mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-16 06:07:21 +01:00
a9757b2d74
commit3aba0abeddAuthor: SabreCat <sabe@habitica.com> Date: Mon Oct 2 20:51:20 2023 -0500 fix(router): use state to pass modal launch info commit541eadd319Merge:c0bb56c8c289fff49d02Author: SabreCat <sabe@habitica.com> Date: Mon Oct 2 20:12:40 2023 -0500 Merge branch 'release' into report-profile-modal commitc0bb56c8c2Author: SabreCat <sabe@habitica.com> Date: Wed Sep 27 16:15:28 2023 -0500 test(profiles): add integrations commit9b644e9ad8Author: SabreCat <sabe@habitica.com> Date: Tue Sep 26 17:17:22 2023 -0500 fix(profile): adjust margin commitbfefe5dfa9Author: SabreCat <sabe@habitica.com> Date: Tue Sep 26 17:12:24 2023 -0500 fix(profiles): moar layout fixes commit8f211ee3e2Author: SabreCat <sabe@habitica.com> Date: Mon Sep 25 17:32:04 2023 -0500 fix(profile): fix admin actions Correct "user is banned" banner Fix bouncing modal Add "Days" smart plural Fix leaky CSS on Market page Refactor some redundant functions commitb1d23ec88bMerge:ee9709a9e1a63cc84779Author: SabreCat <sabe@habitica.com> Date: Mon Sep 25 15:37:54 2023 -0500 Merge branch 'release' into report-profile-modal commitee9709a9e1Author: CuriousMagpie <eilatan@gmail.com> Date: Mon Sep 18 16:30:30 2023 -0400 WIP(profile): add banned banner, toggle switches now toggle, add "days" to Next Login Reward commitf80928a895Author: CuriousMagpie <eilatan@gmail.com> Date: Mon Sep 18 13:43:34 2023 -0400 update(node): update node modules commit1d552f7e80Author: SabreCat <sabe@habitica.com> Date: Fri Sep 15 16:52:22 2023 -0500 fix(import): remove empty import commitf55d74a95dAuthor: SabreCat <sabe@habitica.com> Date: Fri Sep 15 16:39:50 2023 -0500 refactor(profiles): remove email feature also still more visual cleanup of profile modal commit311c743284Author: SabreCat <sabe@habitica.com> Date: Fri Sep 15 15:44:56 2023 -0500 refactor(profile): remove page view commitf8632bf50dMerge:ec85159c659e25360102Author: SabreCat <sabe@habitica.com> Date: Fri Sep 15 15:23:21 2023 -0500 Merge branch 'release' into report-profile-modal commitec85159c65Author: SabreCat <sabe@habitica.com> Date: Mon Sep 11 22:53:14 2023 -0500 feat(profiles): load modal instead of page? commit9986082914Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 8 14:49:57 2023 -0400 WIP(profile): fixed a comment, woohoo commit6262a9ba0cMerge:ae2b614df2ea2b007b1aAuthor: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 8 13:40:23 2023 -0400 Merge remote-tracking branch 'origin/report-profile-modal' into report-profile-modal commitea2b007b1aAuthor: SabreCat <sabe@habitica.com> Date: Thu Sep 7 16:54:19 2023 -0500 fix(profile): focus behavior commitae2b614df2Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Sep 7 17:47:08 2023 -0400 WIP(profile): styling updates commit2e0723f1b9Author: SabreCat <sabe@habitica.com> Date: Thu Sep 7 15:37:59 2023 -0500 feat(moderation): unflag profile Also a few stylistic tweaks commitedcf8113deAuthor: SabreCat <sabe@habitica.com> Date: Wed Sep 6 16:39:02 2023 -0500 WIP(profile): dropdown draft commit0691483d63Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Sep 6 16:33:30 2023 -0400 WIP(profile): Styling and string updates commit7e9d57d10aAuthor: SabreCat <sabe@habitica.com> Date: Wed Sep 6 11:40:31 2023 -0500 feat(profile): functional dropdown buttons commita2989b2833Merge:af6575e40ce072d7c09cAuthor: SabreCat <sabe@habitica.com> Date: Wed Sep 6 10:04:57 2023 -0500 Merge branch 'release' into report-profile-modal commitaf6575e40cAuthor: CuriousMagpie <eilatan@gmail.com> Date: Wed Sep 6 11:01:05 2023 -0400 WIP(profile): comment cleanup commit7b1de37202Author: CuriousMagpie <eilatan@gmail.com> Date: Tue Sep 5 17:22:14 2023 -0400 WIP(profile): remove shadowban tooltip commitd1177c32b9Merge:321a01b08131f821021bAuthor: CuriousMagpie <eilatan@gmail.com> Date: Tue Sep 5 17:02:40 2023 -0400 Merge branch 'sabrecat/report-profile' into report-profile-modal commit321a01b081Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 1 16:14:36 2023 -0400 WIP(profile): close button finally workinating commite143d36d28Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 1 15:52:38 2023 -0400 WIP(profile): close icon moved to profile.vue commit31f821021bMerge:a8f5e25d388957c5c009Author: SabreCat <sabe@habitica.com> Date: Fri Sep 1 14:52:31 2023 -0500 Merge branch 'report-profile-modal' into sabrecat/report-profile commit8957c5c009Merge:d340f06a220aec3866a4Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 1 15:38:12 2023 -0400 Merge remote-tracking branch 'origin/report-profile-modal' into report-profile-modal commitd340f06a22Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Sep 1 15:37:57 2023 -0400 WIP(profile): fixed user not found error commit0aec3866a4Merge:b01f323b14ac7c8e0eb6Author: