Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-24 07:39:44 +02:00
Code Issues Releases Activity

feat: Version 2

Browse source 
Closes #627, closes #1047
This commit is contained in:
Maksim Eltyshev 2025-05-10 02:09:06 +02:00
parent ad7fb51cfa
commit 2ee1166747
1557 changed files with 76832 additions and 47042 deletions
Download patch file Download diff file Expand all files Collapse all files

41
server/api/controllers/users/create.js
View file

@ -1,4 +1,9 @@
const zxcvbn = require('zxcvbn');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { isPassword } = require('../../../utils/validators');
const Errors = {
NOT_ENOUGH_RIGHTS: {
@ -10,24 +15,33 @@ const Errors = {
USERNAME_ALREADY_IN_USE: {
usernameAlreadyInUse: 'Username already in use',
},
ACTIVE_LIMIT_REACHED: {
activeLimitReached: 'Active limit reached',
},
};
const passwordValidator = (value) => zxcvbn(value).score >= 2; // TODO: move to config
module.exports = {
inputs: {
email: {
type: 'string',
maxLength: 256,
isEmail: true,
required: true,
},
password: {
type: 'string',
custom: passwordValidator,
maxLength: 256,
custom: isPassword,
required: true,
},
role: {
type: 'string',
isIn: Object.values(User.Roles),
required: true,
},
name: {
type: 'string',
maxLength: 128,
required: true,
},
username: {
@ -41,11 +55,13 @@ module.exports = {
phone: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
organization: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
language: {
@ -56,6 +72,12 @@ module.exports = {
subscribeToOwnCards: {
type: 'boolean',
},
subscribeToCardWhenCommenting: {
type: 'boolean',
},
turnOffRecentCardHighlighting: {
type: 'boolean',
},
},
exits: {
@ -68,6 +90,9 @@ module.exports = {
usernameAlreadyInUse: {
responseType: 'conflict',
},
activeLimitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
@ -80,12 +105,15 @@ module.exports = {
const values = _.pick(inputs, [
'email',
'password',
'role',
'name',
'username',
'phone',
'organization',
'language',
'subscribeToOwnCards',
'subscribeToCardWhenCommenting',
'turnOffRecentCardHighlighting',
]);
const user = await sails.helpers.users.createOne
@ -95,10 +123,11 @@ module.exports = {
request: this.req,
})
.intercept('emailAlreadyInUse', () => Errors.EMAIL_ALREADY_IN_USE)
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE);
.intercept('usernameAlreadyInUse', () => Errors.USERNAME_ALREADY_IN_USE)
.intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

14
server/api/controllers/users/delete.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
@ -10,8 +17,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -28,7 +34,7 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -49,7 +55,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

27
server/api/controllers/users/index.js
View file

@ -1,9 +1,32 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
};
module.exports = {
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
},
async fn() {
const users = await sails.helpers.users.getMany();
const { currentUser } = this.req;
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
const users = await User.qm.getAll();
return {
items: users,
items: sails.helpers.users.presentMany(users, currentUser),
};
},
};

37
server/api/controllers/users/show.js
View file

@ -1,3 +1,10 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { ID_REGEX, MAX_STRING_ID, isIdInRange } = require('../../../utils/validators');
const Errors = {
USER_NOT_FOUND: {
userNotFound: 'User not found',
@ -6,11 +13,17 @@ const Errors = {
const CURRENT_USER_ID = 'me';
const ID_OR_CURRENT_USER_ID_REGEX = new RegExp(`${ID_REGEX}|^${CURRENT_USER_ID}$`);
const isCurrentUserIdOrIdInRange = (value) => value === CURRENT_USER_ID || isIdInRange(value);
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+|me$/,
maxLength: MAX_STRING_ID.length,
regex: ID_OR_CURRENT_USER_ID_REGEX,
custom: isCurrentUserIdOrIdInRange,
required: true,
},
subscribe: {
@ -19,21 +32,30 @@ module.exports = {
},
exits: {
boardNotFound: {
userNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
const { currentUser } = this.req;
let user;
if (inputs.id === CURRENT_USER_ID) {
({ currentUser: user } = this.req);
let notificationServices = [];
if (inputs.id === CURRENT_USER_ID || inputs.id === currentUser.id) {
user = currentUser;
notificationServices = await NotificationService.qm.getByUserId(currentUser.id);
if (inputs.subscribe && this.req.isSocket) {
sails.sockets.join(this.req, `user:${user.id}`);
}
} else {
user = await sails.helpers.users.getOne(inputs.id);
if (!sails.helpers.users.isAdminOrProjectOwner(currentUser)) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -41,7 +63,10 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
included: {
notificationServices,
},
};
},
};

