User list, progress #3

lib/get-user-by-email.js

@@ -14,6 +14,7 @@ const mysql = require('./mysql');
  * @property {Date} ts
  * @property {number} disabled
  * @property {number} super
+ * @property {number} [target_count]
  */
 
 /**

lib/get-user-list.js

@@ -1,18 +1,38 @@
 const MODULE_NAME = 'GET-USER-LIST';
 
 const TABLE_NAME = 'users';
+const TABLE_NAME_TARGETS = 'targets';
 
 const logger = require('./logger');
 const mysql = require('./mysql');
 
-module.exports = async (xid, includeDisabled) => {
-  const values = [TABLE_NAME];
+/**
+ *
+ * @param {string} xid
+ * @param {boolean} includeDisabled
+ * @returns {Promise<import('./get-user-by-email').User[]>}
+ */
+module.exports = async (xid, includeDisabled, withTargetCount) => {
+  const fields = ['u.*'];
+  const values = [];
   const conditions = [1];
 
+  if (withTargetCount) {
+    fields.push('(SELECT COUNT(1) FROM ?? t WHERE t.user_email = u.email) AS target_count');
+    values.push(TABLE_NAME_TARGETS);
+  }
+
+  values.push(TABLE_NAME);
+
   if (!includeDisabled) {
     conditions.push('u.disabled = 0');
   }
-  const query = `SELECT * FROM ?? u WHERE ${conditions.join(' AND ')}`;
+
+  const query = `
+    SELECT ${fields.join(', ')}
+    FROM ?? u
+    WHERE ${conditions.join(' AND ')}
+  `.trim();
 
   try {
     const [result] = await mysql.poolPromise.query(query, values);

lib/webserver/routers/dashboard/forbid-if-not-super-user.js

@@ -0,0 +1,43 @@
+const MODULE_NAME = 'WEBSERVER.ROUTERS.DASHBOARD.FORBID-IF-NOT-SUPER-USER';
+
+const logger = require('../../../logger');
+
+/**
+ *
+ * @param {object} options
+ * @param {string} [options.redirectUrl] - redirect to this url on forbidden
+ * @returns {import('express').RequestHandler}
+ */
+module.exports = (options) => (
+  /**
+   *
+   * @param {import("express").Request} req
+   * @param {import("express").Response} res
+   * @param {import("express").NextFunction} next
+   */
+  (req, res, next) => {
+    const { xid, currentUser } = res.locals;
+    if (!currentUser?.super) {
+      logger.warn(`${MODULE_NAME} C3415A21: Forbid non super user`, {
+        xid,
+        currentUser,
+        ip: req.ip,
+        url: req.originalUrl,
+      });
+
+      if (options?.redirectUrl) {
+        res.redirect(options.redirectUrl);
+      } else {
+        res.status(403).json({
+          status: 403,
+          message: 'Forbidden access',
+          'trace-id': xid,
+        });
+      }
+
+      return;
+    }
+
+    next();
+  }
+);

lib/webserver/routers/dashboard/index.js

@@ -4,6 +4,7 @@ const navbar = require('./navbar');
 const navbarAdmin = require('./navbar-admin');
 
 const routerMyLinks = require('./routers/my-links');
+const routerUsers = require('./routers/users');
 
 const router = express.Router();
 module.exports = router;
@@ -40,3 +41,4 @@ const pageMain = (req, res) => {
 router.use(defaultInit);
 router.all('/', pageMain);
 router.use('/my-links', routerMyLinks);
+router.use('/users/', routerUsers);

lib/webserver/routers/dashboard/navbar-admin.js

@@ -4,9 +4,9 @@ module.exports = [
     link: '/dashboard/my-links/all-users',
     xlinkHref: '#file-earmark-text',
   },
-  // {
-  //   name: 'Users',
-  //   link: '/dashboard/users',
-  //   xlinkHref: '#people',
-  // },
+  {
+    name: 'Users',
+    link: '/dashboard/users',
+    xlinkHref: '#people',
+  },
 ];

lib/webserver/routers/dashboard/routers/users/index.js

@@ -0,0 +1,41 @@
+// const MODULE_NAME = 'WEBSERVER.ROUTERS.DASHBOARD.ROUTERS.USERS';
+
+const express = require('express');
+const forbidIfNotSuper = require('../../forbid-if-not-super-user');
+const getUserList = require('../../../../../get-user-list');
+
+const router = express.Router();
+module.exports = router;
+
+/**
+ *
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ * @param {import('express').NextFunction} next
+ */
+const init = (req, res, next) => {
+  res.locals.baseUrl = req.baseUrl;
+  next();
+};
+
+/**
+ *
+ * @param {import('express').Request} req
+ * @param {import('express').Response} res
+ */
+const pageMain = async (req, res) => {
+  const { xid } = res.locals;
+
+  try {
+    const users = await getUserList(xid, true, true);
+    res.render('users.index.html.njk', {
+      pageTitle: 'User List',
+      users,
+    });
+  } catch (e) {
+    //
+  }
+};
+
+router.use(init);
+router.get('/', forbidIfNotSuper({ redirectUrl: '/dashboard/users/view' }), pageMain);

views/users.index.html.njk

@@ -0,0 +1,30 @@
+{% extends template %}
+
+{% block content %}
+
+<ul>
+{% for user in users %}
+  <li>
+    <a href="{{ baseUrl }}/views/{{ user.email }}">
+      <strong>{{ user.email }}</strong>
+    </a>
+
+    &nbsp;&nbsp;
+    <span class="badge text-bg-{% if user.disabled %}danger{% else %}success{% endif %}">
+      {% if user.disabled %}DISABLED{% else %}ENABLED{% endif %}
+    </span>
+
+    <ul>
+      <li>member since {{ user.created | simpleDateTime }}</li>
+
+      {% if user.super %}
+      <li>is a super user</li>
+      {% endif %}
+
+      <li>has {{ user.target_count }} links</li>
+    </ul>
+  </li>
+{% endfor %}
+</ul>
+
+{% endblock %}