Natalie <78037386+CuriousMagpie@users.noreply.github.com> Date: Fri Sep 1 15:28:58 2023 -0400 Merge branch 'HabitRPG:develop' into report-profile-modal commita8f5e25d38Author: SabreCat <sabe@habitica.com> Date: Thu Aug 31 17:02:07 2023 -0500 feat(community): basic "report profile" commitb01f323b14Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Aug 31 17:42:12 2023 -0400 WIP(profile): removed refactoring crud, located where close icon should be (profileModal.vue) commitce7d51a20cMerge:010f2299f0ac7c8e0eb6Author: SabreCat <sabe@habitica.com> Date: Thu Aug 31 14:20:37 2023 -0500 Merge branch 'release' into sabrecat/report-profile commit18b41acd94Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Aug 31 12:23:41 2023 -0400 WIP(profile): moar buttonz commit9387b3a6bcAuthor: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 30 17:21:36 2023 -0400 WIP(profile): buttons commitb3ea48c4f5Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Aug 25 15:52:41 2023 -0400 WIP(profile): work on achievement component commita1ceb2ea75Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Aug 25 14:39:12 2023 -0400 WIP(profile): create achievements component commit4a24d9b80bMerge:8fe263a3771e05297e96Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 23 13:14:39 2023 -0400 Merge branch 'develop' into report-profile-modal commit1e05297e96Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 23 13:12:52 2023 -0400 package updates commit8fe263a377Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 23 12:12:36 2023 -0400 update(dependencies): ran npm install to update dependencies commit190fe048a1Merge:3ea48ab5cbfa83d1a9cfAuthor: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 23 11:52:08 2023 -0400 Merge branch 'develop' into report-profile-modal commit3ea48ab5cbAuthor: CuriousMagpie <eilatan@gmail.com> Date: Fri Aug 11 17:12:31 2023 -0400 WIP(user profile): dropdown menu and toggles and colors oh my commitc301a2b460Merge:1da6af11b5647b27c55fAuthor: CuriousMagpie <eilatan@gmail.com> Date: Fri Aug 11 12:40:07 2023 -0400 Merge branch 'develop' into report-profile-modal commit1da6af11b5Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Aug 10 16:50:07 2023 -0400 WIP(user profile): moved some CSS classes out of unscoped and into the scoped section, started on toggle buttons commitdd55cbc928Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 9 15:38:46 2023 -0400 WIP(user profile): workin on the hamburger (kebab?) menu commit3834093207Author: CuriousMagpie <eilatan@gmail.com> Date: Tue Aug 8 14:14:40 2023 -0400 WIP(user profiles): working on the drop down menu commitf2be588195Author: CuriousMagpie <eilatan@gmail.com> Date: Mon Aug 7 16:10:30 2023 -0400 WIP(user profile): options menu commit010f2299f0Author: SabreCat <sabe@habitica.com> Date: Mon Aug 7 11:49:04 2023 -0500 fix(lint): eof and const commit4551dbf4b3Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Aug 4 15:34:05 2023 -0400 WIP(user profile): styling the top portion of the modal commit19a9fe3644Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Aug 3 15:06:51 2023 -0400 WIP(user profile): adding buttons commitdfdb305b1cAuthor: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 2 14:41:20 2023 -0400 WIP(user profile): layout commitded4eee693Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Aug 2 12:04:02 2023 -0400 WIP(user profile): start flex grid & tidy up CSS commitaaca48be32Author: CuriousMagpie <eilatan@gmail.com> Date: Fri Jul 28 16:44:06 2023 -0400 WIP(user profile): mostly css updates commite531985b87Author: CuriousMagpie <eilatan@gmail.com> Date: Thu Jul 27 16:49:44 2023 -0400 WIP(user profile): one infinitesimal change that's hardly worth the electricity it's made from commiteb4021fcc7Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Jul 26 16:33:05 2023 -0400 feat(content): upgrade profile page commit1b25394f3eMerge:c50cee0d888558dcc3a8Author: CuriousMagpie <eilatan@gmail.com> Date: Wed Jul 26 11:50:12 2023 -0400 Merge branch 'develop' into report-profile-modal commitc50cee0d88Author: SabreCat <sabe@habitica.com> Date: Wed Jul 12 16:32:25 2023 -0500 fix(flagging): debug params issue Also add and document the "source" body param commit55848c58beAuthor: SabreCat <sabe@habitica.com> Date: Mon Jul 10 16:24:20 2023 -0500 WIP(members): basic report a user API commitdda6180792Author: SabreCat <sabe@habitica.com> Date: Thu Jul 6 10:05:07 2023 -0500 fix(lint): remove console.info
871 lines
31 KiB
JavaScript
871 lines
31 KiB
JavaScript
import escapeRegExp from 'lodash/escapeRegExp';
|
|
import { authWithHeaders } from '../../middlewares/auth';
|
|
import {
|
|
model as User,
|
|
publicFields as memberFields,
|
|
nameFields,
|
|
} from '../../models/user';
|
|
import {
|
|
KNOWN_INTERACTIONS,
|
|
} from '../../models/user/methods';
