diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..bbfa6b0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +.DS_Store +node_modules +npm-debug.log +/config/config.yaml +/sess.vim diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..a871fcf --- /dev/null +++ b/LICENSE @@ -0,0 +1,662 @@ + GNU AFFERO GENERAL PUBLIC LICENSE + Version 3, 19 November 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + + A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + + The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + + An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing under +this license. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU Affero General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Remote Network Interaction; Use with the GNU General Public License. + + Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your version +supports such interaction) an opportunity to receive the Corresponding +Source of your version by providing access to the Corresponding Source +from a network server at no charge, through some standard or customary +means of facilitating copying of software. This Corresponding Source +shall include the Corresponding Source for any work covered by version 3 +of the GNU General Public License that is incorporated pursuant to the +following paragraph. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU Affero General Public License from time to time. Such new versions +will be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for the +specific requirements. + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU AGPL, see +. + diff --git a/TODO b/TODO new file mode 100644 index 0000000..080045c --- /dev/null +++ b/TODO @@ -0,0 +1,10 @@ +- keychain validation/sync +- note/file validation/sync + - s3/local file uploads +- invite validation/sync +- sync invites + - should invites be part of populate_shares? + - should invites just be included in the space data next to members? + - and removed unless user has permissions.add_space_invite? + - should invites just trigger an edit sync on the space? + - only synced to permissible members? diff --git a/config/config.yaml.default b/config/config.yaml.default new file mode 100644 index 0000000..e69de29 diff --git a/controllers/errlog.js b/controllers/errlog.js new file mode 100644 index 0000000..97e5924 --- /dev/null +++ b/controllers/errlog.js @@ -0,0 +1,3 @@ +exports.route = function(app) { +}; + diff --git a/controllers/feedback.js b/controllers/feedback.js new file mode 100644 index 0000000..97e5924 --- /dev/null +++ b/controllers/feedback.js @@ -0,0 +1,3 @@ +exports.route = function(app) { +}; + diff --git a/controllers/files.js b/controllers/files.js new file mode 100644 index 0000000..97e5924 --- /dev/null +++ b/controllers/files.js @@ -0,0 +1,3 @@ +exports.route = function(app) { +}; + diff --git a/controllers/spaces.js b/controllers/spaces.js new file mode 100644 index 0000000..97e5924 --- /dev/null +++ b/controllers/spaces.js @@ -0,0 +1,3 @@ +exports.route = function(app) { +}; + diff --git a/controllers/sync.js b/controllers/sync.js new file mode 100644 index 0000000..8e826af --- /dev/null +++ b/controllers/sync.js @@ -0,0 +1,66 @@ +var tres = require('../helpers/tres'); +var model = require('../models/sync'); + +exports.route = function(app) { + app.get('/sync', partial_sync); + app.get('/sync/full', full_sync); + app.post('/sync', bulk_sync); +}; + +/** + * Given the current user and a sync-id, spits out all data that has changes in + * the user's profile since that sync id. Used by various clients to stay in + * sync with the canonical profile (hosted on the server). + * + * Unlike the /sync/full call, this is stateful...we are syncing actual profile + * changes here and thus depend on syncing the correct data. A mistake here can + * put bad data into the profile that will sit there until the app clears its + * local data. So we have to be careful to sync exactly what the client needs. + * This is easy for tangible things like editing a note or adding a keychain + * because there is a 1:1 mapping of sync record -> action. When things get + * tricky is for 'share' and 'unshare' sync records: we have to create a bunch + * of fake sync records that add the board(s) and their note(s) to the profile + * and make sure they are injected at the correct place in the sync result. + * + * So in the cases where we're fabricating sync items, we have to be cautious + * to add/remove the correct data or the app is going to have a bad time. + */ +var partial_sync = function(req, res) { + var user_id = req.user.id; + var sync_id = req.query.sync_id; + return model.sync_from(user_id, sync_id) + .spread(function(sync_records, latest_sync_id) { + }) + .catch(tres.err.bind(tres, res)); +} + +/** + * Called by the client if a user has no local profile data. Returns the profile + * data in the same format as a sync call, allowing the client to process it the + * same way as regular syncing. + * + * It's important to note that this isn't stateful in the sense that we need to + * gather the correct sync items and send them...what we're doing is pulling out + * all the needed data for the profile and returning it as sync 'add' items. Any + * time the app needs a fresh set of *correct* data it can wipe its local data + * and grab this. + */ +var full_sync = function(req, res) { +}; + +/** + * Bulk sync API. Accepts any number of sync items and applies the updates to + * the profile of the authed user. + * + * Note that the items are added in sequence and if any one in the sequence + * fails, we abort and send back the successes and failures. This is because + * many of the items need to be added in a specific sequence in order to work + * correctly (for instance, a keychain entry for a board needs to be synced + * before the board itself). Catching a failure in the sequence allows the + * client to try again whilst still preserving the original order of the sync + * items. + */ +var bulk_sync = function(req, res) { +}; + + diff --git a/controllers/users.js b/controllers/users.js new file mode 100644 index 0000000..0e35daf --- /dev/null +++ b/controllers/users.js @@ -0,0 +1,36 @@ +var model = require('../models/user'); +var tres = require('../helpers/tres'); + +exports.route = function(app) { + app.post('/users', join); + app.post('/auth', authenticate); + app.delete('/users/:user_id', delete_account); +}; + +/** + * create a new user account + */ +var join = function(req, res) { + var data = req.body; + return model.join(data) + .then(tres.send.bind(tres, res)) + .catch(tres.err.bind(tres, res)); +}; + +/** + * a basic endpoint specifically for authentication + */ +var authenticate = function(req, res) { + return tres.send(res, {ok: true}); +}; + +/** + * removes a user's