shell bypass 403
const express = require('express');
const router = express.Router();
// const fs = require("fs");
// const path = require("path");
const Certificate = require('../../schema/Certificate')
const User = require('../../schema/User')
const sendMail = require('../email/sendMail')
// const multer = require("multer");
// const { convertWordFiles } = require('convert-multiple-files-ul');
function capitalizeWords(str) {
if (typeof str !== 'string') {
return '';
}
return str.replace(/\b\w/g, function (char) {
return char.toUpperCase();
});
}
router.post('/', async (req, res) => {
try {
const { email, ballz_type, recname, anonymousname, reason, reasonother } = req.body
// return console.log(req.body)
// const { recname, anonymousname, email, ballz_type, reason } = req.body
const userData = await User.findOne({ email })
const user = await User.findById(req.user.id);
let senderName;
// if (!userData) {
// return res.redirect('/send-now?error=User for this Email Not Found...!')
// }
// if (anonymousname) {
// } else {
// senderName = `${capitalizeWords(user.firstName)} ${capitalizeWords(user.lastName)}`
// }
senderName = capitalizeWords(anonymousname)
let certReason;
if (reasonother) {
certReason = reasonother
} else {
certReason = reason
}
const pdfUrl = ""
certificate = await Certificate.create({ name: recname, sender: user.id, receiver: userData?._id, ballz_type, pdfUrl, reason: certReason, senderName, recipentemail: email })
res.redirect('/certificate/' + certificate._id)
} catch (err) {
console.log(err.message)
res.redirect('/send-now?error=' + err.message)
}
})
router.post('/edit-certificate', async (req, res) => {
const { id, email, ballz_type, recname, anonymousname, reason, reasonother } = req.body
try {
const userData = await User.findOne({ email })
const certificate = await Certificate.findById(id);
// if (!userData) {
// return res.redirect('/send-now?error=User for this Email Not Found...!')
// }
// if (anonymousname) {
// senderName = capitalizeWords(anonymousname)
// } else {
// senderName = `${capitalizeWords(userData.firstName)} ${capitalizeWords(userData.lastName)}`
// }
senderName = capitalizeWords(anonymousname)
certificate.name = recname
certificate.senderName = senderName
certificate.receiver = userData?._id
certificate.paid = false
certificate.ballz_type = ballz_type
certificate.recipentemail = email
certificate.createdAt = Date.now()
if (reasonother) {
certificate.reason = reasonother
} else {
certificate.reason = reason
}
await certificate.save()
res.redirect('/certificate/' + certificate._id)
} catch (err) {
console.log(err.message)
res.redirect('/certificate/' + id + '?error=' + err.message)
}
})
router.get('/download-certificate/:id', async (req, res) => {
try {
const user = await User.findById(req.user.id);
const certificate = await Certificate.findById(req.params.id)
if (certificate) {
if (!certificate.paid) {
if (user.credits == 0) {
return res.redirect(`/send-now?error=You don't have enough credits...!`)
}
user.credits -= 1
certificate.paid = true;
}
await user.save()
await certificate.save()
res.status(200).json({ message: "Your Certificate is Downloading..." });
} else {
res.status(404).json({ message: "Certificate Not Found..." });
}
} catch (err) {
console.log(err.message)
res.redirect('/send-now?error=' + err.message)
}
})
router.post('/delete', async (req, res) => {
try {
const user = req.user
if (user) {
const { id } = req.body
certificate = await Certificate.findByIdAndDelete(id)
return res.status(200).redirect(`/send-now?message=Certificate Deleted from Draft...`)
}
return res.status(403).json({ message: `Login to Delete Certificate...` })
} catch (err) {
console.log(err.message)
res.status(500).json({ message: err.message })
}
})
router.post('/send-certificate/:id', async (req, res) => {
try {
const id = req.params.id
const sender = await User.findById(req.user.id)
const certificate = await Certificate.findById(id);
if (!certificate.paid) {
if (sender.credits < 1) {
return res.redirect(`/send-now?error=You don't have enough credits...!`)
}
sender.credits -= 1
certificate.paid = true;
}
let tempName;
if(certificate.senderName == 'Someone'){
tempName = 'An anonymous friend'
}else{
tempName = certificate.senderName
}
const email = req.body[0].email
const to = email
const subject = `re: You've received a Certificate of Achievement`
const html = `<table role="presentation"
style="width: 100%; border-collapse: collapse; border: 0px; border-spacing: 0px; font-family: Arial, Helvetica, sans-serif; background-color: rgb(239, 239, 239);">
<tbody>
<tr>
<td align="center" style="padding: 1rem 2rem; vertical-align: top; width: 100%;">
<table role="presentation"
style="max-width: 600px; border-collapse: collapse; border: 0px; border-spacing: 0px; text-align: left;">
<tbody>
<tr>
<td style="padding: 40px 0px 0px;">
<div style="padding: 20px; background-color: rgb(255, 255, 255);">
<div style="color: rgb(0, 0, 0); text-align: left;">
<img src="https://needapair.com/images/dashboard-logo.png"
alt="Company" style="width: 60px;">
<br>
<h1 style="margin: 1rem 0">Hello ${certificate.name}!</h1>
<p style="padding-bottom: 16px">${tempName} has recognized your achievement and sent you a certificate of recognition.</p>
<p style="padding-bottom: 16px">Click <a href="${req.protocol}://${req.hostname}/received-certificate/${id}">Retrieve Certificate</a> to go to needapair.com to preview your certificate and/or print.</p>
<p style="padding-bottom: 16px">Thank you,<br>- Ballmaster</p>
<p style="padding-bottom: 16px; font-size: 12px">Know someone that needs a pair of balls?<br>Tell them now at needapair.com</p>
</div>
</div>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>`
// Send the email
sendMail(to, subject, html, "admin").then(async (success) => {
if (success) {
await certificate.save()
await sender.save()
console.log(success)
return res.status(200).json({
message: `Certificate sent to ${to}`
})
}
else {
console.log('error from mailsend')
return res.status(500).json({
message: `Something Went Wrong`
})
}
})
}
catch (err) {
console.log(err)
return res.status(500).json({
message: err.message
})
}
})
module.exports = router