|
|
import { model as Group } from '../../models/group';
|
|
import { model as Challenge } from '../../models/challenge';
|
|
import {
|
|
BadRequest,
|
|
NotFound,
|
|
NotAuthorized,
|
|
} from '../../libs/errors';
|
|
import * as Tasks from '../../models/task';
|
|
import {
|
|
getUserInfo,
|
|
sendTxn as sendTxnEmail,
|
|
} from '../../libs/email';
|
|
import { sendNotification as sendPushNotification } from '../../libs/pushNotifications';
|
|
import common from '../../../common';
|
|
import { sentMessage } from '../../libs/inbox';
|
|
import {
|
|
sanitizeText as sanitizeMessageText,
|
|
} from '../../models/message';
|
|
import highlightMentions from '../../libs/highlightMentions';
|
|
import { handleGetMembersForChallenge } from '../../libs/challenges/handleGetMembersForChallenge';
|
|
import { chatReporterFactory } from '../../libs/chatReporting/chatReporterFactory';
|
|
|
|
const { achievements } = common;
|
|
|
|
const api = {};
|
|
|
|
/**
|
|
* @api {get} /api/v3/members/:memberId Get a member profile
|
|
* @apiName GetMember
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} memberId The member's id
|
|
*
|
|
* @apiSuccess {Object} data The member object
|
|
*
|
|
* @apiSuccess {Object} data.inbox Basic information about person's inbox
|
|
* @apiSuccess {Object} data.stats Includes current stats and buffs
|
|
* @apiSuccess {Object} data.profile Includes name
|
|
* @apiSuccess {Object} data.preferences Includes info about appearance and public prefs
|
|
* @apiSuccess {Object} data.party Includes basic info about current party and quests
|
|
* @apiSuccess {Object} data.items Basic inventory information includes quests,
|
|
* food, potions, eggs, gear, special items
|
|
* @apiSuccess {Object} data.achievements Lists current achievements
|
|
* @apiSuccess {Object} data.auth Includes latest timestamps
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* {
|
|
* "success": true,
|
|
* "data": {
|
|
* "_id": "99999999-9999-9999-9999-8f14c101aeff",
|
|
* "inbox": {
|
|
* "optOut": false
|
|
* },
|
|
* "stats": {
|
|
* ---INCLUDES STATS AND BUFFS---
|
|
* },
|
|
* "profile": {
|
|
* "name": "Ezra"
|
|
* },
|
|
* "preferences": {
|
|
* ---INCLUDES INFO ABOUT APPEARANCE AND PUBLIC PREFS---
|
|
* },
|
|
* "party": {
|
|
* "_id": "12345678-0987-abcd-82a6-837c81db4c1e",
|
|
* "quest": {
|
|
* "RSVPNeeded": false,
|
|
* "progress": {}
|
|
* },
|
|
* },
|
|
* "items": {
|
|
* "lastDrop": {
|
|
* "count": 0,
|
|
* "date": "2017-01-15T02:41:35.009Z"
|
|
* },
|
|
* ----INCLUDES QUESTS, FOOD, POTIONS, EGGS, GEAR, CARDS, SPECIAL ITEMS (E.G. SNOWBALLS)----
|
|
* }
|
|
* },
|
|
* "achievements": {
|
|
* "partyUp": true,
|
|
* "habitBirthdays": 2,
|
|
* },
|
|
* "auth": {
|
|
* "timestamps": {
|
|
* "loggedin": "2017-03-05T12:30:54.545Z",
|
|
* "created": "2017-01-12T03:30:11.842Z"
|
|
* }
|
|
* },
|
|
* "id": "99999999-9999-9999-9999-8f14c101aeff"
|
|
* }
|
|
* }
|
|
*)
|
|
*
|
|
* @apiUse UserNotFound
|
|
*/
|
|
api.getMember = {
|
|
method: 'GET',
|
|
url: '/members/:memberId',
|
|
middlewares: [],
|
|
async handler (req, res) {
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const { memberId } = req.params;
|
|
|
|
const member = await User
|
|
.findById(memberId)
|
|
.select(memberFields)
|
|
.exec();
|
|
|
|
if (!member) throw new NotFound(res.t('userWithIDNotFound', { userId: memberId }));
|
|
|
|
if (!member.flags.verifiedUsername) member.auth.local.username = null;
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
const memberToJSON = member.toJSON({ minimize: true });
|
|
User.addComputedStatsToJSONObj(memberToJSON.stats, member);
|
|
|
|
res.respond(200, memberToJSON);
|
|
},
|
|
};
|
|
|
|
api.getMemberByUsername = {
|
|
method: 'GET',
|
|
url: '/members/username/:username',
|
|
middlewares: [],
|
|
async handler (req, res) {
|
|
req.checkParams('username', res.t('invalidReqParams')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
let username = req.params.username.toLowerCase();
|
|
if (username[0] === '@') username = username.slice(1, username.length);
|
|
|
|
const member = await User
|
|
.findOne({ 'auth.local.lowerCaseUsername': username, 'flags.verifiedUsername': true })
|
|
.select(memberFields)
|
|
.exec();
|
|
|
|
if (!member) throw new NotFound(res.t('userNotFound'));
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
const memberToJSON = member.toJSON({ minimize: true });
|
|
User.addComputedStatsToJSONObj(memberToJSON.stats, member);
|
|
|
|
res.respond(200, memberToJSON);
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/members/:memberId/achievements Get member achievements object
|
|
* @apiName GetMemberAchievements
|
|
* @apiGroup Member
|
|
* @apiDescription Get a list of achievements
|
|
* of the requested member, grouped by basic / seasonal / special.