account and all data owned by only that user + */ +var delete_account = function(req, res) { + var cur_user_id = req.user.id; + var user_id = req.params.user_id; + return model.delete(cur_user_id, user_id) + .then(tres.send.bind(tres, res)) + .catch(tres.err.bind(tres, res)); +}; diff --git a/helpers/auth.js b/helpers/auth.js new file mode 100644 index 0000000..7f3db4a --- /dev/null +++ b/helpers/auth.js @@ -0,0 +1,22 @@ +var user_model = require('../models/user'); +var tres = require('./tres'); + +var public_routes = [ + 'get /', + 'post /users', +]; + +module.exports = function(req, res, next) { + var auth = req.headers.authorization; + var method_url = req.method.toLowerCase()+' '+req.url; + if(public_routes.indexOf(method_url) >= 0) return next(); + return user_model.check_auth(auth) + .then(function(user) { + req.user = user; + next(); + }) + .catch(function(err) { + tres.err(res, err); + }); +}; + diff --git a/helpers/config.js b/helpers/config.js new file mode 100644 index 0000000..9eca65b --- /dev/null +++ b/helpers/config.js @@ -0,0 +1,6 @@ +var yaml = require('js-yaml'); +var fs = require('fs'); + +var config_str = fs.readFileSync(__dirname+'/../config/config.yaml', 'utf8'); +module.exports = yaml.safeLoad(config_str); + diff --git a/helpers/db.js b/helpers/db.js new file mode 100644 index 0000000..580dd5d --- /dev/null +++ b/helpers/db.js @@ -0,0 +1,246 @@ +/** + * This file provides a very simple CRUD model for querying and saving data in + * postgres. note that the upsert function *requires* postgres >= 9.5. + */ + +var config = require('./config'); +var pg = require('pg'); +var Promise = require('bluebird'); +var log = require('./log'); +var util = require('./util'); + +// create a connection string TAILORED TO YOUR SPECIFIC NEEDS +var connection = 'postgres://'+config.db.user+(config.db.password ? ':'+config.db.password : '')+'@'+config.db.host+':'+config.db.port+'/'+config.db.database; + +/** + * clean db literal strings + */ +var clean = function(lit) { return lit.replace(/[^0-9a-z_"-]/g, ''); }; + +/** + * stringifies data for json storage + */ +exports.json = function(data) { + if(data === undefined) return null; + return JSON.stringify(data || null); +}; + +/** + * build a query by replacing templated values inside of it with positional + * markers that can be handed off to postgres. + * + * SELECT question FROM jokes WHERE punchline = {{punchline}} AND {{where|raw}} OR date < {{now}} + * {punchline: 'your mom', where: 'num_uses < 5', now: db.literal('now()')} + * + * into + * + * SELECT question FROM jokes WHERE punchline = $1 AND num_uses < 5 OR date < now() + * ['your mom'] + * + * note that there are two ways of specifying literal values...one within the + * query string itself {{varname|raw}} and one withing the actual query_data, + * via {varname: db.literal('now()')} + */ +var builder = function(qry, query_data) { + query_data || (query_data = {}); + var val_arr = []; + qry = qry.replace(/\{\{([0-9a-z_-]+)(\|raw)?\}\}/gi, function(_, key, raw) { + var val = (typeof(query_data[key]) == 'undefined' ? '' : query_data[key]); + // return literal values verbatim + if(val && val._omg_literally) return val._omg_literally; + + // do some data massaging + if(val === null) { } + else if(typeof(val) == 'object') val = exports.json(val); + else val = val.toString(); + + // return raw values directly into the query + if(raw) return val; + + // not literal, not a raw, run the query replacerment and push the val + // onto our val_arr + val_arr.push(val); + return '$'+(val_arr.length); + }); + return {query: qry, vals: val_arr}; +}; + +// use this to wrap your arguments to be injected as literals. literally. +exports.literal = function(val) { return {_omg_literally: val}; }; + +// quick helper to reduce typing +exports.now = function() { return exports.literal('now()'); }; + +/** + * run a query, using a pooled connection, and return the result as a finished + * promise. + */ +exports.query = function(qry, query_data, options) { + options || (options = {}); + + var query_type = options.type; + var built = builder(qry, query_data); + var qry = built.query; + var vals = built.vals; + + log.debug('db: query: ', qry, vals); + + return new Promise(function(resolve, reject) { + pg.connect(connection, function(err, client, release) { + if(err) return reject(err); + client.query(qry, vals, function(err, result) { + release(); + if(err) return reject(err); + switch((query_type || result.command).toLowerCase()) + { + case 'select': resolve(result.rows); break; + default: resolve(result); break; + } + }); + }); + }); +}; + +/** + * wraps query(), pulls out the first record + */ +exports.first = function(qry, query_data, options) { + options || (options = {}); + return exports.query(qry, query_data, options) + .then(function(res) { return res[0]; }); +}; + +/** + * get an item by id + */ +exports.by_id = function(table, id, options) { + options || (options = {}); + var fields = options.fields || ['*']; + var qry_fields = fields.map(clean); + return exports.first('SELECT '+qry_fields.join(',')+' FROM '+clean(table)+' WHERE id = {{id}} LIMIT 1', {id: id}); +}; + +/** + * grab items from a table by id + */ +exports.by_ids = function(table, ids, options) { + options || (options = {}); + var fields = options.fields || ['*']; + var id_data = {}; + var qry_ids = []; + ids.forEach(function(id, i) { + id_data['--id-'+i] = id; + qry_ids.push('{{--id-'+i+'}}') + }); + var qry_fields = fields.map(clean); + return exports.query('SELECT '+qry_fields.join(',')+' FROM '+clean(table)+' WHERE id IN ( '+qry_ids.join(',')+' )', id_data); +}; + +/** + * build a (possibly bulk) insert query, given a data object OR an array of data + * objects lol + */ +var build_insert = function(table, data) { + if(!Array.isArray(data)) data = [data]; + + var keys = Object.keys(data[0]); + var qry_keys = keys.map(function(k) { return '"'+clean(k)+'"'; }); + var qry_vals = []; + data.forEach(function(_, rownum) { + qry_vals.push('('+keys.map(function(_, i) { return '{{--insert-val-row'+rownum+'-'+i+'}}'; })+')'); + }); + + var vals = {}; + data.forEach(function(row, rownum) { + keys.forEach(function(key, i) { + vals['--insert-val-row'+rownum+'-'+i] = row[key]; + }); + }); + var qry = 'INSERT INTO '+clean(table)+' ('+qry_keys.join(',')+') VALUES '+qry_vals.join(','); + return {query: qry, vals: vals}; +}; + +/** + * insert an object into the given table. if `data` is an array, will do a bulk + * insert and return ALL inserted data. if `data` is a plain old object, then it + * just does the one insert and returns just one data object. adaptive. smart. + * stylish. don't leave home without the insert function in your pocket. + */ +exports.insert = function(table, data) { + try { + var built = build_insert(table, data); + } catch(err) { + return Promise.reject(err); + } + var qry = built.query+' RETURNING '+clean(table)+'.