor || 'system',
+        });
+
+        updatedUser = await user.save();
+        break;
+
+      case 'ban':
+        if (!reason) {
+          return res.status(400).json({ message: 'Ban reason is required' });
+        }
+        user.banned = true;
+
+        // Update status history
+        user.status_history.push({
+          _id: user.status_history.length + 1,
+          timestamp: new Date(),
+          expiry: expiry || null,
+          reason,
+          isBanned: true,
+          executor: executor || 'system',
+        });
+
+        updatedUser = await user.save();
+        break;
+      case 'unban':
+        if (!reason) {
+          return res.status(400).json({ message: 'Unban reason is required' });
+        }
+        user.banned = false;
+
+        // Update status history
+        user.status_history.push({
+          _id: user.status_history.length + 1,
+          timestamp: new Date(),
+          expiry: expiry || null,
+          reason,
+          isBanned: false,
+          executor: executor || 'system',
+        });
+
+        updatedUser = await user.save();
+        break;
+
+      case 'updatetoken':
+        if (!reason) {
+          return res.status(400).json({ message: 'Token update reason is required' });
+        }
+        const token = generateToken(userId, process.env.HMAC_KEY);
+        user.token = token;
+
+        // Update status history
+        user.status_history.push({
+          _id: user.status_history.length + 1,
+          timestamp: new Date(),
+          reason: reason || 'Token updated',
+          value: token,
+          executor: executor || 'system',
+        });
+
+        updatedUser = await user.save();
+        break;
+
+      default:
+        return res.status(400).json({ message: `Invalid action: ${action}` });
+    }
+
+    // Respond with updated user data
+    return res.status(200).json({
+      success: true,
+      message: `${action} executed successfully`,
+      user: updatedUser,
+    });
+  } catch (error) {
+    // Handle server errors
+    return res.status(500).json({
+      message: 'An error occurred while processing the action',
+      error: error.message,
+    });
+  }
 };
 
 /**
@@ -178,4 +291,4 @@ const getUser = async (req, res, next) => {
   }
 };
 
-export { retrieveUserProfile, updateUserToken, processUserSessionAndUpdate, getUser };
+export { retrieveUserProfile, processUserAction, processUserSessionAndUpdate, getUser };

src/controllers/v4/internal/user.js

@@ -37,10 +37,7 @@ const setupServer = async () => {
      * Connecting to the MongoDB database.
      * @type {mongoose.Connection}
      */
-    const dbConnection = await mongoose.connect(process.env.MONGODB_URI, {
-      useUnifiedTopology: true,
-      useNewUrlParser: true,
-    });
+    const dbConnection = await mongoose.connect(process.env.MONGODB_URI, {});
 
     /**
      * Starting the Express server and logging success message.

src/index.js

@@ -0,0 +1,27 @@
+import mongoose from 'mongoose';
+const { Schema, model } = mongoose;
+
+const SystemSchema = new Schema({
+  _id: String,
+  membership: {
+    features: [],
+    plans: [
+      {
+        _id: String,
+        name: { type: String, required: true, unique: true },
+        monthlyPrice: { type: Number, required: true },
+        annualPrice: { type: Number, required: true },
+        current: Boolean,
+        available: Boolean,
+        features: [
+          {
+            text: String,
+            status: { type: String, enum: ['available', 'limited', 'unavailable'] },
+          },
+        ],
+      },
+    ],
+  },
+});
+
+export default model('System', SystemSchema);

src/models/schemas/System.js

@@ -50,24 +50,50 @@ const UserSchema = new mongoose.Schema({
    */
   status_history: [
     {
+      /**
+       * Unique identifier for the status change.
+       * @type {string}
+       * @required
+       */
+      _id: String,
       /**
        * Timestamp of the status change.
        * @type {Date}
        * @default Date.now
        */
       timestamp: { type: Date, default: Date.now },
 
+      /**
+       * Expiry date for the status change.
+       * @type {Date}
+       * @default Date.now
+       */
+      expiry: { type: Date },
+
       /**
        * The reason for the status change.
        * @type {string}
        */
       reason: { type: String },
 
+      /**
+       * The value of the status change either quota or role or subscription or new email.
+       * @type {string}
+       * @default 'null'
+       */
+      value: { type: String },
       /**
        * Flag indicating whether the user is banned at this status change.
        * @type {boolean}
        */
       isBanned: { type: Boolean },
+
+      /**
+       * Information about the staff member who performed the action.
+       * @type {Object}
+       * @required
+       */
+      executor: String,
     },
   ],
 

src/models/schemas/User.js

@@ -1208,6 +1208,22 @@ import statsRoutes from './internal/stats.js';
  */
 router.use('/stats', statsRoutes);
 
+import membershipRoutes from './internal/membership.js';
+
+/**
+ * @api {use} Mount Membership Routes
+ * @apiDescription Mount the membership-related routes for handling interactions.
+ * @apiName UseMembershipRoutes
+ * @apiGroup Routes
+ *
+ * @apiSuccess {Object} routes Membership-related routes mounted on the parent router.
+ *
+ * @function createMembershipRoutes
+ * @description Creates and returns a set of routes for handling interactions related to Membership.
+ * @returns {Object} Membership-related routes.
+ */
+router.use('/membership', membershipRoutes);
+
 /**
  * Exporting the router for use in other parts of the application.
  * @exports {Router} router - Express Router instance with mounted routes.