|
|
*
|
|
* @apiParam (Path) {UUID} memberId The member's id
|
|
*
|
|
* @apiSuccess {Object} data The achievements object
|
|
*
|
|
* @apiSuccess {Object} data.basic The basic achievements object
|
|
* @apiSuccess {Object} data.seasonal The seasonal achievements object
|
|
* @apiSuccess {Object} data.special The special achievements object
|
|
*
|
|
* @apiSuccess {String} data.label The label for that category
|
|
* @apiSuccess {Object} data.achievements The achievements in that category
|
|
*
|
|
* @apiSuccess {String} data.achievements.title The localized title string
|
|
* @apiSuccess {String} data.achievements.text The localized description string
|
|
* @apiSuccess {Boolean} data.achievements.earned Whether the user has earned the achievement
|
|
* @apiSuccess {Number} data.achievements.index The unique index assigned
|
|
* to the achievement (only for sorting purposes).
|
|
* @apiSuccess {Anything} data.achievements.value The value related to the achievement
|
|
* (if applicable)
|
|
* @apiSuccess {Number} data.achievements.optionalCount The count related to the achievement
|
|
* (if applicable)
|
|
*
|
|
* @apiSuccessExample {json} Successful Response
|
|
* {
|
|
* basic: {
|
|
* label: "Basic",
|
|
* achievements: {
|
|
* streak: {
|
|
* title: "0 Streak Achievements",
|
|
* text: "Has performed 0 21-day streaks on Dailies",
|
|
* icon: "achievement-thermometer",
|
|
* earned: false,
|
|
* value: 0,
|
|
* index: 60,
|
|
* optionalCount: 0
|
|
* },
|
|
* perfect: {
|
|
* title: "5 Perfect Days",
|
|
* text: "Completed all active Dailies on 5 days. With this achievement
|
|
* you get a +level/2 buff to all attributes for the next day.
|
|
* Levels greater than 100 don't have any additional effects on buffs.",
|
|
* icon: "achievement-perfect",
|
|
* earned: true,
|
|
* value: 5,
|
|
* index: 61,
|
|
* optionalCount: 5
|
|
* }
|
|
* }
|
|
* },
|
|
* seasonal: {
|
|
* label: "Seasonal",
|
|
* achievements: {
|
|
* habiticaDays: {
|
|
* title: "Habitica Naming Day",
|
|
* text: "Celebrated 0 Naming Days! Thanks for being a fantastic user.",
|
|
* icon: "achievement-habiticaDay",
|
|
* earned: false,
|
|
* value: 0,
|
|
* index: 72,
|
|
* optionalCount: 0
|
|
* }
|
|
* }
|
|
* },
|
|
* special: {
|
|
* label: "Special",
|
|
* achievements: {
|
|
* habitSurveys: {
|
|
* title: "Helped Habitica Grow",
|
|
* text: "Helped Habitica grow on 0 occasions, either by filling out
|
|
* a survey or helping with a major testing effort. Thank you!",
|
|
* icon: "achievement-tree",
|
|
* earned: false,
|
|
* value: 0,
|
|
* index: 88,
|
|
* optionalCount: 0
|
|
* }
|
|
* }
|
|
* }
|
|
* }
|
|
*
|
|
* @apiError (400) {BadRequest} MemberIdRequired The `id` param is required
|
|
* and must be a valid `UUID`.
|
|
* @apiError (404) {NotFound} UserWithIdNotFound The `id` param did not
|
|
* belong to an existing member.
|
|
*/
|
|
api.getMemberAchievements = {
|
|
method: 'GET',
|
|
url: '/members/:memberId/achievements',
|
|
middlewares: [],
|
|
async handler (req, res) {
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const { memberId } = req.params;
|
|
|
|
const member = await User
|
|
.findById(memberId)
|
|
.select(memberFields)
|
|
.exec();
|
|
|
|
if (!member) throw new NotFound(res.t('userWithIDNotFound', { userId: memberId }));
|
|
|
|
const achievsObject = achievements.getAchievementsForProfile(member, req.language);
|
|
|
|
res.respond(200, achievsObject);
|
|
},
|
|
};
|
|
|
|
// Return a request handler for getMembersForGroup / getInvitesForGroup / getMembersForChallenge
|
|
|
|
// @TODO: This violates the Liskov substitution principle.