*;'; + return exports.query(qry, built.vals, {type: 'select'}) + .then(function(res) { + if(Array.isArray(data)) return res; + else return res[0]; + }); +}; + +/** + * update an object in a table by id. + */ +exports.update = function(table, id, data) { + var qry_sets = Object.keys(data).map(function(key) { + return key+' = {{'+key+'}}'; + }); + qry_sets.push('updated = NOW()'); + var qry = 'UPDATE '+clean(table)+' SET '+qry_sets.join(', ')+' WHERE '+clean('id')+' = {{id}} RETURNING *'; + var copy = util.clone(data); + copy.id = id; + return exports.query(qry, copy, {type: 'select'}) + .then(function(res) { return res[0]; }); +}; + +/** + * does an upsert and returns the latest version of the object (whether inserted + * or updated). requires postgres >= 9.5. + * + * does not support bulk upserts. + */ +exports.upsert = function(table, data, key, options) { + options || (options = {}); + if(!data[key]) return Promise.reject(new Error('db: upsert: `key` field not present in `data`')); + if(Array.isArray(data)) return Promise.reject(new Error('db: upsert: `data` cannot be an array.')); + + var keys = Object.keys(data); + try + { + var built = build_insert(table, data, options); + } + catch(err) + { + return Promise.reject(err); + } + var qry = built.query; + var vals = built.vals; + + qry += ' ON CONFLICT ('+clean(key)+') '; + + // NOTE: AL: i'd rather not do a blanket update here if not needed, but pg + // only applies RETURNING when the data has changed + qry += 'DO UPDATE SET '; + qry += keys.map(function(col, i) { + var tplvar = '--upsert-var-'+i; + vals[tplvar] = data[col]; + return col+' = {{'+tplvar+'}}' + }).join(', '); + qry += ', updated = NOW()'; + qry += ' RETURNING '+clean(table)+'.*;'; + + return exports.query(qry, vals, {type: 'select'}) + .then(function(res) { + return res[0]; + }); +}; + +/** + * delete an object by id + */ +exports.delete = function(table, id) { + return exports.query('DELETE FROM '+clean(table)+' WHERE id = {{id}}', {id: id}); +}; + diff --git a/helpers/error.js b/helpers/error.js new file mode 100644 index 0000000..18ee562 --- /dev/null +++ b/helpers/error.js @@ -0,0 +1,17 @@ +var make_err_fn = function(status) { + return function(msg) { + var err = new Error(msg); + err.status = status; + return err; + }; +}; + +exports.bad_request = make_err_fn(400); +exports.unauthorized = make_err_fn(401); +exports.payment_required = make_err_fn(402); +exports.forbidden = make_err_fn(403); +exports.not_found = make_err_fn(404); +exports.conflict = make_err_fn(409); + +exports.internal = make_err_fn(500); + diff --git a/helpers/log.js b/helpers/log.js new file mode 100644 index 0000000..4f727f2 --- /dev/null +++ b/helpers/log.js @@ -0,0 +1,7 @@ +var winston = require('winston'); +var config = require('./config'); + +winston.exitOnError = false; +winston.level = config.loglevel; +module.exports = winston; + diff --git a/helpers/tres.js b/helpers/tres.js new file mode 100644 index 0000000..79d1560 --- /dev/null +++ b/helpers/tres.js @@ -0,0 +1,19 @@ +exports.send = function(res, data, options) { + options || (options = {}); + var status = options.status || 200; + var content = options.content_type || 'application/json'; + res.setHeader('Content-Type', content); + return res.status(status).send(JSON.stringify(data)); +}; + +exports.err = function(res, err, options) { + options || (options = {}); + var status = options.status || err.status || 500; + var content = options.content_type || 'application/json'; + res.setHeader('Content-Type', content); + var errobj = { + error: {message: err.message} + }; + return res.status(status).send(JSON.stringify(errobj)); +}; + diff --git a/helpers/util.js b/helpers/util.js new file mode 100644 index 0000000..c13871a --- /dev/null +++ b/helpers/util.js @@ -0,0 +1,19 @@ +/** + * Run a deep clone of any JSON-serializable object herrp + */ +exports.clone = function(data) { + return JSON.parse(JSON.stringify(data)); +}; + +/** + * Dedupe the values in an array + */ +exports.dedupe = function(arr) { + var seen = {}; + return arr.filter(function(item) { + if(seen[item]) return false; + seen[item] = true; + return true; + }); +}; + diff --git a/helpers/validator.js b/helpers/validator.js new file mode 100644 index 0000000..695c8ec --- /dev/null +++ b/helpers/validator.js @@ -0,0 +1,46 @@ +/** + * vlad the validator + */ + +var error = require('./error'); + +var mappings = {}; + +var types = { + client_id: function(d) { return d.toString().match(/^[a-f0-9]+$/i) }, + int: function(d) { return !!parseInt(d); }, + array: function(d) { return Array.isArray(d); }, + string: function(d) { return typeof(d) == 'string'; }, + object: function(d) { return typeof(d) == 'object' && !Array.isArray(d); }, + float: function(d) { return !!parseFloat(d); }, +}; +exports.type = types; + +exports.define = function(type, mapping) { + mappings[type] = mapping; +}; + +exports.validate = function(type, data) { + var mapping = mappings[type]; + if(!mapping) throw new error.internal('unknown validation type: `'+type+'`'); + Object.keys(mapping).forEach(function(map_key) { + var field = mapping[map_key]; + var val = data[map_key]; + // if required and missing, complain + if(field.required && val === undefined) { + throw new error.bad_request(type+' object failed validation: missing required field `'+map_key+'`'); + } + // if missing and not required, nothing to see here + if(val === undefined) return; + // if we have a type mismatch, complain + if(!field.type(val)) { + throw new error.bad_request(type+' object failed validation: field `'+map_key+'` is not the right type'); + } + }); + Object.keys(data).forEach(function(data_key) { + // remove data that's not in our schema + if(!mapping[data_key]) delete data[data_key]; + }); + return data; +}; + diff --git a/models/analytics.js b/models/analytics.js new file mode 100644 index 0000000..6c8a6f4 --- /dev/null +++ b/models/analytics.js @@ -0,0 +1,8 @@ +var log = require('../helpers/log'); +exports.track = function(user_id, action, data, options) { + data || (data = null); + options || (options = {}); + // TODO: implement tie-ins for analytics + log.debug('analytics.track() -- ', user_id, action, data); +}; + diff --git a/models/board.js b/models/board.js new file mode 100644 index 0000000..3227e5b --- /dev/null +++ b/models/board.js @@ -0,0 +1,144 @@ +var db = require('../helpers/db'); +var sync_model = require('./sync'); +var space_model = require('./space'); +var vlad = require('../helpers/validator'); + +vlad.define('board', { + id: {type: vlad.type.client_id, required: true}, + space_id: {type: vlad.type.client_id, required: true}, + user_id: {type: vlad.type.int, required: true}, + keys: {type: vlad.type.array}, + body: {type: vlad.type.string}, +}); + +sync_model.register('board', { + 'add': add, + 'edit': edit, + 'delete': del, + 'move-space': move_space, + 'link': link, +}); + +/** + * get a board's data by id + */ +var get_by_id = function(board_id) { + return db.by_id('boards', board_id) + .then(function(board) { return board.data; }); +}; + +exports.get_by_space_id = function(space_id) { + return db.query('SELECT data FROM boards WHERE space_id = {{space_id}}', {space_id: space_id}) + .then(function(boards) { + return boards.map(function(b) { return b.data; }); + }); +}; + +var add = function(user_id, data) { + data.user_id = user_id; + var data = vlad.validate('board', data); + var space_id = data.space_id; + return space_model.permissions_check(user_id, space_id, permissions.add_board) + .then(function(_) { + return db.insert('boards', {id: data.id, space_id: space_id, data: data}); + }) + .tap(function(board) { + return space_model.get_space_user_ids(space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'board', board.id, 'add'); + }) + .then(function(space_ids) { + board.sync_ids = sync_ids; + }); + }); +}; + +var edit = function(user_id, data) { + var data = vlad.validate('board', data); + return get_by_id(data.id) + .then(function(board_data) { + // preserve user_id/space_id + data.user_id = board_data.user_id; + data.space_id = board_data.space_id; + return space_model.permissions_check(user_id, old_space_id, permissions.edit_board) + }) + .then(function(_) { + return db.update('boards', data.id, {space_id: space_id, data: data}); + }) + .tap(function(board) { + return space_model.get_space_user_ids(old_space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'board', data.id, 'edit'); + }) + .then(function(sync_ids) { + board.sync_ids = sync_ids; + }); + }); +}; + +var move_space = function(user_id, data) { + var data = vlad.validate('board', data); + return get_by_id(data.id) + .then(function(board_data) { + var old_space_id = board_data.space_id; + var new_space_id = data.space_id; + // the jackass catcher + if(old_space_id == new_space_id) { + throw {skip: true, board: board_data}; + } + return Promise.all([ + board_data, + space_model.permissions_check(user_id, old_space_id, permissions.delete_board), + space_model.permissions_check(user_id, new_space_id, permissions.add_board), + ]); + }) + .spread(function(board_data) { + return Promise.all([ + board_data, + space_model.get_space_user_ids(old_space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'board', data.id, 'delete'); + }), + space_model.get_space_user_ids(new_space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'board', data.id, 'add'); + }), + ]); + }) + .spread(function(board_data, old_sync_ids, new_sync_ids) { + var sync_ids = old_sync_ids.concat(new_sync_ids); + board_data.sync_ids = sync_ids; + return board_data; + }) + .catch(function(err) { return err.skip === true; }, function(err) { + var board = err.board; + board.sync_ids = []; + return board; + }); +}; + +var del = function(user_id, board_id) { + var space_id = null; + return get_by_id(board_id) + .then(function(board_data) { + space_id = board_data.space_id; + return space_model.permissions_check(user_id, space_id, permissions.delete_board); + }) + .then(function() { + return db.delete('boards', board_id); + }) + .then(function() { + return space_model.get_space_user_ids(space_id) + .then(function(user_ids) { + return symc_model.add_record(user_ids, user_id, 'board', board_id, 'delete'); + }); + }); +}; + +var link = function(ids) { + return db.by_ids('boards', ids, {fields: ['data']}) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + diff --git a/models/errlog.js b/models/errlog.js new file mode 100644 index 0000000..e69de29 diff --git a/models/feedback.js b/models/feedback.js new file mode 100644 index 0000000..e69de29 diff --git a/models/file.js b/models/file.js new file mode 100644 index 0000000..e69de29 diff --git a/models/invite.js b/models/invite.js new file mode 100644 index 0000000..433de71 --- /dev/null +++ b/models/invite.js @@ -0,0 +1,27 @@ +var db = require('../helpers/db'); +var sync_model = require('./sync'); + +sync_model.register('invite', { + link: link, + clean: clean, +}); + +exports.get_by_space_id = function(space_id) { + return db.query('SELECT data FROM invites WHERE space_id = {{space_id}}', {space_id: space_id}) + .then(function(invites) { + return invites.map(function(i) { return i.data; }); + }); +}; + +var link = function(ids) { + return db.by_ids('invites', ids, {fields: ['data']}) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + +var clean = function(item) { + delete item.token_server; + return item; +}; + diff --git a/models/keychain.js b/models/keychain.js new file mode 100644 index 0000000..1b4a0fa --- /dev/null +++ b/models/keychain.js @@ -0,0 +1,26 @@ +var db = require('../helpers/db'); +var sync_model = require('./sync'); + +sync_model.register('keychain', { + add: add, + edit: edit, + delete: del, + link: link, +}); + +var add = function(user_id, data) { +}; + +var edit = function(user_id, data) { +}; + +var del = function(user_id, keychain_id) { +}; + +var link = function(ids) { + return db.by_ids('keychain', ids, {fields: ['data']}) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + diff --git a/models/note.js b/models/note.js new file mode 100644 index 0000000..fa50fe1 --- /dev/null +++ b/models/note.js @@ -0,0 +1,41 @@ +var db = require('../helpers/db'); +var sync_model = require('./sync'); + +sync_model.register('note', { + add: add, + edit: edit, + delete: del, + link: link, +}); + +sync_model.register('file', { + delete: delete_note_file, + link: link, +}); + +exports.get_by_space_id = function(space_id) { + return db.query('SELECT data FROM notes WHERE space_id = {{space_id}}', {space_id: space_id}) + .then(function(notes) { + return notes.map(function(n) { return n.data; }); + }); +}; + +var add = function(user_id, data) { +}; + +var edit = function(user_id, data) { +}; + +var del = function(user_id, note_id) { +}; + +var delete_note_file = function(user_id, note_id) { +}; + +var link = function(ids) { + return db.by_ids('notes', ids, {fields: ['data']}) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + diff --git a/models/space.js b/models/space.js new file mode 100644 index 0000000..69dc338 --- /dev/null +++ b/models/space.js @@ -0,0 +1,260 @@ +var db = require('../helpers/db'); +var Promise = require('bluebird'); +var sync_model = require('./sync'); +var vlad = require('../helpers/validator'); +var error = require('../helpers/error'); + +vlad.define('space', { + id: {type: vlad.type.client_id, required: true}, + user_id: {type: vlad.type.int, required: true}, + keys: {type: vlad.type.array}, + body: {type: vlad.type.string}, +}); + +sync_model.register('space', { + add: add, + edit: edit, + delete: del, + link: link, +}); + +// our roles +var roles = { + owner: 'owner', + admin: 'admin', + moderator: 'moderator', + member: 'member', + guest: 'guest', +}; +// permissions enum for actions allowed inside of a space +var permissions = { + // spaces + edit_space: 'edit-space', + delete_space: 'delete-space', + set_space_owner: 'set-space-owner', + add_space_invite: 'add-space-invite', + delete_space_invite: 'delete-space-invite', + + // boards + add_board: 'add-board', + edit_board: 'edit-board', + delete_board: 'delete-board', + + // notes + add_note: 'add-note', + edit_note: 'edit-note', + delete_note: 'delete-note', +}; +// make a catch-all admin role that has all but a few permissions +var admin_role = Object.keys(permissions).map(function(key) { + // some space actions are above admins + if(['set_space_owner', 'delete_space'].indexOf(key) >= 0) return; + return permissions[key]; +}); +// assign individual permissions for each role +var role_permissions = { + owner: admin_role.concat([ + permissions.set_space_owner, + permissions.delete_space, + ]), + admin: admin_role, + moderator: [ + permissions.add_board, + permissions.edit_board, + permissions.delete_board, + permissions.add_note, + permissions.edit_note, + permissions.delete_note, + ], + member: [ + permissions.add_note, + permissions.edit_note, + permissions.delete_note, + ], + guest: [], // haha read only suckerrrrAHAHAAHGGGGGGGGRRRRRGRYTHADJK; +}; +exports.permissions = permissions; +exports.roles = roles; + +/** + * make sure the given user has the ability to perform the given action. + */ +exports.permissions_check = function(user_id, space_id, permission) { + return get_space_user_record(user_id, space_id) + .then(function(space_user) { + if(!space_user) throw error.forbidden('you don\'t have access to space '+space_id); + var role = space_user.role; + var permissions = role_permissions[role]; + if(permissions.indexOf(permission) >= 0) return true; + throw error.forbidden('you don\'t have `'+permission+'` permissions on space '+space_id); + }); +}; + +/** + * populates member data for a set of spaces + */ +var populate_members = function(spaces) { + if(spaces.length == 0) return Promise.resolve(spaces); + var space_ids = spaces.map(function(s) { return s.id; }); + return db.query('SELECT * FROM spaces_users WHERE space_id IN ({{space_ids}})', {space_ids: db.literal(space_ids.join(','))}) + .then(function(space_users) { + var space_idx = {}; + spaces.forEach(function(space) { space_idx[space.id] = space; }); + space_users.forEach(function(user) { + var space = space_idx[user.space_id]; + if(!space) return; + if(!space.data) space.data = {}; + if(!space.data.members) space.data.members = []; + space.data.members.push(user); + }); + return spaces; + }); +}; + +/** + * grab a space by id + */ +var get_by_id = function(space_id) { + return db.by_id('spaces', space_id) + .then(function(space) { return space.data; }); +}; + +/** + * given a space id, pull out all user_ids accociated with the spaces. + * + * this is GREAT for generating sync records for boards/notes/invites + */ +exports.get_space_user_ids = function(space_id) { + return db.query('SELECT user_id FROM spaces_users WHERE space_id = {{space_id}}') + .then(function(res) { + return res.map(function(rec) { return rec.user_id; }); + }); +}; + +/** + * get all spaces attached to a user + */ +exports.get_by_user_id = function(user_id) { + var qry = [ + 'SELECT', + ' s.*', + 'FROM', + ' spaces s,', + ' spaces_users su', + 'WHERE', + ' s.id = su.space_id AND', + ' su.user_id = {{uid}}', + ].join('\n'); + return db.query(qry, {uid: user_id}) + .then(populate_members); +}; + +/** + * get a space <--> user link record (which includes the space-user permissions) + */ +var get_space_user_record = function(user_id, space_id) { + var qry = 'SELECT * FROM spaces_users WHERE space_id = {{space_id}} AND user_id = {{user_id}}'; + return db.first(qry, {space_id: space_id, user_id: user_id}); +}; + +/** + * get the data tree for a space (all the boards/notes/invites contained in it). + */ +exports.get_data_tree = function(space_id) { + return Promise.all([ + get_by_id(space_id), + board_model.get_by_space_id(space_id), + note_model.get_by_space_id(space_id), + invite_model.get_by_space_id(space_id), + ]) +}; + +/** + * get the spaces a user admins, optionally spaces that the user is the only + * admin of + */ +exports.get_users_owned_spaces = function(user_id, options) { + options || (options = {}); + var sole_owner = options.sole_owner; + + return exports.get_by_user_id(user_id) + .then(function(spaces) { + return spaces + .filter(function(space) { + var i_am_admin = false; + var number_of_admins = 0; + (space.members || []).forEach(function(member) { + var roles = (member.data || {}).roles || []; + if(roles.indexOf('admin') >= 0) + { + number_of_admins++; + if(member.user_id == user_id) i_am_admin = true; + } + }); + if(sole_owner) return i_am_admin && number_of_admins == 1; + else return i_am_admin; + }); + }); +}; + +var add = function(user_id, data) { + data.user_id = user_id; + var data = vlad.validate('space', data); + return db.insert('spaces', {id: data.id, data: data}) + .tap(function(space) { + return db.insert('spaces_users', {space_id: space.id, user_id: user_id, permissions: roles.owner}); + }) + .tap(function(space) { + return sync_model.add_record([user_id], user_id, 'space', space.id, 'add') + .then(function(sync_ids) { + space.sync_ids = sync_ids; + }); + }); +}; + +var edit = function(user_id, data) { + var space_id = data.id; + var data = vlad.validate('space', data); + return exports.permissions_check(user_id, space_id, permissions.edit_space) + .then(function(_) { + return get_by_id(space_id) + .then(function(space_data) { + // preserve user_id + data.user_id = space_data.user_id; + return db.update('spaces', space_id, {data: data}); + }); + }) + .tap(function(space) { + return exports.get_space_user_ids(space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'space', space_id, 'edit') + }) + .then(function(sync_ids) { + space.sync_ids = sync_ids; + }); + }); +}; + +var del = function(user_id, space_id) { + return exports.permissions_check(user_id, space_id, permissions.delete_space) + .then(function(_) { + return db.delete('spaces', space_id); + }) + .then(function(_) { + return exports.get_space_user_ids(space_id) + .then(function(user_ids) { + return sync_model.add_record(user_ids, user_id, 'space', space_id, 'edit') + }); + }); +}; + +var link = function(ids) { + return db.by_ids('spaces', ids, {fields: ['data']}) + .then(function(spaces) { + return populate_members(spaces); + }) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + diff --git