forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdataExport.js
77 lines (72 loc) · 2.64 KB
/
dataExport.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/*
* Copyright (c) 2014-2020 Bjoern Kimminich.
* SPDX-License-Identifier: MIT
*/
const utils = require('../lib/utils')
const insecurity = require('../lib/insecurity')
const db = require('../data/mongodb')
const challenges = require('../data/datacache').challenges
const models = require('../models/index')
module.exports = function dataExport () {
return async (req, res, next) => {
const loggedInUser = insecurity.authenticatedUsers.get(req.headers.authorization.replace('Bearer ', ''))
if (loggedInUser && loggedInUser.data && loggedInUser.data.email && loggedInUser.data.id) {
const username = loggedInUser.data.username
const email = loggedInUser.data.email
const updatedEmail = email.replace(/[aeiou]/gi, '*')
const userData = {
username,
email,
orders: [],
reviews: [],
memories: []
}
const memories = await models.Memory.findAll({ where: { UserId: req.body.UserId } })
memories.map(memory => {
userData.memories.push({
imageUrl: req.protocol + '://' + req.get('host') + '/' + memory.imagePath,
caption: memory.caption
})
})
db.orders.find({ email: updatedEmail }).then(orders => {
if (orders.length > 0) {
orders.map(order => {
userData.orders.push({
orderId: order.orderId,
totalPrice: order.totalPrice,
products: [...order.products],
bonus: order.bonus,
eta: order.eta
})
})
}
db.reviews.find({ author: email }).then(reviews => {
if (reviews.length > 0) {
reviews.map(review => {
userData.reviews.push({
message: review.message,
author: review.author,
productId: review.product,
likesCount: review.likesCount,
likedBy: review.likedBy
})
})
}
const emailHash = insecurity.hash(email).slice(0, 4)
for (const order of userData.orders) {
utils.solveIf(challenges.dataExportChallenge, () => { return order.orderId.split('-')[0] !== emailHash })
}
res.status(200).send({ userData: JSON.stringify(userData, null, 2), confirmation: 'Your data export will open in a new Browser window.' })
},
() => {
next(new Error(`Error retrieving reviews for ${updatedEmail}`))
})
},
() => {
next(new Error(`Error retrieving orders for ${updatedEmail}`))
})
} else {
next(new Error('Blocked illegal activity by ' + req.connection.remoteAddress))
}
}
}