|
|
// We should create factory functions. See Webhooks for a good example
|
|
function _getMembersForItem (type) {
|
|
// check for allowed `type`
|
|
if (['group-members', 'group-invites'].indexOf(type) === -1) {
|
|
throw new Error('Type must be one of "group-members", "group-invites"');
|
|
}
|
|
|
|
return async function handleGetMembersForItem (req, res) {
|
|
req.checkParams('groupId', res.t('groupIdRequired')).notEmpty();
|
|
req.checkQuery('lastId').optional().notEmpty().isUUID();
|
|
// Allow an arbitrary number of results (up to 60)
|
|
req.checkQuery('limit', res.t('groupIdRequired')).optional().notEmpty().isInt({ min: 1, max: 60 });
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const { groupId } = req.params;
|
|
const { lastId } = req.query;
|
|
const { user } = res.locals;
|
|
|
|
const group = await Group.getGroup({ user, groupId, fields: '_id type' });
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const query = {};
|
|
let fields = nameFields;
|
|
// add computes stats to the member info when items and stats are available
|
|
let addComputedStats = false;
|
|
|
|
if (type === 'group-members') {
|
|
if (group.type === 'guild') {
|
|
query.guilds = group._id;
|
|
|
|
if (req.query.includeAllPublicFields === 'true') {
|
|
fields = memberFields;
|
|
addComputedStats = true;
|
|
}
|
|
} else {
|
|
query['party._id'] = group._id; // group._id and not groupId because groupId could be === 'party'
|
|
|
|
if (req.query.includeAllPublicFields === 'true') {
|
|
fields = memberFields;
|
|
addComputedStats = true;
|
|
}
|
|
}
|
|
|
|
if (req.query.search) {
|
|
// Creates a RegExp expression when querying for profile.name and auth.local.username
|
|
const escapedSearch = escapeRegExp(req.query.search);
|
|
query.$or = [
|
|
{ 'profile.name': { $regex: new RegExp(escapedSearch, 'i') } },
|
|
{ 'auth.local.username': { $regex: new RegExp(req.query.search, 'i') } },
|
|
];
|
|
}
|
|
} else if (type === 'group-invites') {
|
|
if (group.type === 'guild') { // eslint-disable-line no-lonely-if
|
|
query['invitations.guilds.id'] = group._id;
|
|
|
|
if (req.query.includeAllPublicFields === 'true') {
|
|
fields = memberFields;
|
|
addComputedStats = true;
|
|
}
|
|
} else {
|
|
query['invitations.party.id'] = group._id; // group._id and not groupId because groupId could be === 'party'
|
|
// @TODO invitations are now stored like this: `'invitations.parties': []`
|
|
// Probably need a database index for it.
|
|
if (req.query.includeAllPublicFields === 'true') {
|
|
fields = memberFields;
|
|
addComputedStats = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (lastId) query._id = { $gt: lastId };
|
|
|
|
const limit = req.query.limit ? Number(req.query.limit) : 30;
|
|
|
|
const members = await User
|
|
.find(query)
|
|
.sort({ _id: 1 })
|
|
.limit(limit)
|
|
.select(fields)
|
|
.lean()
|
|
.exec();
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
members.forEach(member => User.transformJSONUser(member, addComputedStats));
|
|
res.respond(200, members);
|
|
};
|
|
}
|
|
|
|
/**
|
|
* @api {get} /api/v3/groups/:groupId/members Get members for a group
|
|
* @apiDescription With a limit of 30 member per request (by default).
|
|
* To get all members run requests against this routes (updating the lastId query parameter)
|
|
* until you get less than 30 results (or the specified limit).
|
|
* @apiName GetMembersForGroup
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group id ('party' for the user party is accepted)
|
|
* @apiParam (Query) {UUID} lastId Query parameter to specify the last member
|
|
* returned in a previous request to this route and
|
|
* get the next batch of results.
|
|
* @apiParam (Query) {Number} limit=30 BETA Query parameter
|
|
* to specify the number of results to return. Max is 60.
|
|
* @apiParam (Query) {Boolean} includeAllPublicFields If set to `true`
|
|
* then all public fields for members
|
|
* will be returned (similar to when making
|
|
* a request for a single member).
|
|
* @apiParam (Query) {Boolean} includeTasks If set to `true`, then
|
|
* response should include all tasks per user
|
|
* related to the challenge
|
|
*
|
|
* @apiSuccess {Array} data An array of members, sorted by _id
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* {
|
|
* "success": true,
|
|
* "data": [
|
|
* {
|
|
* "_id": "00000001-1111-9999-9000-111111111111",
|
|
* "profile": {
|
|
* "name": "Jiminy"
|
|
* },
|
|
* "id": "00000001-1111-9999-9000-111111111111"
|
|
* },
|
|
* }
|
|
*
|
|
*
|
|
* @apiUse ChallengeNotFound
|
|
* @apiUse GroupNotFound
|
|
*/
|
|
api.getMembersForGroup = {
|
|
method: 'GET',
|
|
url: '/groups/:groupId/members',
|
|
middlewares: [authWithHeaders()],
|
|
handler: _getMembersForItem('group-members'),
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/groups/:groupId/invites Get invites for a group
|
|
* @apiDescription With a limit of 30 member per request (by default). To get all invites run
|
|
* requests against this routes (updating the lastId query parameter)
|
|
* until you get less than 30 results.
|
|
* @apiName GetInvitesForGroup
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group id ('party' for the user party is accepted)
|
|
* @apiParam (Query) {UUID} lastId Query parameter to specify the last invite
|
|
* returned in a previous request to this route and
|
|
* get the next batch of results.
|
|
* @apiParam (Query) {Number} limit=30 BETA Query parameter
|
|
* to specify the number of results to return. Max is 60.
|
|
* @apiParam (Query) {Boolean} includeAllPublicFields If set to `true`
|
|
* then all public fields for members
|
|
* will be returned (similar to when making
|
|
* a request for a single member).
|
|
*
|
|
* @apiSuccess {array} data An array of invites, sorted by _id
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* {
|
|
* "success": true,
|
|
* "data": [
|
|
* {
|
|
* "_id": "99f3cb9d-4af8-4ca4-9b82-6b2a6bf59b7a",
|
|
* "profile": {
|
|
* "name": "DoomSmoocher"
|
|
* },
|
|
* "id": "99f3cb9d-4af8-4ca4-9b82-6b2a6bf59b7a"
|
|
* }
|
|
* ]
|
|
* }
|
|
*
|
|
*
|
|
* @apiUse ChallengeNotFound
|
|
* @apiUse GroupNotFound
|
|
*/
|
|
api.getInvitesForGroup = {
|
|
method: 'GET',
|
|
url: '/groups/:groupId/invites',
|
|
middlewares: [authWithHeaders()],
|
|
handler: _getMembersForItem('group-invites'),
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/challenges/:challengeId/members Get members for a challenge
|
|
* @apiDescription With a limit of 30 member per request (by default).