30
server/api/controllers/users/update-avatar.js
View file

@ -1,4 +1,9 @@
const rimraf = require('rimraf');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
USER_NOT_FOUND: {
@ -15,8 +20,7 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
},
@ -40,8 +44,8 @@ module.exports = {
const { currentUser } = this.req;
let user;
if (currentUser.isAdmin) {
user = await sails.helpers.users.getOne(inputs.id);
if (currentUser.role === User.Roles.ADMIN) {
user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -65,22 +69,14 @@ module.exports = {
const file = _.last(files);
const fileData = await sails.helpers.users
const avatar = await sails.helpers.users
.processUploadedAvatarFile(file)
.intercept('fileIsNotImage', () => {
try {
rimraf.sync(file.fd);
} catch (error) {
console.warn(error.stack); // eslint-disable-line no-console
}
return Errors.FILE_IS_NOT_IMAGE;
});
.intercept('fileIsNotImage', () => Errors.FILE_IS_NOT_IMAGE);
user = await sails.helpers.users.updateOne.with({
record: user,
values: {
avatar: fileData,
avatar,
},
actorUser: currentUser,
request: this.req,
@ -91,7 +87,7 @@ module.exports = {
}
return exits.success({
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
});
},
};

43
server/api/controllers/users/update-email.js
View file

@ -1,15 +1,22 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const bcrypt = require('bcrypt');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
EMAIL_ALREADY_IN_USE: {
emailAlreadyInUse: 'Email already in use',
},
@ -18,18 +25,19 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
email: {
type: 'string',
maxLength: 256,
isEmail: true,
required: true,
},
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -37,12 +45,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
emailAlreadyInUse: {
responseType: 'conflict',
},
@ -55,25 +63,26 @@ module.exports = {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
} else if (!currentUser.isAdmin) {
} else if (currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
if (user.email === sails.config.custom.defaultAdminEmail || user.isSsoUser) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.INVALID_CURRENT_PASSWORD;
if (inputs.id === currentUser.id) {
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
const values = _.pick(inputs, ['email']);
@ -92,7 +101,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

58
server/api/controllers/users/update-password.js
View file

@ -1,37 +1,42 @@
const bcrypt = require('bcrypt');
const zxcvbn = require('zxcvbn');
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { getRemoteAddress } = require('../../../utils/remoteAddress');
const bcrypt = require('bcrypt');
const { isPassword } = require('../../../utils/validators');
const { idInput } = require('../../../utils/inputs');
const { getRemoteAddress } = require('../../../utils/remote-address');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
};
const passwordValidator = (value) => zxcvbn(value).score >= 2; // TODO: move to config
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
password: {
type: 'string',
custom: passwordValidator,
maxLength: 256,
custom: isPassword,
required: true,
},
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -39,12 +44,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
},
async fn(inputs) {
@ -54,25 +59,26 @@ module.exports = {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
} else if (!currentUser.isAdmin) {
} else if (currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
if (user.email === sails.config.custom.defaultAdminEmail || user.isSso) {
if (user.email === sails.config.custom.defaultAdminEmail || user.isSsoUser) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (
inputs.id === currentUser.id &&
!bcrypt.compareSync(inputs.currentPassword, user.password)
) {
throw Errors.INVALID_CURRENT_PASSWORD;
if (inputs.id === currentUser.id) {
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
const values = _.pick(inputs, ['password']);
@ -91,10 +97,10 @@ module.exports = {
if (user.id === currentUser.id) {
const { token: accessToken } = sails.helpers.utils.createJwtToken(
user.id,
user.passwordUpdatedAt,
user.passwordChangedAt,
);
await Session.create({
await Session.qm.createOne({
accessToken,
httpOnlyToken: currentSession.httpOnlyToken,
userId: user.id,
@ -103,7 +109,7 @@ module.exports = {
});
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
included: {
accessTokens: [accessToken],
},
@ -111,7 +117,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

40
server/api/controllers/users/update-username.js
View file

@ -1,15 +1,22 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const bcrypt = require('bcrypt');
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
INVALID_CURRENT_PASSWORD: {
invalidCurrentPassword: 'Invalid current password',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
USERNAME_ALREADY_IN_USE: {
usernameAlreadyInUse: 'Username already in use',
},
@ -18,11 +25,11 @@ const Errors = {
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
username: {
type: 'string',
isNotEmptyString: true,
minLength: 3,
maxLength: 16,
@ -32,6 +39,7 @@ module.exports = {
currentPassword: {
type: 'string',
isNotEmptyString: true,
maxLength: 256,
},
},
@ -39,12 +47,12 @@ module.exports = {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
invalidCurrentPassword: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
usernameAlreadyInUse: {
responseType: 'conflict',
},
@ -53,11 +61,11 @@ module.exports = {
async fn(inputs) {
const { currentUser } = this.req;
if (inputs.id !== currentUser.id && !currentUser.isAdmin) {
if (inputs.id !== currentUser.id && currentUser.role !== User.Roles.ADMIN) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
@ -67,12 +75,18 @@ module.exports = {
throw Errors.NOT_ENOUGH_RIGHTS;
}
if (user.isSso) {
if (user.isSsoUser) {
if (!sails.config.custom.oidcIgnoreUsername) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
} else if (inputs.id === currentUser.id) {
if (!inputs.currentPassword || !bcrypt.compareSync(inputs.currentPassword, user.password)) {
if (!inputs.currentPassword) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
const isCurrentPasswordValid = await bcrypt.compare(inputs.currentPassword, user.password);
if (!isCurrentPasswordValid) {
throw Errors.INVALID_CURRENT_PASSWORD;
}
}
@ -93,7 +107,7 @@ module.exports = {
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};

