1 var config = require("./configure.js");
\r
2 var resource = require("./resources.js");
\r
3 var util = require("util");
\r
4 var async = require("async");
\r
5 var security = require("./security.js");
\r
6 var ejs = require("ejs");
\r
7 require("date-utils");
\r
9 var collection = new ProfileCollection();
\r
11 module.exports = function(app){
\r
12 app.get("/profile",list_proc);
\r
13 app.get("/profile/admin",admin_proc);
\r
14 app.post("/profile/admin",admin_postproc);
\r
15 app.get("/profile/detail",detail_proc);
\r
16 app.post("/profile/detail",detail_postproc);
\r
17 app.post("/profile/edit",edit_postproc);
\r
18 app.get("/profile/registor",registor_proc);
\r
19 app.post("/profile/registor",registor_postproc);
\r
22 function admin_proc(req, res)
\r
24 var info = new security.SessionInfomation(true);
\r
25 req.session.items = info;
\r
28 PrepaerListAsync(req,callback);
\r
30 ],function(err,result){
\r
32 RenderMessage(res,err,info);
\r
34 result.token = req.session._csrf;
\r
35 res.setHeader("X-FRAME-OPTIONS","DENY");
\r
36 res.render("profile/admin",result);
\r
41 function admin_postproc(req,res)
\r
45 if(typeof(req.body.removeall) != "undefined")
\r
46 collection.ClearAsync(cb);
\r
47 if(typeof(req.body.remove) != "undefined")
\r
48 collection.RemoveRangeAsync(req.body.names,cb);
\r
50 ],function(err,result){
\r
52 RenderMessage(res,err,req.session.items);
\r
54 RenderMessage(res,resource.success_remove,req.session.items);
\r
58 function list_proc(req, res)
\r
60 if(typeof(req.session.items) != "undefined")
\r
61 req.session.items.admin = false;
\r
64 PrepaerListAsync(req,cb);
\r
66 ],function(err,result){
\r
68 RenderMessage(res,err,req.session.items);
\r
70 res.render("profile/list",result);
\r
74 function PrepaerListAsync(req,callback)
\r
76 var limit = config.db_limit;
\r
79 if(typeof(req.query.start) != "undefined")
\r
80 start = parseInt(req.query.start);
\r
81 if(typeof(req.query.limit) != "undefined")
\r
82 limit = parseInt(req.query.limit);
\r
86 if(typeof(req.query.search) != "undefined")
\r
88 parttern = req.query.search;
\r
89 collection.FindByNameAsync(parttern,start,limit,cb);
\r
91 collection.ToArrayAsync(start,limit,cb);
\r
94 ],function(err,result){
\r
98 var next = start + limit;
\r
99 var prev = start - limit;
\r
102 for(var i = 0; i < result.length; i++)
\r
103 result[i].lastmodified = result[i].lastmodified.toFormat("YYYY/MM/DD HH:MI:SS");
\r
104 callback(null,{list:result,search:parttern,next:next,prev:prev,limit:limit});
\r
109 function detail_proc(req, res)
\r
111 if(typeof(req.query.name) == "undefined")
\r
113 RenderMessage(res,resource.invaild_parameter,req.session.items);
\r
117 if(typeof(req.session.items) == "undefined")
\r
118 req.session.items = new security.SessionInfomation(false);
\r
122 collection.GetAsync(req.query.name,cb);
\r
124 ],function(err,result){
\r
126 RenderMessage(res,err,req.session.items);
\r
127 else if(result.length == 0)
\r
128 RenderMessage(res,resource.notfound_name,req.session.items);
\r
130 res.setHeader("X-FRAME-OPTIONS","DENY");
\r
131 res.render("profile/detail",{list:result,alias:config.alias,token:req.session._csrf,admin:req.session.items.admin});
\r
136 function detail_postproc(req, res)
\r
138 if(typeof(req.body.remove) != "undefined"){
\r
141 if(typeof(req.session.items) != "undefined" && req.session.items.admin)
