src/extensions/users-permissions/strapi-server.js

const utils = require("@strapi/utils");

const _ = require("lodash");
const { sanitize } = utils;
const { ApplicationError, ValidationError } = utils.errors;
const {
  validateRegisterBody,
} = require("@strapi/plugin-users-permissions/server/controllers/validation/auth");
const { getService } = require("@strapi/plugin-users-permissions/server/utils");
const { default: axios } = require("axios");

const sanitizeUser = (user, ctx) => {
  const { auth } = ctx.state;
  const userSchema = strapi.getModel("plugin::users-permissions.user");

  return sanitize.contentAPI.output(user, userSchema, { auth });
};

const userPermissionExtension = (plugin) => {
  /** Example of overriding and adding a new endpoint, check the section where we have registered this as a route below. */
  plugin.controllers.user.updateMe = (ctx) => {
    ctx.params.id = ctx.state.user.id;
    return plugin.controllers.user.update(ctx);
  };

  plugin.controllers.user.startEndUserOtpLogin = async (ctx) => {
    const { emailAddress, mobileNumber } = ctx.request.body;
    if (!emailAddress || !mobileNumber) {
      throw new ValidationError(
        "Please specify both the email address & mobile numbers."
      );
    }

    const pluginStore = await strapi.store({
      type: "plugin",
      name: "users-permissions",
    });
    const emailSettings = await pluginStore.get({ key: "email" });

    // Find the channel partner first.
    // const endUser = await strapi.query("api::end-user.end-user").findOne({
    //   populate: ["user"],
    //   where: {
    //     $and: [
    //       { publishedAt: { $notNull: true } },
    //       { mobileNo: mobileNumber },
    //     ],
    //   },
    // });

    const endUser = await strapi.query("api::end-user.end-user").findOne({
      populate: ["user"],
      where: {
        $and: [{ publishedAt: { $notNull: true } }, { mobileNo: mobileNumber }],
      },
    });

    if (!endUser) {
      throw new ValidationError(
        "No end user registered with specified email address, mobile number combination."
      );
    }

    // Find the linked user next.
    const user = await strapi
      .query("plugin::users-permissions.user")
      .findOne({ where: { id: endUser.user.id } });
    if (!user || user.blocked) {
      throw new ValidationError("Unable to resolve user linked to end user.");
    }

    const resetPasswordSettings = _.get(
      emailSettings,
      "reset_password.options",
      {}
    );
    const oneTimePassword = Math.floor(100000 + Math.random() * 900000);

    const emailToSend = {
      to: user.email,
      from: `contact@hiranandani.net`,
      oneTimePassword: oneTimePassword,
      replyTo: resetPasswordSettings.response_email,
      subject: `Your one time password is: ${oneTimePassword}`,
      text: `Hello ${endUser.fullName}, Your one time password to login to your partner portal is ${oneTimePassword}`,
      html: `<p>Dear ${endUser.fullName},
        Your OTP for Hiranandani Exclusive website login is <strong>${oneTimePassword}</strong> . Valid for 10 minutes. Please do not
        share this OTP.
        
        Regards,
        Hiranandani Team.`,
    };
    const finalData = {
      emailToSend: emailToSend,
      mobileNo: mobileNumber,
      fullName: endUser.fullName,
    };
    // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails

    // const headers = { "Content-Type": "application/json" };
    // const otpDetails = {
    //   api_key: process.env.SPERTO_API_KEY,
    //   from_name: "Hiranandani",
    //   from_mail: emailToSend.from,
    //   to: emailToSend.to,
    //   subject: emailToSend.subject,
    //   body: emailToSend.html,
    // };
    // await strapi.plugin("email").service("email").send(emailToSend);
    // await axios.get(
    //   `http://vas.themultimedia.in/domestic/sendsms/bulksms.php?username=OSAPI&password=os123456&type=TEXT&sender=HROTPs&entityId=1101407690000029629&templateId=1507166789848358346&mobile=${mobileNumber}&message=Dear%20${endUser.fullName}%0AYour%20OTP%20for%20Hiranandani%20Exclusive%20website%20login%20is%20${oneTimePassword}%0AValid%20for%2010%20minute%20Please%20do%20not%20share%20this%20OTP.%0ARegards%2C%0AHiranandani%20Team.`
    // );
    try {
      // const spertoResponse = await axios.post(
      //   "https://net4hgc.sperto.co.in/_api/api_auth_send_mail.php",
      //   otpDetails,
      //   { headers: headers }
      // );
      const spretoOTP = await strapi
        .service("api::end-user.end-user")
        .sendOTPToSpreto(finalData);
      // console.log("spretoOTP", spretoOTP);
      //  EMAIL RESPONSE
      ctx.request.body.httpRequestEmailHeaders = JSON.stringify(
        spretoOTP.spertoEmailResponse.headers
      );
      ctx.request.body.httpRequestEmailMethod =
        spretoOTP.spertoEmailResponse.config.method;
      ctx.request.body.httpRequestEmailUrl =
        spretoOTP.spertoEmailResponse.config.url;
      ctx.request.body.httpsRequestEmailBody =
        spretoOTP.spertoEmailResponse.config.data;
      ctx.request.body.httpResposneEmailBody = JSON.stringify(
        spretoOTP.spertoEmailResponse.data
      );