|
|
* To get all members run requests against this routes (updating the lastId query parameter)
|
|
* until you get less than 30 results.
|
|
* BETA You can also use ?includeAllMembers=true. This option is currently in BETA
|
|
* and may be removed in future.
|
|
* Its use is discouraged and its performances are not optimized especially for large challenges.
|
|
*
|
|
* @apiName GetMembersForChallenge
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} challengeId The challenge id
|
|
* @apiParam (Query) {UUID} lastId Query parameter to specify the last member returned
|
|
* in a previous request to this route and
|
|
* get the next batch of results.
|
|
* @apiParam (Query) {Number} limit=30 BETA Query parameter to
|
|
* specify the number of results to return. Max is 60.
|
|
* @apiParam (Query) {Boolean} includeTasks BETA Query parameter - If 'true'
|
|
* then include challenge tasks of each member
|
|
* @apiParam (Query) {Boolean} includeAllPublicFields If set to `true`
|
|
* then all public fields for members
|
|
* will be returned (similar to when making
|
|
* a request for a single member).
|
|
|
|
* @apiSuccess {Array} data An array of members, sorted by _id
|
|
*
|
|
* @apiUse ChallengeNotFound
|
|
* @apiUse GroupNotFound
|
|
*/
|
|
api.getMembersForChallenge = {
|
|
method: 'GET',
|
|
url: '/challenges/:challengeId/members',
|
|
middlewares: [authWithHeaders()],
|
|
handler: handleGetMembersForChallenge,
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/challenges/:challengeId/members/:memberId Get a challenge member progress
|
|
* @apiName GetChallengeMemberProgress
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} challengeId The challenge _id
|
|
* @apiParam (Path) {UUID} memberId The member _id
|
|
*
|
|
* @apiSuccess {Object} data Return an object with member _id, profile.name
|
|
* and a tasks object with the challenge tasks for the member.
|
|
*
|
|
* @apiSuccessExample {json} Success-Response:
|
|
* {
|
|
* "data": {
|
|
* "_id": "b0413351-405f-416f-8787-947ec1c85199",
|
|
* "profile": {"name": "MadPink"},
|
|
* "tasks": [
|
|
* {
|
|
* "_id": "9cd37426-0604-48c3-a950-894a6e72c156",
|
|
* "text": "Make sure the place where you sleep is quiet, dark, and cool.",
|
|
* "updatedAt": "2017-06-17T17:44:15.916Z",
|
|
* "createdAt": "2017-06-17T17:44:15.916Z",
|
|
* "reminders": [],
|
|
* "group": {
|
|
* "approval": {
|
|
* "requested": false,
|
|
* "approved": false,
|
|
* "required": false
|
|
* },
|
|
* "assignedUsers": []
|
|
* },
|
|
* "challenge": {
|
|
* "taskId": "6d3758b1-071b-4bfa-acd6-755147a7b5f6",
|
|
* "id": "4db6bd82-b829-4bf2-bad2-535c14424a3d",
|
|
* "shortName": "Take This June 2017"
|
|
* },
|
|
* "attribute": "str",
|
|
* "priority": 1,
|
|
* "value": 0,
|
|
* "notes": "",
|
|
* "type": "todo",
|
|
* "checklist": [],
|
|
* "collapseChecklist": false,
|
|
* "completed": false,
|
|
* },
|
|
* "startDate": "2016-09-01T05:00:00.000Z",
|
|
* "everyX": 1,
|
|
* "frequency": "weekly",
|
|
* "id": "b207a15e-8bfd-4aa7-9e64-1ba89699da06"
|
|
* }
|
|
* ]
|
|
* }
|
|
*
|
|
* @apiUse ChallengeNotFound
|
|
* @apiUse UserNotFound
|
|
*/
|
|
api.getChallengeMemberProgress = {
|
|
method: 'GET',
|
|
url: '/challenges/:challengeId/members/:memberId',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkParams('challengeId', res.t('challengeIdRequired')).notEmpty().isUUID();
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const { user } = res.locals;
|
|
const { challengeId } = req.params;
|
|
const { memberId } = req.params;
|
|
|
|
const member = await User.findById(memberId).select(`${nameFields} challenges`).exec();
|
|
if (!member) throw new NotFound(res.t('userWithIDNotFound', { userId: memberId }));
|
|
const challenge = await Challenge.findById(challengeId).exec();
|
|
if (!challenge) throw new NotFound(res.t('challengeNotFound'));
|
|
// optionalMembership is set to true because even if you're
|
|
// not member of the group you may be able to access the challenge
|
|
// for example if you've been booted from it, are the leader or a site admin
|
|
const group = await Group.getGroup({
|
|
user, groupId: challenge.group, fields: '_id type privacy', optionalMembership: true,
|
|
});
|
|
if (!group || !challenge.canView(user, group)) throw new NotFound(res.t('challengeNotFound'));
|
|
if (!challenge.isMember(member)) throw new NotFound(res.t('challengeMemberNotFound'));
|
|
|
|
const challengeTasks = await Tasks.Task.find({
|
|
userId: member._id,
|
|
'challenge.id': challenge._id,
|
|
})
|
|
.select('-tags -checklist') // We don't want to return tags and checklists publicly
|
|
.lean()
|
|
.exec();
|
|
|
|
// manually call toJSON with minimize: true so empty paths aren't returned
|
|
const response = member.toJSON({ minimize: true });
|
|
delete response.challenges;
|
|
response.tasks = challengeTasks;
|
|
res.respond(200, response);
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {get} /api/v3/members/:toUserId/objections/:interaction Get objections to interaction
|
|
* @apiDescription Get any objections that would occur
|
|
* if the given interaction was attempted - BETA.