124
server/api/controllers/users/update.js
View file

@ -1,37 +1,51 @@
/*!
* Copyright (c) 2024 PLANKA Software GmbH
* Licensed under the Fair Use License: https://github.com/plankanban/planka/blob/master/LICENSE.md
*/
const { idInput } = require('../../../utils/inputs');
const Errors = {
NOT_ENOUGH_RIGHTS: {
notEnoughRights: 'Not enough rights',
},
USER_NOT_FOUND: {
userNotFound: 'User not found',
},
ACTIVE_LIMIT_REACHED: {
activeLimitReached: 'Active limit reached',
},
};
const avatarUrlValidator = (value) => _.isNull(value);
module.exports = {
inputs: {
id: {
type: 'string',
regex: /^[0-9]+$/,
...idInput,
required: true,
},
isAdmin: {
type: 'boolean',
role: {
type: 'string',
isIn: Object.values(User.Roles),
},
name: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
},
avatarUrl: {
avatar: {
type: 'json',
custom: avatarUrlValidator,
custom: _.isNull,
},
phone: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
organization: {
type: 'string',
isNotEmptyString: true,
maxLength: 128,
allowNull: true,
},
language: {
@ -42,69 +56,115 @@ module.exports = {
subscribeToOwnCards: {
type: 'boolean',
},
subscribeToCardWhenCommenting: {
type: 'boolean',
},
turnOffRecentCardHighlighting: {
type: 'boolean',
},
enableFavoritesByDefault: {
type: 'boolean',
},
defaultEditorMode: {
type: 'string',
isIn: Object.values(User.EditorModes),
},
defaultHomeView: {
type: 'string',
isIn: Object.values(User.HomeViews),
},
defaultProjectsOrder: {
type: 'string',
isIn: Object.values(User.ProjectOrders),
},
isDeactivated: {
type: 'boolean',
},
},
exits: {
notEnoughRights: {
responseType: 'forbidden',
},
userNotFound: {
responseType: 'notFound',
},
activeLimitReached: {
responseType: 'conflict',
},
},
async fn(inputs) {
const { currentUser } = this.req;
if (!currentUser.isAdmin) {
if (inputs.id !== currentUser.id) {
throw Errors.USER_NOT_FOUND; // Forbidden
}
delete inputs.isAdmin; // eslint-disable-line no-param-reassign
const availableInputKeys = ['id', 'name', 'avatar', 'phone', 'organization'];
if (inputs.id === currentUser.id) {
availableInputKeys.push(...User.PERSONAL_FIELD_NAMES);
} else if (currentUser.role === User.Roles.ADMIN) {
availableInputKeys.push('role', 'isDeactivated');
} else {
throw Errors.USER_NOT_FOUND; // Forbidden
}
let user = await sails.helpers.users.getOne(inputs.id);
if (_.difference(Object.keys(inputs), availableInputKeys).length > 0) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
let user = await User.qm.getOneById(inputs.id);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
// TODO: refactor
if (user.email === sails.config.custom.defaultAdminEmail) {
/* eslint-disable no-param-reassign */
delete inputs.isAdmin;
delete inputs.name;
/* eslint-enable no-param-reassign */
} else if (user.isSso) {
if (!sails.config.custom.oidcIgnoreRoles) {
delete inputs.isAdmin; // eslint-disable-line no-param-reassign
if (inputs.role || inputs.name) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
} else if (user.isSsoUser) {
if (!sails.config.custom.oidcIgnoreRoles && inputs.role) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
delete inputs.name; // eslint-disable-line no-param-reassign
if (inputs.name) {
throw Errors.NOT_ENOUGH_RIGHTS;
}
}
const values = {
..._.pick(inputs, [
'isAdmin',
'role',
'name',
'avatar',
'phone',
'organization',
'language',
'subscribeToOwnCards',
'subscribeToCardWhenCommenting',
'turnOffRecentCardHighlighting',
'enableFavoritesByDefault',
'defaultEditorMode',
'defaultHomeView',
'defaultProjectsOrder',
'isDeactivated',
]),
avatar: inputs.avatarUrl,
};
user = await sails.helpers.users.updateOne.with({
values,
record: user,
actorUser: currentUser,
request: this.req,
});
user = await sails.helpers.users.updateOne
.with({
values,
record: user,
actorUser: currentUser,
request: this.req,
})
.intercept('activeLimitReached', () => Errors.ACTIVE_LIMIT_REACHED);
if (!user) {
throw Errors.USER_NOT_FOUND;
}
return {
item: user,
item: sails.helpers.users.presentOne(user, currentUser),
};
},
};