mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-16 14:17:22 +01:00
d9e774dd77
* Begin refactoring news API to return individual markdown posts * Implement simple bailey CMS * Prevented users with lvl less than 10 from seeing mana * Added in class checks and notification tests * Added getter use * Fixed class check * chore(i18n): update locales * 4.60.2 * remove tests that are no longer needed because we won't be purging private messages (#10670) Ref: this comment from paglias: https://github.com/HabitRPG/habitica/issues/7940#issuecomment-406489506 * remove .only * allow challenge leader/owner to view/join/modify challenge in private group they've left - fixes #9753 (#10606) * rename hasAccess to canJoin for challenges This is so the function won't be used accidentally for other purposes, since hasAccess could be misinterpretted. * add isLeader function for challenges * allow challenge leader to join/modify/end challenge when they're not in the private group it's in * delete duplicate test * clarify title of existing tests * add tests and adjust existing tests to reduce privileges of test users * fix lint errors * remove pointless isLeader check (it's checked in canJoin) * Correct Challenges tooltip in Guild view (#10667) * Fix new party member cannot join pending quest (#10648) * Saved sort selection into local storage for later use - fixes #10432 (#10655) * Saved sort selection into local storage for later use * Updated code to use userLocalManager module * Fix initial position item info when selecting one item after another (fixes #10077) (#10661) * Update lastMouseMoveEvent even when dragging an egg or potion. * Update lastMouseMoveEvent even when dragging a food item. * Refactor/market vue (#10601) * extract inventoryDrawer from market * show scrollbar only if needed * extract featuredItemsHeader / pinUtils * extract pageLayout * extract layoutSection / filterDropdown - fix sortByNumber * rollback sortByNumber order-fix * move equipment lists out of the layout-section (for now) * refactor sellModal * extract checkbox * extract equipment section * extract category row * revert scroll - remove sellModal item template * fix(lint): commas and semis * Created category item component (#10613) * extract filter sidebar * fix gemCount - fix raising the item count if the item wasn't previously owned * fixes #10659 * remove unneeded method * fix typo when importing component * feat(content): Forest Friends Quest Bundle * chore(sprites): compile * chore(i18n): update locales * 4.60.3 * fix(bcrypt): install fork compatible with Node 8 * chore(i18n): update locales * 4.60.4 * add swear words - TRIGGER / CONTENT WARNING: assault, slurs, swearwords, etc * add pinUtils-mixin - fixes #10682 (#10683) * chore(news): Bailey * chore(i18n): update locales * 4.60.5 * Improve rendering banner about sleeping in the inn See #10695 * Display settings in one column * Small Updates (#10701) * small updates * fix client unit test * fix uuid validation * Revert "Small Updates (#10701)" (#10702) This reverts commitdd7fa73961. * feat(event): Fall Festival 2018 * chore(sprites): compile * chore(i18n): update locales * 4.61.0 * Move inbox to its own model (#10428) * shared model for chat and inbox * disable inbox schema * inbox: use separate model * remove old code that used group.chat * add back chat field (not used) and remove old tests * remove inbox exclusions when loading user * add GET /api/v3/inbox/messages * add comment * implement DELETE /inbox/messages/:messageid in v4 * implement GET /inbox/messages in v4 and update tests * implement DELETE /api/v4/inbox/clear * fix url * fix doc * update /export/inbox.html * update other data exports * add back messages in user schema * add user.toJSONWithInbox * add compativility until migration is done * more compatibility * fix tojson called twice * add compatibility methods * fix common tests * fix v4 integration tests * v3 get user -> with inbox * start to fix tests * fix v3 integration tests * wip * wip, client use new route * update tests for members/send-private-message * tests for get user in v4 * add tests for DELETE /inbox/messages/:messageId * add tests for DELETE /inbox/clear in v4 * update docs * fix tests * initial migration * fix migration * fix migration * migration fixes * migrate api.enterCouponCode * migrate api.castSpell * migrate reset, reroll, rebirth * add routes to v4 version * fix tests * fixes * api.updateUser * remove .only * get user -> userLib * refactor inbox.vue