From fdb447a9ee594cd1e6a520ab4e40b75524b24fa8 Mon Sep 17 00:00:00 2001
From: Johnathon Slightham <31053827+jslightham@users.noreply.github.com>
Date: Tue, 25 May 2021 15:50:56 -0400
Subject: [PATCH] Added some admin endpoints & ssl, and cleaned up config

---
 DB.js                 |  3 ---
 config.js             | 44 +++++++++++++++++++++++++++++++++++----
 index.js              | 19 ++++++++++++++---
 routes/admin.route.js | 48 +++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 104 insertions(+), 10 deletions(-)
 delete mode 100644 DB.js
 create mode 100644 routes/admin.route.js

diff --git a/DB.js b/DB.js
deleted file mode 100644
index 2c37f9d..0000000
--- a/DB.js
+++ /dev/null
@@ -1,3 +0,0 @@
-module.exports = {
-    DB: 'mongodb://localhost:27017/kno-logic'
-}
diff --git a/config.js b/config.js
index 6df67f6..1ac83ab 100644
--- a/config.js
+++ b/config.js
@@ -1,16 +1,52 @@
 var config = {};
-
-// Mailer settings
+/*
+ * Mailer settings
+*/
 config.mail = {};
+// Mail host
 config.mail.host = "localhost";
+// Mail port
 config.mail.port = "587";
+// Mail use secure
 config.mail.secure = false;
+// Mail username
 config.mail.user = "email";
+// Mail password
 config.mail.pass = "password";
-config.mail.from = "name"
+// Mail from name
+config.mail.from = "name";
 
-// Session purge settings
+/*
+ * Session purge settings
+*/
+// Maximum session length in days
 config.maxSessionLength = 30;
 
+/*
+ * SSL settings
+*/
+config.ssl = {};
+// Run SSL server
+config.ssl.use = false;
+// Location of SSL key
+config.ssl.key = "/etc/letsencrypt/live/knologic.chickenkiller.com/privkey.pem";
+// Location of SSL cert
+config.ssl.cert = "/etc/letsencrypt/live/knologic.chickenkiller.com/fullchain.pem";
+// SSL port
+config.ssl.port = 4000;
+
+/*
+ * HTTP settings
+*/
+config.http = {};
+// HTTP port
+config.http.port = 8080;
+
+/*
+ * Database Settings
+*/
+config.db = {}
+config.db.connection = 'mongodb://localhost:27017/kno-logic';
+
 
 module.exports = config;
diff --git a/index.js b/index.js
index 15e1eed..96bb89e 100644
--- a/index.js
+++ b/index.js
@@ -6,17 +6,20 @@ const cors = require('cors');
 const mongoose = require('mongoose');
 const utils = require ('./utils/utils');
 const CronJob = require('cron').CronJob;
-const config = require('./DB.js');
+const config = require('./config.js');
+const adminRoutes = require('./routes/admin.route');
 const userRoutes = require('./routes/user.route');
 const postRoutes = require('./routes/post.route');
 const categoryRoutes = require('./routes/category.route');
 const mongoSanitize = require('express-mongo-sanitize');
+const fs = require("fs");
+const { Http2ServerRequest } = require('http2');
 
 console.log("Starting Kno-Logic Backend Server");
 
 // Handle MongoDB connection
 mongoose.Promise = global.Promise;
-mongoose.connect(config.DB, { useNewUrlParser: true, useUnifiedTopology: true }).then(
+mongoose.connect(config.db.connection, { useNewUrlParser: true, useUnifiedTopology: true }).then(
     () => {
         console.log('Connected to dabase');
         utils.mail.loadDefaultTemplates();
@@ -37,14 +40,24 @@ app.use(express.json());
 app.use(mongoSanitize());
 
 // Express routes
+app.use('/admin', adminRoutes);
 app.use('/user', userRoutes);
 app.use('/post', postRoutes);
 app.use('/category', categoryRoutes);
 
-app.listen(PORT, () => {
+app.listen(config.http.port, () => {
     console.log('Express server running on port:', PORT);
 });
 
+if (config.ssl.use) {
+    const options = {
+        key: fs.readFileSync(config.ssl.key),
+        cert: fs.readFileSync(config.ssl.cert)
+    }
+    https.createServer(options, app).listen(config.ssl.port);
+}
+
+
 // Cron jobs
 var purge = new CronJob('*/5 * * * *', utils.cron.purgeSessions);
 purge.start();
diff --git a/routes/admin.route.js b/routes/admin.route.js
new file mode 100644
index 0000000..ee77783
--- /dev/null
+++ b/routes/admin.route.js
@@ -0,0 +1,48 @@
+const utils = require('../utils/utils');
+const express = require('express');
+const adminRoutes = express.Router();
+
+let Post = require('../schema/post.model');
+let Category = require('../schema/category.model');
+let Session = require('../schema/session.model');
+let User = require('../schema/user.model');
+
+/*
+    POST - /admin/stats
+    Get system status
+    Response: 201 - Created
+              401 - Unauthorized
+*/
+adminRoutes.route('/stats').post((req, res) => {
+    if (!req.body) {
+        res.status(401).send("Missing body");
+        return;
+    }
+    utils.account.checkSession(req.body.userId, req.body.sessionId, (isValidId) => {
+        utils.account.isAdmin(req.body.userId, (isAdmin) => {
+            if (isValidId && isAdmin) {
+                let stats = {};
+                Post.count({}, (err, postCount) => {
+                    stats.postCount = postCount;
+                    Category.count({}, (err, categoryCount) => {
+                        stats.categoryCount = categoryCount;
+                        Session.count({}, (err, sessionCount) => {
+                            stats.sessionCount = sessionCount;
+                            User.count({}, (err, userCount) => {
+                                stats.userCount = userCount;
+                                stats.date = Date();
+                                res.json(stats);
+                            });
+                        });
+                    });
+                });
+            } else {
+                res.status(401).send("Invalid permissions to view stats.");
+                return;
+            }
+        })
+    });
+});
+
+
+module.exports = adminRoutes;