a/models/sync.js b/models/sync.js new file mode 100644 index 0000000..23802c4 --- /dev/null +++ b/models/sync.js @@ -0,0 +1,320 @@ +var Promise = require('bluebird'); +var db = require('../helpers/db'); +var error = require('../helpers/error'); +var analytics = require('./analytics'); +var util = require('../helpers/util'); + +// holds our sync mappings. models will register themselves to the sync system +// via the `register()` call +var process_sync_map = {}; + +/** + * Register a model with the sync system (used mainly for + * process_incoming_sync()) + */ +exports.register = function(type, syncs) { + process_sync_map[type] = syncs; +}; + +// ----------------------------------------------------------------------------- +// NOTE: i'd normally put this with the other imports at the top, but we *need* +// to define `sync.register()` before loading the space model. +// ----------------------------------------------------------------------------- +var space_model = require('./space'); + +/** + * Make a sync record. + */ +var make_sync_record = function(user_id, item_type, item_id, action) { + return { + user_id: user_id, + type: item_type, + item_id: item_id, + action: action, + }; +}; + +/** + * Given an item that can be synced, convert it into a sync record. + */ +var convert_to_sync = function(item, type, action) { + var sync = make_sync_record(item.user_id, type, item.id, action); + if(action == 'delete') { + sync.data = {id: item.id, deleted: true}; + } else { + sync.data = item; + } + return sync; +}; + +/** + * inserts a sync record and attaches it to the given space_ids. this is how + * various clients share data with each other. + */ +exports.add_record = function(affected_user_ids, creator_user_id, type, object_id, action) { + affected_user_ids = util.dedupe(affected_user_ids); + var sync_rec = make_sync_record(creator_user_id, type, object_id, action); + return db.insert('sync', sync_rec) + .tap(function(sync) { + return db.insert(affected_user_ids.map(function(user_id) { + return {sync_id: sync.id, user_id: user_id}; + })); + }) + .then(function(sync) { + return [sync_id]; + }); +}; + +/** + * takes a set of sync records and a set of items (presumably pulled out from + * said sync records) and matches them together. destructive on sync_records. + */ +var populate_sync_records_with_items = function(sync_records, items) { + var item_index = {}; + items.forEach(function(item) { item_index[item.id] = item; }); + sync_records.forEach(function(sync) { + var item = item_index[sync.item_id]; + if(item) { + sync.data = item.data; + } else { + sync.data = {missing: true}; + } + }); + return sync_records; +}; + +/** + * Given a collection of sync records, link in their corresponding data for each + * item type. For instance, if we have: + * { + * id: 1234, + * item_id: '6969', + * type: 'note', + * action: 'add' + * } + * when done, we'll have: + * { + * id: 1234, + * item_id: '6969', + * type: 'note', + * action: 'add' + * data: {id: '6969', body: 'abcd==', ...} + * } + * Note that we pulled out the actual note related to this sync record. Wicked. + */ +var link_sync_records = function(sync_records) { + var mapped = {}; + var deleted = []; + var present = []; + // split our sync records between deleted and non-deleted. deleted records + // require no real processing/linking and can just be shoved in at the end + // of the entire process (just before sorting everything). + sync_records.forEach(function(sync) { + if(sync.action == 'delete') { + sync.data = {id: sync.item_id, deleted: true}; + deleted.push(sync); + } else { + present.push(sync); + } + }); + // group our present sync records by sync.type + present.forEach(function(sync) { + var type = sync.type; + if(!mapped[type]) mapped[type] = []; + mapped[type].push(sync); + }); + var promises = []; + Object.keys(mapped).forEach(function(type) { + if(!process_sync_map[type]) { + throw error.bad_request('Missing sync handler for type `'+type+'`'); + } + var sync_type_handler = process_sync_map[type]; + var link = sync_type_handler[type].link; + if(!link) { + throw error.bad_request('Missing sync handler for type `'+type+'.link`'); + } + var sync_records = mapped[type]; + if(sync_records.length == 0) { + var promise = Promise.resolve([]); + } else { + var promise = link(sync_records.map(function(s) { return s.item_id; })) + .then(function(items) { + return populate_sync_records_with_items(sync_records, items); + }); + } + promises.push(promise); + }); + return Promise.all(promises) + .then(function(grouped_syncs) { + var ungrouped = deleted; + var latest_sync_id = 0; + grouped_syncs.forEach(function(sync_records) { + sync_records.forEach(function(sync) { + if(sync.id > latest_sync_id) latest_sync_id = sync.id; + ungrouped.push(sync); + }); + }); + return [ + ungrouped.sort(function(a, b) { return a.id - b.id; }), + latest_sync_id, + ]; + }); +}; + +/** + * Removes any private data from sync records (like invite server tokens, for + * instance) + */ +var clean_sync_records = function(sync_records) { + return sync_records.map(function(sync) { + if(!process_sync_map[sync.type] || !process_sync_map[sync.type].clean) return; + sync.data = process_sync_map[sync.type].clean(sync.data); + return sync; + }); +}; + +/** + * Given space sync records with action "(un)share", replace the share sync + * record(s) with full data from that space (boards/notes). + * + * note that if a space is unshared, we explicitely send back "delete" sync + * items for EACH member of the space (boards/notes/invites) individually. + */ +var populate_shares = function(sync_records) { + var populated = []; + return Promise.each(sync_records, function(sync) { + if(sync.type == 'space' && ['share', 'unshare'].indexOf(sync.action) >= 0) { + // get all boards/notes from this space + var action = sync.action == 'share' ? 'add' : 'delete'; + return space_model.get_data_tree(sync.item_id) + .spread(function(space, boards, notes, invites) { + populated.push(convert_to_sync(space, 'space', action)); + boards.forEach(function(item) { + var sync = convert_to_sync(item, 'board', action); + populated.push(sync); + }); + notes.forEach(function(item) { + var sync = convert_to_sync(item, 'note', action); + populated.push(sync); + }); + invites.forEach(function(item) { + var sync = convert_to_sync(item, 'invite', action); + populated.push(sync); + }); + }); + } else { + populated.push(sync); + } + }).then(function() { return populated; }); +}; + +/** + * Grab all the sync records for a user id AFTER the given sync id. + */ +exports.sync_from = function(user_id, from_sync_id) { + var qry = [ + 'SELECT', + ' s.