|
|
*
|
|
* @apiVersion 3.0.0
|
|
* @apiName GetObjectionsToInteraction
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Path) {UUID} toUserId The user to interact with
|
|
* @apiParam (Path) {String="send-private-message","transfer-gems"} interaction Name of the
|
|
* interaction
|
|
* to query.
|
|
*
|
|
* @apiSuccess {Array} data Return an array of objections,
|
|
* if the interaction would be blocked; otherwise an empty array.
|
|
*/
|
|
api.getObjectionsToInteraction = {
|
|
method: 'GET',
|
|
url: '/members/:toUserId/objections/:interaction',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkParams('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();
|
|
req.checkParams('interaction', res.t('interactionRequired')).notEmpty().isIn(KNOWN_INTERACTIONS);
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const sender = res.locals.user;
|
|
const receiver = await User.findById(req.params.toUserId).exec();
|
|
if (!receiver) throw new NotFound(res.t('userWithIDNotFound', { userId: req.params.toUserId }));
|
|
|
|
const { interaction } = req.params;
|
|
const response = sender.getObjectionsToInteraction(interaction, receiver);
|
|
|
|
res.respond(200, response.map(res.t));
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/members/send-private-message Send a private message to a member
|
|
* @apiName SendPrivateMessage
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Body) {String} message The message
|
|
* @apiParam (Body) {UUID} toUserId The id of the user to contact
|
|
*
|
|
* @apiSuccess {Object} data.message The message just sent
|
|
*
|
|
* @apiUse UserNotFound
|
|
*/
|
|
api.sendPrivateMessage = {
|
|
method: 'POST',
|
|
url: '/members/send-private-message',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkBody('message', res.t('messageRequired')).notEmpty();
|
|
req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const sender = res.locals.user;
|
|
const sanitizedMessageText = sanitizeMessageText(req.body.message);
|
|
const message = (await highlightMentions(sanitizedMessageText))[0];
|
|
|
|
const receiver = await User.findById(req.body.toUserId).exec();
|
|
if (!receiver) throw new NotFound(res.t('userNotFound'));
|
|
if (!receiver.flags.verifiedUsername) delete receiver.auth.local.username;
|
|
|
|
const objections = sender.getObjectionsToInteraction('send-private-message', receiver);
|
|
if (objections.length > 0 && !sender.hasPermission('moderator')) throw new NotAuthorized(res.t(objections[0]));
|
|
|
|
const messageSent = await sentMessage(sender, receiver, message, res.t);
|
|
|
|
res.respond(200, { message: messageSent });
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/members/transfer-gems Send a gem gift to a member
|
|
* @apiName TransferGems
|
|
* @apiGroup Member
|
|
*
|
|
* @apiParam (Body) {String} message The message to the user
|
|
* @apiParam (Body) {UUID} toUserId The user to send the gift to
|
|
* @apiParam (Body) {Integer} gemAmount The number of gems to send
|
|
*
|
|
* @apiSuccess {Object} data An empty Object
|
|
*
|
|
* @apiUse UserNotFound
|
|
*/
|
|
api.transferGems = {
|
|
method: 'POST',
|
|
url: '/members/transfer-gems',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();
|
|
req.checkBody('gemAmount', res.t('gemAmountRequired')).notEmpty().isInt();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const sender = res.locals.user;
|
|
const receiver = await User.findById(req.body.toUserId).exec();
|
|
if (!receiver) throw new NotFound(res.t('userNotFound'));
|
|
|
|
const objections = sender.getObjectionsToInteraction('transfer-gems', receiver);
|
|
if (objections.length > 0) throw new NotAuthorized(res.t(objections[0]));
|
|
|
|
const { gemAmount } = req.body;
|
|
const amount = gemAmount / 4;
|
|
|
|
if (amount <= 0 || sender.balance < amount) {
|
|
throw new NotAuthorized(res.t('badAmountOfGemsToSend'));
|
|
}
|
|
|
|
// Received from {sender}
|
|
await receiver.updateBalance(amount, 'gift_receive', sender._id, sender.auth.local.username);
|
|
|
|
// Gifted to {receiver}
|
|
await sender.updateBalance(-amount, 'gift_send', receiver._id, receiver.auth.local.username);
|
|
// @TODO necessary? Also saved when sending the inbox message
|
|
const promises = [receiver.save(), sender.save()];
|
|
await Promise.all(promises);
|
|
|
|
// generate the message in both languages, so both users can understand it
|
|
const receiverLang = receiver.preferences.language;
|
|
const senderLang = sender.preferences.language;
|
|
const [receiverMsg, senderMsg] = [receiverLang, senderLang].map(lang => {
|
|
let messageContent = res.t('privateMessageGiftGemsMessage', {
|
|