to work with new data model * fix return message when messaging yourself * wip fix bug with new conversation * wip * fix remaining ui issues * move api.registerLocal, fixes * keep only v3 version of GET /inbox/messages * Fix API early Stat Point allocation (#10680) * Refactor hasClass check to common so it can be used in shared & server-side code * Check that user has selected class before allocating stat points * chore(event): end Ember Hatching Potions * chore(analytics): reenable navigation tracking * update bcrypt * Point achievement modal links to main site (#10709) * Animal ears after death (#10691) * Animal Ears purchasable with Gold if lost in Death * remove ears from pinned items when set is bought * standardise css and error handling for gems and coins * revert accidental new line * fix client tests * Reduce margin-bottom of checklist-item from 10px to -3px. (#10684) * chore(i18n): update locales * 4.61.1 * Position inn banner when window is resized * feat(content): Subscriber Items and Magic Potions * chore(sprites): compile * chore(i18n): update locales * 4.62.0 * Update inn banner handling * Fix banner offset on initial load * Fix minor issues. * Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718) * Issue: 10660 - Fixed. Changed default to Please Enter A Value * Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value * chore(news): Bailey announcements * chore(i18n): update locales * 4.62.1 * adjust wiki link for usernameInfo string https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425 * raise coverage for tasks api calls (#10029) * - updates a group task - approval is required - updates a group task with checklist * add expect to test the new checklist length * - moves tasks to a specified position out of length * remove unused line * website getter tasks tests * re-add sanitizeUserChallengeTask * change config.json.example variable to be a string not a boolean * fix tests - pick the text / up/down props too * fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props * chore(i18n): update locales * 4.62.2 * chore(news): Bailey * chore(i18n): update locales * 4.62.3 * inbox: fix avatar display and order * Username announcement (#10729) * Change update username API call The call no longer requires a password and also validates the username. * Implement API call to verify username without setting it * Improve coding style * Apply username verification to registration * Update error messages * Validate display names. * Fix API early Stat Point allocation (#10680) * Refactor hasClass check to common so it can be used in shared & server-side code * Check that user has selected class before allocating stat points * chore(event): end Ember Hatching Potions * chore(analytics): reenable navigation tracking * update bcrypt * Point achievement modal links to main site (#10709) * Animal ears after death (#10691) * Animal Ears purchasable with Gold if lost in Death * remove ears from pinned items when set is bought * standardise css and error handling for gems and coins * revert accidental new line * fix client tests * Reduce margin-bottom of checklist-item from 10px to -3px. (#10684) * chore(i18n): update locales * 4.61.1 * feat(content): Subscriber Items and Magic Potions * chore(sprites): compile * chore(i18n): update locales * 4.62.0 * Display notification for users to confirm their username * fix typo * WIP(usernames): Changes to address #10694 * WIP(usernames): Further changes for #10694 * fix(usernames): don't show spurious headings * Change verify username notification to new version * Improve feedback for invalid usernames * Allow user to set their username again to confirm it * Improve validation display for usernames * Temporarily move display name validation outside of schema * Improve rendering banner about sleeping in the inn See #10695 * Display settings in one column * Position inn banner when window is resized * Update inn banner handling * Fix banner offset on initial load * Fix minor issues. * Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718) * Issue: 10660 - Fixed. Changed default to Please Enter A Value * Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value * chore(news): Bailey announcements * chore(i18n): update locales * 4.62.1 * adjust wiki link for usernameInfo string https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425 * raise coverage for tasks api calls (#10029) * - updates a group task - approval is required - updates a group task with checklist * add expect to test the new checklist length * - moves tasks to a specified position out of length * remove unused line * website getter tasks tests * re-add sanitizeUserChallengeTask * change config.json.example variable to be a string not a boolean * fix tests - pick the text / up/down props too * fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props * Change update username API call The call no longer requires a password and also validates the username. * feat(content): Subscriber Items and Magic Potions * Re-add register call * Fix merge issue * Fix issue with setting username * Implement new alert style * Display username confirmation status in settings * Add disclaimer to change username field * validate username in settings * Allow specific fields to be focused when opening site settings * Implement requested changes. * Fix merge issue * Fix failing tests * verify username when users register with username and password * Set ID for change username notification * Disable submit button if username is invalid * Improve username confirmation handling * refactor(settings): address remaining code comments on auth form * Revert "refactor(settings): address remaining code comments on auth form" This reverts commit9b6609ad64. * Social user username (#10620) * Refactored private functions to library * Refactored social login code * Added username to social registration * Changed id library * Added new local auth check * Fixed export error. Fixed password check error * fix(settings): password not available on client * refactor(settings): more sensible placement of methods * chore(migration): script to hand out procgen usernames * fix(migration): don't give EVERYONE new names you doofus * fix(migration): limit data retrieved, be extra careful about updates * fix(migration): use missing field, not migration tag, for query * fix(migration): unused var * fix(usernames): only generate 20 characters * fix(migration): set lowerCaseUsername * fix(lint): comma * fix(lint): comma spacing * chore(i18n): update locales * 4.63.0 * chore(news): Bailey * chore(i18n): update locales * 4.63.1 * fix(usernames): various Reword invalid characters error Correct typo in slur error Remove extraneous Confirm button Reset username field if empty on blur Restore ability to add local auth to social login * fix(auth): account for new username paradigm in add-local flow * fix(auth): alert on successful addLocal * chore(i18n): update locales * 4.63.2 * fix(auth): Don't try to check existing username on new reg * 4.63.3 * feat(content): Armoire and BGs 2018/10 * chore(sprites): compile * fix(passport): use graph API v2.8 * chore(i18n): update locales * 4.64.0 * Begin refactoring news API to return individual markdown posts * Implement simple bailey CMS * remove old news markdown * Correctly display images in bailey modal * Remove need for newStuff migration * Add basic tests * Fix authentication issue * Fix tests * Update news model * add API route to get single post * remove news admin frontend code * fix lint error * Fix merge mixups * Fix lint errors * fix api call * fix lint error * Fix issues caused by merging * remove console log * Improve news display * Correctly update users notifications * Fix date display for news posts * Fix tests * remove old cache file * correctly create date * correctly create promise * Better check for existance. * Improve docs * Fix minor issues * Add method to get latest post * fix lint errors * use correct call for 404 * add comment about old newStuff field * paginate news * Fix lint errors * Remove unnecessary await * Fix broken tests * ... * correct existence check * fix database queries * change approach to cached news posts * fix tests * Change how news posts are cached * Fetch last news post at an interval * Fix typos and other small things * add new permission for modifying bailey posts * add test for ensureNewsPoster * return last news post with legacy api * Fix test * Hopefully fix test * change fields to _id * Fixes * Fixes * fix test * Fixes * make all tests pass * fix lint * id -> _id * _id -> id * remove identical tell me later route from api v4 * fix lint * user model: fix issues with newStuff * improve user#toJSONTransform * fix typo * improve newsPost.js * fix(integration tests): do not return flags.newStuff if it was not selected * fix news controller * server side fixes, start refactoring client * more client fixes * automatically set author * new stuff: show one post per user + drafts * change default border radius for modals to 8px * required fields and defaults * slit news into its own component and fix static page * noNewsPoster: move from i18n to apiError * remove unused strings * fix unit tests * update apidocs * add backward comparibility for flags.newStuff in api v3 * fix integration tests * POST news: make integration test independent of number of posts * api v3 news: render markdown * static new-stuff: add padding and fix when user not logged in * test flags.newStuff * api v3: test setting flags.newStuff on PUT /user * refactor news post cache and add tests * remove new locales file * more resilient tests * more resilient tests * refactor tests for NewsPost.updateLastNewsPost * api v4: fix tests * api v3: fix tests * can set flags.newStuff in api v4 Co-authored-by: Keith Holliday <keithrholliday@gmail.com> Co-authored-by: Sabe Jones <sabrecat@gmail.com> Co-authored-by: Alys <Alys@users.noreply.github.com> Co-authored-by: Matteo Pagliazzi <matteopagliazzi@gmail.com> Co-authored-by: Carl Vuorinen <carl.vuorinen@gmail.com> Co-authored-by: Rene Cordier <rene.cordier@gmail.com> Co-authored-by: Forrest Hatfield <github@forresthatfield.com> Co-authored-by: lucubro <88whacko@gmail.com> Co-authored-by: negue <negue@users.noreply.github.com> Co-authored-by: Alys <alice.harris@oldgods.net> Co-authored-by: J.D. Sandifer <sandifer.jd@gmail.com> Co-authored-by: Kirsty <kirsty-tortoise@users.noreply.github.com> Co-authored-by: beatscribe <rattjp@gmail.com> Co-authored-by: Phillip Thelen <phillip@habitica.com>
253 lines
6.9 KiB
JavaScript
253 lines
6.9 KiB
JavaScript
import _ from 'lodash';
|
|
import common from '../../../common';
|
|
import * as Tasks from '../../models/task';
|
|
import {
|
|
BadRequest,
|
|
NotAuthorized,
|
|
} from '../errors';
|
|
import { model as User, schema as UserSchema } from '../../models/user';
|
|
import { model as NewsPost } from '../../models/newsPost';
|
|
import { nameContainsSlur, nameContainsNewline } from './validation';
|
|
|
|
export async function get (req, res, { isV3 = false }) {
|
|
const { user } = res.locals;
|
|
let userToJSON;
|
|
|
|
if (isV3) {
|
|
userToJSON = await user.toJSONWithInbox();
|
|
} else {
|
|
userToJSON = user.toJSON();
|
|
}
|
|
|
|
// Remove apiToken from response TODO make it private at the user level? returned in signup/login
|
|
delete userToJSON.apiToken;
|
|
|
|
if (!req.query.userFields) {
|
|
const { daysMissed } = user.daysUserHasMissed(new Date(), req);
|
|
userToJSON.needsCron = false;
|
|
if (daysMissed > 0) userToJSON.needsCron = true;
|
|
User.addComputedStatsToJSONObj(userToJSON.stats, userToJSON);
|
|
}
|
|
|
|
return res.respond(200, userToJSON);
|
|
}
|
|
|
|
const updatablePaths = [
|
|
'_ABtests.counter',
|
|
|
|
'flags.customizationsNotification',
|
|
'flags.showTour',
|
|
'flags.tour',
|
|
'flags.tutorial',
|
|
'flags.communityGuidelinesAccepted',
|
|
'flags.welcomed',
|
|
'flags.cardReceived',
|
|
'flags.warnedLowHealth',
|
|
|
|
'achievements',
|
|
|
|
'party.order',
|
|
'party.orderAscending',
|
|
'party.quest.completed',
|
|
'party.quest.RSVPNeeded',
|
|
|
|
'preferences',
|
|
'profile',
|
|
'stats',
|
|
'inbox.optOut',
|
|
];
|
|
|
|
// This tells us for which paths users can call `PUT /user`.
|
|
// The trick here is to only accept leaf paths, not root/intermediate paths (see http://goo.gl/OEzkAs)
|
|
const acceptablePUTPaths = _.reduce(UserSchema.paths, (accumulator, val, leaf) => {
|
|
const found = _.find(updatablePaths, rootPath => leaf.indexOf(rootPath) === 0);
|
|
|
|
if (found) accumulator[leaf] = true;
|
|
|
|
return accumulator;
|
|
}, {});
|
|
|
|
const restrictedPUTSubPaths = [
|
|
'stats.class',
|
|
|
|
'preferences.disableClasses',
|
|
'preferences.sleep',
|
|
'preferences.webhooks',
|
|
];
|
|
|
|
_.each(restrictedPUTSubPaths, removePath => {
|
|
delete acceptablePUTPaths[removePath];
|
|
});
|
|
|
|
const requiresPurchase = {
|
|
'preferences.background': 'background',
|
|
'preferences.shirt': 'shirt',
|
|
'preferences.size': 'size',
|
|
'preferences.skin': 'skin',
|
|
'preferences.hair.bangs': 'hair.bangs',
|
|
'preferences.hair.base': 'hair.base',
|
|
'preferences.hair.beard': 'hair.beard',
|
|
'preferences.hair.color': 'hair.color',
|
|
'preferences.hair.flower': 'hair.flower',
|
|
'preferences.hair.mustache': 'hair.mustache',
|
|
};
|
|
|
|
function checkPreferencePurchase (user, path, item) {
|
|
const itemPath = `${path}.${item}`;
|
|
const appearance = _.get(common.content.appearances, itemPath);