\r
144 collection.AuthAsync(req.body.name,req.body.password,cb);
\r
146 function(result,cb){
\r
148 collection.RemoveAsync(req.body.name,cb);
\r
152 ],function(err,result){
\r
154 RenderMessage(res,err,req.session.items);
\r
155 else if(result == null)
\r
156 RenderMessage(res,resource.unmatch_password,req.session.items);
\r
158 RenderMessage(res,resource.success_remove,req.session.items);
\r
160 }else if(typeof(req.body.edit) != "undefined"){
\r
163 if(typeof(req.session.items) != "undefined" && req.session.items.admin)
\r
166 collection.AuthAsync(req.body.name,req.body.password,cb);
\r
168 function(result,cb){
\r
170 collection.GetAsync(req.body.name,cb);
\r
174 ],function(err,result){
\r
176 RenderMessage(res,err,req.session.items);
\r
177 }else if(result != null){
\r
178 res.setHeader("X-FRAME-OPTIONS","DENY");
\r
179 res.render("profile/edit",{list:result,token:req.session._csrf,alias:config.alias});
\r
181 RenderMessage(res,resource.unmatch_password,req.session.items);
\r
185 RenderMessage(res,resource.invaild_parameter,req.session.items);
\r
189 function edit_postproc(req, res)
\r
191 if(typeof(req.body.name) == "undefined")
\r
193 RenderMessage(res,resource.invaild_parameter,req.session.items);
\r
195 }else if(typeof(req.body.edit) != "undefined"){
\r
196 var validator = new Validator();
\r
197 if(validator.Validate(req.body,config.alias))
\r
199 RenderMessage(res,validator.Message,req.session.items);
\r
204 collection.UpdatAsync(req.body.name,req.body,cb);
\r
206 ],function(err,result){
\r
208 RenderMessage(res,err,req.session.items);
\r
210 RenderMessage(res,resource.success_edit,req.session.items);
\r
213 RenderMessage(res,resource.invaild_parameter,req.session.items);
\r
217 function registor_postproc(req, res)
\r
219 if(typeof(req.body.registor) != "undefined"){
\r
220 var validator = new Validator();
\r
221 if(validator.Validate(req.body,config.alias))
\r
223 RenderMessage(res,validator.Message,req.session.items);
\r
228 collection.AddAsync(req.body,cb);
\r
230 ],function(err,result){
\r
232 RenderMessage(res,err,req.session.items);
\r
234 RenderMessage(res,resource.success_registor,req.session.items);
\r
237 RenderMessage(resource.invaild_parameter,req.session.items);
\r
241 function registor_proc(req, res)
\r
243 if(typeof(req.session.items) == "undefined")
\r
244 req.session.items = new security.SessionInfomation(false);
\r
246 res.setHeader("X-FRAME-OPTIONS","DENY");
\r
247 res.render("profile/registor",{token:req.session._csrf,alias:config.alias});
\r
250 function RenderMessage(res,msg,info)
\r
252 if(typeof(info) == "undefined" || typeof(info.admin) == "undefined")
\r
253 res.render("profile/message",{message:msg,admin:false});
\r
255 res.render("profile/message",{message:msg,admin:info.admin});
\r
259 // ProfileCollectionクラス
\r
261 function ProfileCollection()
\r
263 var MySQLPool = new require("./mysql_pool.js");
\r
264 var murmurhash = require("murmurhash");
\r
265 var pool = new MySQLPool({
\r
266 host : config.db_host,
\r
267 user : config.db_user,
\r
268 password : config.db_password,
\r
269 port : config.db_port,
\r
270 database : "webchat",
\r
272 this.AuthAsync = function(name,password,cb){
\r
275 pool.query("SELECT password FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],next);
\r
277 function(result,next){
\r
278 if(result[0].password == md5_hex(password))