      // SMS RESPONSE

      ctx.request.body.httpSMSRequestHeaders = JSON.stringify(
        spretoOTP.spertoSMSResponse.headers
      );
      ctx.request.body.httpSMSRequestMethod =
        spretoOTP.spertoSMSResponse.config.method;
      ctx.request.body.httpSMSRequestUrl =
        spretoOTP.spertoSMSResponse.config.url;
      // ctx.request.body.httpsSMSRequestBody = spretoOTP.spertoSMSResponse.config.data;
      ctx.request.body.httpSMSResposneBody = JSON.stringify(
        spretoOTP.spertoSMSResponse.data
      );

      ctx.request.body.thirdPartyApiError = false;
      // console.log("spretoOTP", spretoOTP);

      // return spretoOTP;
    } catch (error) {
      // Email errors
      ctx.request.body.httpRequestEmailHeaders = JSON.stringify(
        error.config.headers
      );
      ctx.request.body.httpRequestEmailMethod = error.config.method;
      ctx.request.body.httpRequestEmailUrl = error.config.url;
      ctx.request.body.httpsRequestEmailBody = error.config.data;
      ctx.request.body.httpResposneEmailBody = JSON.stringify(error.message);

      // SMS headers
      ctx.request.body.httpSMSRequestHeaders = JSON.stringify(
        error.config.headers
      );
      ctx.request.body.httpSMSRequestMethod = error.config.method;
      ctx.request.body.httpSMSRequestUrl = error.config.url;
      // ctx.request.body.httpsSMSRequestBody = error.config.data;
      ctx.request.body.httpSMSResposneBody = JSON.stringify(error.message);
      ctx.request.body.thirdPartyApiError = true;
    }
    const updateUser = await getService("user").edit(user.id, {
      oneTimePassword: `${oneTimePassword}`,
    });

    await strapi.entityService.update("api::end-user.end-user", endUser.id, {
      data: {
        httpRequestIsVerifiedHeaders:
          ctx.request.body.httpRequestIsVerifiedHeaders,
        httpsRequestIsVerifiedBody: ctx.request.body.httpsRequestIsVerifiedBody,
        httpRequestIsVerifiedUrl: ctx.request.body.httpRequestIsVerifiedUrl,
        httpRequestIsVerifiedMethod:
          ctx.request.body.httpRequestIsVerifiedMethod,
        httpResposneIsVerifiedBody: ctx.request.body.httpResposneIsVerifiedBody,

        httpRequestIsVerifiedHeaders:
          ctx.request.body.httpRequestIsVerifiedHeaders,
        // httpsRequestIsVerifiedBody: ctx.request.body.httpsRequestIsVerifiedBody,
        httpSMSRequestUrl: ctx.request.body.httpSMSRequestUrl,
        httpSMSRequestMethod: ctx.request.body.httpSMSRequestMethod,
        httpSMSResposneBody: ctx.request.body.httpSMSResposneBody,
        httpSMSRequestHeaders: ctx.request.body.httpSMSRequestHeaders,
      },
    });

    ctx.send({ ok: true, message: "otp sent" });

    //  const updateUser = await getService("user").edit(user.id, {
    //   oneTimePassword: `${oneTimePassword}`,
    // });

    // Send an email to the user.
    // await getService("user").sendOTPOnEmail(emailToSend);

    // TODO: Send SMS.
  };

  plugin.controllers.user.finishEndUserOtpLogin = async (ctx) => {
    const { oneTimePassword, emailAddress, mobileNumber } = ctx.request.body;
    console.log("ctx.request.body", ctx.request.body);
    if (!oneTimePassword || !mobileNumber || !emailAddress) {
      throw new ValidationError(
        "Please specify the oneTimePassword, email address and mobile numbers."
      );
    }

    // Find the channel partner first.
    const endUser = await strapi.query("api::end-user.end-user").findOne({
      populate: ["user"],
      where: {
        $and: [
          { publishedAt: { $notNull: true } },
          // { user: { email: emailAddress } },
          { mobileNo: mobileNumber },
        ],
      },
    });

    if (!endUser) {
      throw new ValidationError(
        "No end user registered with specified email address, mobile number combination."
      );
    }