|
|
if (!appearance) return false;
|
|
if (appearance.price === 0) return true;
|
|
|
|
return _.get(user.purchased, itemPath);
|
|
}
|
|
|
|
export async function update (req, res, { isV3 = false }) {
|
|
const { user } = res.locals;
|
|
|
|
let promisesForTagsRemoval = [];
|
|
|
|
if (req.body['profile.name'] !== undefined) {
|
|
const newName = req.body['profile.name'];
|
|
if (newName === null) throw new BadRequest(res.t('invalidReqParams'));
|
|
if (newName.length > 30) throw new BadRequest(res.t('displaynameIssueLength'));
|
|
if (nameContainsSlur(newName)) throw new BadRequest(res.t('displaynameIssueSlur'));
|
|
if (nameContainsNewline(newName)) throw new BadRequest(res.t('displaynameIssueNewline'));
|
|
}
|
|
|
|
_.each(req.body, (val, key) => {
|
|
const purchasable = requiresPurchase[key];
|
|
|
|
if (purchasable && !checkPreferencePurchase(user, purchasable, val)) {
|
|
throw new NotAuthorized(res.t('mustPurchaseToSet', { val, key }));
|
|
}
|
|
|
|
if (key === 'tags') {
|
|
if (!Array.isArray(val)) throw new BadRequest('mustBeArray');
|
|
|
|
const removedTagsIds = [];
|
|
|
|
const oldTags = [];
|
|
|
|
// Keep challenge and group tags
|
|
user.tags.forEach(t => {
|
|
if (t.group) {
|
|
oldTags.push(t);
|
|
} else {
|
|
removedTagsIds.push(t.id);
|
|
}
|
|
});
|
|
|
|
user.tags = oldTags;
|
|
|
|
val.forEach(t => {
|
|
const oldI = removedTagsIds.findIndex(id => id === t.id);
|
|
if (oldI > -1) {
|
|
removedTagsIds.splice(oldI, 1);
|
|
}
|
|
|
|
user.tags.push(t);
|
|
});
|
|
|
|
// Remove from all the tasks
|
|
// NOTE each tag to remove requires a query
|
|
|
|
promisesForTagsRemoval = removedTagsIds.map(tagId => Tasks.Task.update({
|
|
userId: user._id,
|
|
}, {
|
|
$pull: {
|
|
tags: tagId,
|
|
},
|
|
}, { multi: true }).exec());
|
|
} else if (key === 'flags.newStuff' && val === false) {
|
|
// flags.newStuff was removed from the user schema and is only returned for compatibility
|
|
// reasons but we're keeping the ability to set it in API v3
|
|
const lastNewsPost = NewsPost.lastNewsPost();
|
|
if (lastNewsPost) {
|
|
user.flags.lastNewStuffRead = lastNewsPost._id;
|
|
}
|
|
} else if (acceptablePUTPaths[key]) {
|
|
_.set(user, key, val);
|
|
} else {
|
|
throw new NotAuthorized(res.t('messageUserOperationProtected', { operation: key }));
|
|
}
|
|
});
|
|
|
|
await Promise.all([user.save()].concat(promisesForTagsRemoval));
|
|
|
|
let userToJSON = user;
|
|
|
|
if (isV3) userToJSON = await user.toJSONWithInbox();
|
|
|
|
return res.respond(200, userToJSON);
|
|
}
|
|
|
|
export async function reset (req, res, { isV3 = false }) {
|
|
const { user } = res.locals;
|
|
|
|
const tasks = await Tasks.Task.find({
|
|
userId: user._id,
|
|
...Tasks.taskIsGroupOrChallengeQuery,
|
|
}).select('_id type challenge group').exec();
|
|
|
|
const resetRes = common.ops.reset(user, tasks);
|
|
if (isV3) {
|
|
resetRes[0].user = await resetRes[0].user.toJSONWithInbox();
|
|
}
|
|
|
|
await Promise.all([
|
|
Tasks.Task.remove({ _id: { $in: resetRes[0].tasksToRemove }, userId: user._id }),
|
|
user.save(),
|
|
]);
|
|
|
|
res.analytics.track('account reset', {
|
|
uuid: user._id,
|
|
hitType: 'event',
|
|
category: 'behavior',
|
|
});
|
|
|
|
res.respond(200, ...resetRes);
|
|
}
|
|
|
|
export async function reroll (req, res, { isV3 = false }) {
|
|
const { user } = res.locals;
|
|
const query = {
|
|
userId: user._id,
|
|
type: { $in: ['daily', 'habit', 'todo'] },
|
|
...Tasks.taskIsGroupOrChallengeQuery,
|
|
};
|
|
const tasks = await Tasks.Task.find(query).exec();
|
|
const rerollRes = common.ops.reroll(user, tasks, req, res.analytics);
|
|
if (isV3) {
|
|
rerollRes[0].user = await rerollRes[0].user.toJSONWithInbox();
|
|
}
|
|
|
|
const promises = tasks.map(task => task.save());
|
|
promises.push(user.save());
|
|
|
|
await Promise.all(promises);
|
|
|
|
res.respond(200, ...rerollRes);
|
|
}
|
|
|
|
export async function rebirth (req, res, { isV3 = false }) {
|
|
const { user } = res.locals;
|
|
const tasks = await Tasks.Task.find({
|
|
userId: user._id,
|
|
type: { $in: ['daily', 'habit', 'todo'] },
|
|
...Tasks.taskIsGroupOrChallengeQuery,
|
|
}).exec();
|
|
|
|
const rebirthRes = common.ops.rebirth(user, tasks, req, res.analytics);
|
|
if (isV3) {
|
|
rebirthRes[0].user = await rebirthRes[0].user.toJSONWithInbox();
|
|
}
|
|
|
|
const toSave = tasks.map(task => task.save());
|
|
|
|
toSave.push(user.save());
|
|
|
|
await Promise.all(toSave);
|
|
|
|
res.respond(200, ...rebirthRes);
|
|
}
|