receiverName: receiver.profile.name,
|
|
senderName: sender.profile.name,
|
|
gemAmount,
|
|
}, lang);
|
|
messageContent = `\`${messageContent}\` `;
|
|
|
|
if (req.body.message) {
|
|
messageContent += req.body.message;
|
|
}
|
|
return messageContent;
|
|
});
|
|
|
|
await sender.sendMessage(receiver, {
|
|
senderMsg,
|
|
receiverMsg,
|
|
});
|
|
|
|
const byUsername = getUserInfo(sender, ['name']).name;
|
|
|
|
if (receiver.preferences.emailNotifications.giftedGems !== false) {
|
|
sendTxnEmail(receiver, 'gifted-gems', [
|
|
{ name: 'GIFTER', content: byUsername },
|
|
{ name: 'X_GEMS_GIFTED', content: gemAmount },
|
|
]);
|
|
}
|
|
if (receiver.preferences.pushNotifications.giftedGems !== false) {
|
|
sendPushNotification(receiver,
|
|
{
|
|
title: res.t('giftedGems', receiverLang),
|
|
message: res.t('giftedGemsInfo', { amount: gemAmount, name: byUsername }, receiverLang),
|
|
identifier: 'giftedGems',
|
|
payload: { replyTo: sender._id },
|
|
});
|
|
}
|
|
|
|
res.respond(200, {});
|
|
|
|
if (res.analytics) {
|
|
res.analytics.track('transfer gems', {
|
|
uuid: sender._id,
|
|
hitType: 'event',
|
|
category: 'behavior',
|
|
headers: req.headers,
|
|
quantity: gemAmount,
|
|
});
|
|
}
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/members/:memberId/flag Flag (report) a user
|
|
* @apiDescription Sends an email to staff about another user or their profile
|
|
* @apiName FlagUser
|
|
* @apiGroup Members
|
|
*
|
|
* @apiParam (Path) {UUID} memberId The unique ID of the user being flagged
|
|
* @apiParam (Body) {String} [comment] explain why the user was flagged
|
|
* @apiParam (Body) {String} [source] URL or view from which the user was flagged
|
|
*
|
|
* @apiSuccess {Object} data The flagged user
|
|
* @apiSuccess {UUID} data.id The id of the flagged user
|
|
* @apiSuccess {String} data.username The username of the flagged user
|
|
* @apiSuccess {Object} data.profile The flagged user's profile information
|
|
* @apiSuccess {String} data.profile.blurb Text of the flagged user's profile bio
|
|
* @apiSuccess {Object} data.profile.flags Data about flags the profile has received.
|
|
* Restricted to the reporting user's own flag
|
|
* unless the reporting user is a moderator.
|
|
* Each key is a UUID, and fields are comment,
|
|
* source, and timestamp.
|
|
* @apiSuccess {String} data.profile.imageUrl URL of the flagged user's profile image
|
|
* @apiSuccess {String} data.profile.name The flagged user's display name
|
|
*
|
|
* @apiError (400) {BadRequest} AlreadyFlagged A profile cannot be flagged
|
|
* more than once by the same user.
|
|
* @apiError (400) {BadRequest} MemberIdRequired The `memberId` param is required
|
|
* and must be a valid `UUID`.
|
|
* @apiError (404) {NotFound} UserWithIdNotFound The `memberId` param did not
|
|
* belong to an existing user.
|
|
*/
|
|
api.flagUser = {
|
|
method: 'POST',
|
|
url: '/members/:memberId/flag',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const chatReporter = chatReporterFactory('User', req, res);
|
|
const flaggedUser = await chatReporter.flag();
|
|
res.respond(200, flaggedUser);
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/members/:memberId/clear-flags Delete flags from a user
|
|
* @apiDescription Removes any abuse reports flagged on a user profile.
|
|
* @apiPermission Admin
|
|
* @apiName ClearUserFlags
|
|
* @apiGroup Members
|
|
*
|
|
* @apiParam (Path) {UUID} memberId The unique ID of the flagged user to reset
|
|
*
|
|
* @apiSuccess {Object} data An empty object
|
|
*
|
|
* @apiError (400) {BadRequest} MemberIdRequired The `memberId` param is required
|
|
* and must be a valid `UUID`.
|
|
* @apiError (400) {BadRequest} MustBeAdmin Must be a moderator to use this route
|
|
* @apiError (404) {NotFound} UserWithIdNotFound The `memberId` param did not
|
|
* belong to an existing user.
|
|
*/
|
|
|
|
api.clearUserFlags = {
|
|
method: 'POST',
|
|
url: '/members/:memberId/clear-flags',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { memberId } = req.params;
|
|
|
|
req.checkParams('memberId', res.t('memberIdRequired')).notEmpty().isUUID();
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
if (!user.hasPermission('moderator')) {
|
|
throw new BadRequest('Only a moderator may clear reports from a profile.');
|
|
}
|
|
const flaggedUser = await User.findOne(
|
|
{ _id: memberId },
|
|
{ profile: 1 },
|
|
).exec();
|
|
if (!flaggedUser) {
|
|
throw new NotFound(res.t('userWithIDNotFound', { userId: memberId }));
|
|
}
|
|
flaggedUser.profile.flags = {};
|
|
await flaggedUser.save();
|
|
|
|
res.respond(200, {});
|
|
},
|
|
};
|
|
|
|
export default api;
|