*', + 'FROM', + ' sync s, sync_users su', + 'WHERE', + ' s.id = su.sync_id AND', + ' su.user_id = {{user_id}}', + ' s.id > {{sync_id}}', + 'ORDER BY', + ' s.id ASC', + ].join('\n'); + return db.query(qry, {user_id: user_id, sync_id: sync_id}) + .then(function(sync_records) { + return link_sync_records(sync_records); + }) + .spread(function(sync_records, latest_sync_id) { + return populate_shares(sync_records) + .then(function(sync_records) { + return clean_sync_records(sync_records); + }) + .then(function(sync_records) { + return [ + sync_records, + latest_sync_id, + ]; + }); + }); +}; + +/** + * Processes a sync item using the sync handlers that have registered themselves + * with the sync system. Returns the final item added/edited/deleted/etced. + */ +var process_incoming_sync = function(user_id, sync) { + var allowed_actions = ['add', 'edit', 'delete']; + var item = sync.data; + if(allowed_actions.indexOf(sync.action) < 0) { + return Promise.reject(error.bad_request('bad sync action (`'+sync.action+'`), must be one of '+allowed_actions.join(', '))); + } + + if(!process_sync_map[sync.type]) { + return Promise.reject(error.bad_request('Missing sync handler for type `'+sync.type+'`')); + } + var sync_type_handler = process_sync_map[sync.type]; + if(!sync_type_handler[sync.action]) { + var allowed_actions = Object.keys(sync_type_handler).join(', '); + return Promise.reject(error.bad_request('Missing sync handler for type `'+sync.type+'.'+sync.action+'` (allowed actions for '+sync.type+': ['+allowed_actions+'])')); + } + var handler = sync_type_handler[sync.action]; + if(sync.action == 'delete' && !sync_type_handler.skip_standard_delete) { + var promise = handler(user_id, item.id); + } else { + var promise = handler(user_id, sync.data); + } + return promise + .then(function(item_data) { + if(sync.action == 'delete' && !sync_type_handler.skip_standard_delete) { + // return a standard "delete" item (unless the handler says + // otherwise) + return {id: sync.data.id, sync_ids: item_data}; + } + return item_data; + }); +}; + +/** + * Given a user_id and a set of incoming sync records, apply the records to the + * user's profile. + */ +exports.bulk_sync = function(user_id, sync_records) { + // assign each sync item a unique id so we can track successes vs failures + sync_records.forEach(function(sync, i) { sync._id = i + 1; }); + var success_idx = {}; + + var successes = []; + var fail_err = null; + return Promise.each(sync_records, function(sync) { + return process_incoming_sync(user_id, sync) + .tap(function(item) { + var sync_ids = item.sync_ids; + delete item.sync_ids; + successes.push({ + type: sync.type, + action: sync.action, + sync_ids: sync_ids, + data: item, + }); + success_idx[sync._id] = true; + return analytics.track(user_id, sync.type+'-'+sync.action); + }); + }).catch(function(err) { + fail_err = err; + }).then(function() { + return { + // return all successful syncs + success: successes, + // return all failed syncs + failures: sync_records.filter(function(sync) { + return !success_idx[sync._id]; + }), + error: fail_err, + }; + }); +}; + diff --git a/models/user.js b/models/user.js new file mode 100644 index 0000000..60ab31f --- /dev/null +++ b/models/user.js @@ -0,0 +1,112 @@ +var db = require('../helpers/db'); +var config = require('../helpers/config'); +var Promise = require('bluebird'); +var error = require('../helpers/error'); +var crypto = require('crypto'); +var sync_model = require('./sync'); +var space_model = require('./space'); +var board_model = require('./board'); +var note_model = require('./note'); +var invite_model = require('./invite'); + +sync_model.register('user', { + edit: edit, + link: link, +}); + +/** + * does a pbkdf2 on our private data using the app's SECRET hash + */ +var secure_hash = function(privatedata, options) { + options || (options = {}); + var iter = options.iter || 100000; + var output = options.output || 'hex'; + + var res = crypto.pbkdf2Sync(privatedata, config.app.secure_hash_salt, iter, 128, 'sha256'); + return res.toString(output); +}; + +/** + * who needs constant-time comparisons when you can just double-hmac? + */ +var secure_compare = function(secret1, secret2) { + var now = new Date().getTime(); + var hmac1 = crypto.createHmac('sha256', now+'|'+config.app.secure_hash_salt).update(secret1).digest('base64'); + var hmac2 = crypto.createHmac('sha256', now+'|'+config.app.secure_hash_salt).update(secret2).digest('base64'); + return hmac1 == hmac2; +}; + +var clean_user = function(user) { + delete user.auth; + return user; +}; + +exports.check_auth = function(authinfo) { + if(!authinfo) return Promise.reject(error.forbidden('bad login')); + var base64_auth = authinfo.replace(/^Basic */, ''); + var parsed = new Buffer(base64_auth, 'base64').toString("ascii"); + var auth_parts = parsed.split(':'); + var username = auth_parts[0]; + var auth = auth_parts[1]; + + return db.first('SELECT * FROM users WHERE username = {{username}}', {username: username}) + .then(function(user) { + if(!user) throw error.forbidden('bad login'); + if(!secure_compare(user.auth, secure_hash(auth, {output: 'base64', iter: 2}))) throw error.forbidden('bad login'); + return clean_user(user); + }); +}; + +exports.join = function(userdata) { + if(!userdata.auth) return Promise.reject(error.bad_request('missing `auth` key')); + if(!userdata.username) return Promise.reject(error.bad_request('missing `username` key (should be a valid email)')); + + // check existing username + return db.first('SELECT id FROM users WHERE username = {{username}} LIMIT 1', {username: userdata.username}) + .then(function(existing) { + if(existing) throw error.forbidden('the username "'+userdata.username+'" already exists'); + // two iterations. yes, two. if someone gets the database, they + // won't be able to crack the real auth key out of it since it's + // just a binary blob anyway, meaning this step only exists to keep + // them from being able to impersonate the user (not to hide the + // secret it holds, since there IS no secret...even if they cracked + // the auth data, they'd have to have the user's key to decrypt it). + var auth = secure_hash(userdata.auth, {output: 'base64', iter: 2}); + return db.insert('users', { + username: userdata.username, + auth: auth, + data: db.json(userdata.data), + storage_mb: 100 + }); + }) + .then(clean_user); +}; + +exports.delete = function(cur_user_id, user_id) { + if(cur_user_id != user_id) return Promise.reject(error.forbidden('you cannot delete an account you don\'t own')); + + return space_model.get_users_owned_spaces(user_id, {sole_owner: true}) + .then(function(my_spaces) { + // TODO + throw new Error('unimplemented'); + }); +}; + +var edit = function(user_id, data) { + if(user_id != data.id) return Promise.reject(error.forbidden('you cannot edit someone else\'s user record. shame shame.')); + return db.update('users', user_id, {data: data}) + .tap(function(user) { + return