src/routes/v4/index.js

@@ -0,0 +1,40 @@
+import { Router } from 'express';
+import { getMembership } from '../../../controllers/v4/internal/membership.js';
+import createRateLimiter from '../../../middlewares/rateLimit.js';
+
+const router = Router();
+
+router
+  .route('/')
+  /**
+   * @api {get} v4/membership Get Membership Details
+   * @apiDescription Retrieve membership details, including plans and features.
+   * @apiName getMembership
+   * @apiGroup Membership
+   * @apiPermission user
+   *
+   * @apiHeader {String} Authorization System access token.
+   *
+   * @apiParam {String} [q] Optional query parameter to filter results.
+   * @apiParamExample {json} Request Example:
+   *    GET /membership?q=plans&features
+   *
+   * @apiSuccess {Object} membership Membership object.
+   * @apiSuccessExample {json} Success Response:
+   *    {
+   *      "membership": {
+   *        "plans": [...],
+   *        "features": [...]
+   *      }
+   *    }
+   *
+   * @apiError (Unauthorized 401) Unauthorized Only authenticated users can access the data.
+   * @apiError (Forbidden 403) Forbidden Only authorized users can access the data.
+   * @apiError (Too Many Requests 429) TooManyRequests The client has exceeded the allowed number of requests within the time window.
+   * @apiError (Bad Request 400) BadRequest Invalid query parameter(s) provided.
+   * @apiError (Internal Server Error 500) InternalServerError An error occurred while processing the request.
+   */
+  .get(createRateLimiter(), getMembership);
+
+// Export the router
+export default router;

src/routes/v4/internal/membership.js

@@ -1,7 +1,7 @@
 import { Router } from 'express';
 import {
   retrieveUserProfile,
-  updateUserToken,
+  processUserAction,
   processUserSessionAndUpdate,
   getUser,
 } from '../../../controllers/v4/internal/user.js';
@@ -18,7 +18,7 @@ router
    * @apiGroup UserManagement
    * @apiPermission user
    *
-   * @apiHeader {String} Authorization User's access token.
+   * @apiHeader {String} Key Internal access token
    *
    * @apiSuccess {Object} userDetails User's details.
    * @apiSuccess {String} userDetails.username User's username.
@@ -48,7 +48,7 @@ router
    * @apiGroup UserManagement
    * @apiPermission sudo
    *
-   * @apiHeader {String} Authorization User's access token.
+   * @apiHeader {String} Key Internal access token
    *
    * @apiParam {String} id User's unique identifier.
    *
@@ -70,28 +70,34 @@ router
    */
   .get(createRateLimiter(), retrieveUserProfile)
   /**
-   * @api {patch} v4/user/profile/:id Get User Profile and Update reset the existing token
-   * @apiDescription Update the token for a specific user
-   * @apiName updateUserToken
+   * @api {patch} v4/user/profile/:id Perform User Action (addquota, removequota, ban, unban, updatetoken)
+   * @apiDescription Processes various user actions including adding/removing quota, banning/unbanning users, and updating user token.
+   * @apiName processUserAction
    * @apiGroup UserManagement
    * @apiPermission sudo
    *
-   * @apiHeader {String} Authorization User's access token.
+   * @apiHeader {String} Key Internal access token
    *
    * @apiParam {String} id User's unique identifier.
-   *
-   * @apiSuccess {Object} message
-   * @apiError (Unauthorized 401) Unauthorized Only authenticated users can access the data.
-   * @apiError (Forbidden 403) Forbidden Only authorized users can access the data.
-   * @apiError (Too Many Requests 429) TooManyRequests The client has exceeded the allowed number of requests within the time window.
-   * @apiError (Internal Server Error 500) InternalServerError An error occurred while processing the rate limit.
+   * @apiParam {String} action Action to be performed (e.g., addquota, removequota, ban, unban, updatetoken).
+   * @apiParam {String} [amount] Amount of quota to add or remove (required for addquota/removequota).
+   * @apiParam {String} [reason] Reason for the action (required for ban, unban, and updatetoken).
+   * @apiParam {String} [executor] Executor of the action (optional).
+   * @apiParam {String} [expiry] Expiry of the ban (optional).
+   *
+   * @apiSuccess {Object} message Success message with details of the performed action.
+   * @apiSuccess {Object} user Updated user data after the action.
+   * @apiError (Unauthorized 401) Unauthorized Only authenticated users can perform actions.
+   * @apiError (Forbidden 403) Forbidden Only authorized users can perform certain actions.
+   * @apiError (Bad Request 400) BadRequest Invalid parameters for the specified action.
+   * @apiError (Internal Server Error 500) InternalServerError An error occurred while processing the action.
    *
    * @api {function} createRateLimiter
    * @apiDescription Creates a rate limiter middleware to control the frequency of requests.
    * @apiSuccess {function} middleware Express middleware function that handles rate limiting.
-   *
    */
-  .patch(createRateLimiter(), updateUserToken);
+
+  .patch(createRateLimiter(), processUserAction);
 
 // Export the router
 export default router;