\r
285 this.GetAsync = function(name,cb){
\r
286 pool.query("SELECT * FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
\r
288 this.AddAsync = function(data,cb){
\r
289 var item = GetItem(data);;
\r
290 pool.query("INSERT INTO profilelist SET ?",[item],cb);
\r
292 this.UpdatAsync = function(name,data,cb){
\r
293 var item = GetItem(data);
\r
294 pool.query("UPDATE profilelist SET ? WHERE name = ?",[item,name],cb);
\r
296 this.ClearAsync = function(cb){
\r
297 pool.query("TRUNCATE TABLE profilelist",null,cb);
\r
299 this.RemoveRangeAsync = function(names,cb){
\r
300 pool.query("DELETE FROM profilelist WHERE name IN (?)",[names],cb);
\r
302 this.RemoveAsync = function(name,cb){
\r
303 pool.query("DELETE FROM profilelist WHERE name_hash = ? and name = ?",[murmurhash.v3(name),name],cb);
\r
305 this.FindByNameAsync = function(pattern,start,count,cb){
\r
306 pool.query("SELECT * FROM profilelist WHERE name LIKE ? LIMIT ?,?",[pattern+"%",start,count],cb);
\r
308 this.ToArrayAsync = function(start,count,cb){
\r
309 pool.query("SELECT name,lastmodified FROM profilelist LIMIT ?,?",[start,count],cb);
\r
312 var crypto = require("crypto");
\r
313 function md5_hex(src)
\r
315 var md5 = crypto.createHash('md5');
\r
316 md5.update(src, 'utf8');
\r
317 return md5.digest('hex');
\r
320 function GetItem(data,newpw)
\r
323 name_hash:murmurhash.v3(data.name),
\r
324 lastmodified:new Date(),
\r
326 for(var key in config.alias)
\r
328 if(typeof(config.alias[key].nodefinetable) != "undefined" &&
\r
329 config.alias[key].nodefinetable)
\r
331 if(config.alias[key].visible_edit)
\r
333 if(config.alias[key].type == "password")
\r
334 item[key] = md5_hex(data[key]);
\r
335 else if(data[key] == "" && typeof(config.alias[key].defaultvalue) != "undefined")
\r
336 item[key] = config.alias[key].defaultvalue;
\r
338 item[key] = data[key];
\r
348 function Validator()
\r
352 // エラーがあった場合は真。そうでない場合は偽を返す
\r
354 // @body バリテーションの対象となる連想配列
\r
355 // @alias バリテーションを行う要素のリスト
\r
356 this.Validate = function(body,alias){
\r
357 var result = false;
\r
359 for(var key in alias)
\r
361 if(alias[key].visible_edit == false)
\r
364 if(typeof(alias[key].isnotempty) != "undefined" &&
\r
365 alias[key].isnotempty && body[key] == "")
\r
366 message = resource.is_not_empty;
\r
367 else if(typeof(alias[key].mustmatchitem) != "undefined" &&
\r
368 body[key] != body[alias[key].mustmatchitem])
\r
369 message = util.format(resource.must_match_item,alias[alias[key].mustmatchitem].name);
\r
371 message = IsValidate(body[key],alias[key].type,alias[key].rule);
\r
372 if(message != null)
\r
374 if(alias[key].name == "")
\r
375 this.Message += "<p>" + message + "</p>\n";
\r
377 this.Message += "<p>" + alias[key].name + ":" + message + "</p>\n";
\r
383 // バリテーション時にエラーがあった場合、メッセージが記録される
\r
385 function IsValidate(data,type,rule){
\r
386 if(typeof(data) == "undefined")
\r
387 throw "data is undefined";
\r
388 if(typeof(type) == "undefined")
\r
389 throw "type is undefined";
\r
398 if(typeof(data) != "string")
\r
399 result = resource.is_not_string;
\r
402 if(data.match(/[^0-9]/g))
\r
403 result = resource.is_not_number;
\r
406 if(data != "" && !data.match(/^[A-Za-z0-9]+[\w\-\+]+@[\w\.-]+\.\w{2,}$/))
\r
407 result = resource.is_not_mail;
\r
411 if(typeof(rule) == "function")
\r
412 result = rule(data,type);
\r
OSDN Git Service