sync_model.add_record([], user_id, 'user', user_id, 'edit') + .then(function(sync_ids) { + user.sync_ids = sync_ids; + }); + }); +}; + +var link = function(ids) { + return db.by_ids('users', ids, {fields: ['data']}) + .then(function(items) { + return items.map(function(i) { return i.data;}); + }); +}; + diff --git a/package.json b/package.json new file mode 100644 index 0000000..71e4ece --- /dev/null +++ b/package.json @@ -0,0 +1,19 @@ +{ + "name": "turtl-server", + "version": "0.1.0", + "description": "Turtl's (Node-based) API", + "author": "Andrew Lyon", + "license": "AGPL-3.0", + "repository": "https://github.com/turtl/server", + "main": "server.js", + "dependencies": { + "bluebird": "^3.4.7", + "body-parser": "^1.15.2", + "express": "^4.14.0", + "js-yaml": "^3.7.0", + "method-override": "^2.3.7", + "morgan": "^1.7.0", + "pg": "^6.1.2", + "winston": "^2.3.0" + } +} diff --git a/server.js b/server.js new file mode 100644 index 0000000..4013c25 --- /dev/null +++ b/server.js @@ -0,0 +1,46 @@ +var express = require('express'); +var morgan = require('morgan'); +var body_parser = require('body-parser'); +var method_override = require('method-override'); +var log = require('./helpers/log'); +var tres = require('./helpers/tres'); +var turtl_auth = require('./helpers/auth'); +var config = require('./helpers/config'); +var error = require('./helpers/error'); + +var app = express(); +app.disable('etag'); +app.use(method_override('_method')); +app.use(turtl_auth); +app.use(body_parser.json({strict: false, limit: '24mb'})); +app.use(body_parser.urlencoded({extended: false, limit: '24mb'})); +app.use(morgan(':remote-addr ":method :url" :status :res[content-length]', { + stream: { write: function(message, _enc) { log.info(message.slice(0, -1)); } } +})); +// cors +app.all('*', function(req, res, next) { + res.header('Access-Control-Allow-Origin', '*'); + res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,PATCH,OPTIONS'); + res.header('Access-Control-Allow-Headers', 'Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since'); + next(); +}); + +// welcome route +app.get('/', function(req, res) { + tres.send(res, {greeting: "turtl is a good app. it's the best app. a lot of people, well respected people, are saying it's the best app. what does it do? i don't know exactly...i have people that handle this sort of thing for me, but trust me you're going to love this app.", welcome: true}); +}); + +['users', 'sync', 'spaces', 'files', 'feedback', 'errlog'] + .forEach(function(con) { + var con = require('./controllers/'+con); + con.route(app); + }); + +// catch all +app.use(function(res, res, next) { + tres.err(res, error.not_found('resource not found')); +}); + +app.listen(config.server.port); +log.info('Listening for turtls on port '+config.server.port+'...!'); + diff --git a/tools/create-db-schema.js b/tools/create-db-schema.js new file mode 100644 index 0000000..dc303c6 --- /dev/null +++ b/tools/create-db-schema.js @@ -0,0 +1,184 @@ +var db = require('../helpers/db'); +var config = require('../helpers/config'); +var Promise = require('bluebird'); + +var schema_version = 1; + +var run_upgrade = function(from_version, to_version) { + // TODO? +}; + +var schema = []; +var builder = { + type: { + pk_int: 'serial primary key', + pk: 'varchar(96) primary key', + id_int: 'integer', + id: 'varchar(96)', + int: 'integer', + json: 'jsonb', + date: 'timestamp', + varchar: function(chars) { return 'varchar('+chars+')'; }, + bool: 'boolean', + smallint: 'smallint', + }, + not_null: function(type) { return type+' not null'; }, + + table: function(table_name, options) { + var fields = options.fields; + var indexes = options.indexes; + + fields.created = builder.type.date+' default CURRENT_TIMESTAMP'; + fields.updated = builder.type.date+' default CURRENT_TIMESTAMP'; + schema.push([ + 'create table if not exists '+table_name+' (', + Object.keys(fields).map(function(name) { return name+' '+fields[name]; }), + ')', + ].join(' ')); + if(indexes && indexes.length) { + indexes.forEach(function(index) { + var name = index.name || index.fields.join('_'); + schema.push([ + 'create index if not exists '+table_name+'_'+name+' on '+table_name+' (', + index.fields.join(','), + ')', + ].join(' ')); + }); + } + }, +}; + +var ty = builder.type; + +builder.table('app', { + fields: { + id: ty.pk, + val: ty.varchar(256), + }, +}); + +builder.table('boards', { + fields: { + id: ty.pk, + space_id: ty.id, + data: ty.json, + }, + indexes: [ + {name: 'space_id', fields: ['space_id']} + ], +}); + +builder.table('spaces_invites', { + fields: { + id: ty.pk, + space_id: ty.id, + from_user_id: ty.id_int, + to_user: ty.varchar(256), + data: ty.json, + }, + indexes: [ + {name: 'from_user_id', fields: ['from_user_id']}, + {name: 'to_user', fields: ['to_user']}, + ], +}); + +builder.table('keychain', { + fields: { + id: ty.pk, + user_id: ty.id_int, + data: ty.json, + }, + indexes: [ + {name: 'user_id', fields: ['user_id']}, + ], +}); + +builder.table('notes', { + fields: { + id: ty.pk, + space_id: ty.id, + data: ty.json + }, + indexes: [ + {name: 'space_id', fields: ['space_id']} + ], +}); + +builder.table('spaces', { + fields: { + id: ty.pk, + data: ty.json, + }, +}); + +builder.table('spaces_users', { + fields: { + id: ty.pk_int, + space_id: ty.id, + user_id: ty.id_int, + role: ty.varchar(24), + }, + indexes: [ + {name: 'user_id', fields: ['user_id']}, + ], +}); + +builder.table('sync', { + fields: { + id: ty.pk_int, + item_id: ty.id, + type: ty.varchar(24), + user_id: ty.id_int, + }, +}); + +builder.table('sync_users', { + fields: { + id: ty.pk_int, + sync_id: ty.id_int, + user_id: ty.id, + }, + indexes: [ + {name: 'user_id', fields: ['user_id']}, + ], +}); + +builder.table('users', { + fields: { + id: ty.pk_int, + username: builder.not_null(ty.varchar(64)), + auth: ty.varchar(256), + data: ty.json, + storage_mb: ty.int, + }, + indexes: [ + // NOTE: no `auth` index...pull out by username, do double-hmac compare on auth + {name: 'username', fields: ['username'], unique: true}, + ], +}); + +function run() +{ + console.log('- running DB schema'); + return Promise.each(schema, function(qry) { return db.query(qry); }) + .then(function() { + return db.by_id('app', 'schema-version'); + }) + .then(function(schema_ver) { + if(!schema_ver) { + // no record? just insert it with the current version. + return db.insert('app', {id: 'schema-version', val: schema_version}); + } else if(parseInt(schema_ver.val) < schema_version) { + // run an upgrayyyyd + var from = parseInt(schema_ver.val); + var to = schema_version; + return run_upgrade(from, to); + } + }) + .then(function() { console.log('- done'); }) + .catch(function(err) { console.error(err, err.stack); }) + .finally(function() { setTimeout(process.exit, 100); }); +} + +run(); +