    // Find the linked user next.
    const user = await strapi.query("plugin::users-permissions.user").findOne({
      where: {
        $and: [{ id: endUser.user.id }, { oneTimePassword: oneTimePassword }],
      },
    });
    if (!user || user.blocked) {
      throw new ValidationError("Code provided is not valid.");
    }

    await getService("user").edit(user.id, {
      oneTimePassword: null,
      password: oneTimePassword,
    });

    ctx.send({ ok: true, message: "otp updated" });
  };

  plugin.controllers.user.startChannelPartnerOtpLogin = async (ctx) => {
    const { mahareraNumber, mobileNumber } = ctx.request.body;
    if (!mahareraNumber) {
      throw new ValidationError("Please specify the maharera number.");
    }

    const pluginStore = await strapi.store({
      type: "plugin",
      name: "users-permissions",
    });
    const emailSettings = await pluginStore.get({ key: "email" });

    // Find the channel partner first.
    const channelPartner = await strapi
      .query("api::channel-partner.channel-partner")
      .findOne({
        populate: ["user"],
        where: {
          reraNumber: mahareraNumber,
        },
      });

    if (!channelPartner) {
      throw new ValidationError(
        "No channel partner registered with specified maharera number."
      );
    }

    // // Find the linked user next.
    const user = await strapi
      .query("plugin::users-permissions.user")
      .findOne({ where: { id: channelPartner.user.id } });

    if (!user || user.blocked) {
      throw new ValidationError(
        "Unable to resolve user linked to channel partner."
      );
    }

    const resetPasswordSettings = _.get(
      emailSettings,
      "reset_password.options",
      {}
    );

    let oneTimePassword;
    let responseBody;

    try {
      // console.log("entered catch",ctx.request.body);
      const spertoCPOtpData = await strapi
        .service("api::channel-partner.channel-partner")
        .getCPDataFromSperto(ctx.request.body);
      responseBody = spertoCPOtpData;
      // console.log("spertoCPOtpData >>>>>", spertoCPOtpData);
      ctx.request.body.httpThirdPartyOTPApiRequestHeaders = JSON.stringify(
        spertoCPOtpData.headers
      );
      ctx.request.body.token = spertoCPOtpData.data.token;
      ctx.request.body.httpThirdPartyOTPApiRequestMethod =
        spertoCPOtpData.config.method;
      ctx.request.body.httpThirdPartyOTPApiRequestUrl =
        spertoCPOtpData.config.url;
      ctx.request.body.httpsThirdPartyOTPApiRequestBody =
        spertoCPOtpData.config.data;
      ctx.request.body.httpThirdPartyOTPApiResposneBody = JSON.stringify(
        spertoCPOtpData.data
      );
      ctx.request.body.httpThirdPartyOTPApiError = false;
      // console.log(">>>>>",ctx.request.body.httpThirdPartyOTPApiError);
      oneTimePassword = spertoCPOtpData.data.otp;
    } catch (error) {
      ctx.request.body.data.httpThirdPartyOTPApiRequestHeaders = JSON.stringify(
        error.config.headers
      );
      ctx.request.body.httpThirdPartyOTPApiRequestMethod = error.config.method;
      ctx.request.body.httpThirdPartyOTPApiRequestUrl = error.config.url;
      ctx.request.body.httpsThirdPartyOTPApiRequestBody = error.config.data;
      ctx.request.body.httpThirdPartyOTPApiResposneBody = JSON.stringify(
        error.message
      );
      ctx.request.body.httpThirdPartyOTPApiError = true;
    }
    const emailToSend = {
      oneTimePassword: oneTimePassword,
      // to: user.email,
      from: `contact@hiranandani.net`,
      replyTo: resetPasswordSettings.response_email,
      subject: `Your one time password is: ${oneTimePassword}`,
      // text: `Hello ${channelPartner.contactPersonName}, Your one time password to login to your partner portal is ${oneTimePassword}`,
      // html: `<p>Hello ${channelPartner.contactPersonName}, <br></br>Your one time password to login to your partner portal is ${oneTimePassword}</p><br /> Best Regards, <br /> Team Hiranandani.`,
    };
    const finalData = {
      emailToSend: emailToSend,
      mobileNo: mobileNumber,
      fullName: '',
    };
    try {
      // const spertoResponse = await axios.post(
      //   "https://net4hgc.sperto.co.in/_api/api_auth_send_mail.php",
      //   otpDetails,
      //   { headers: headers }
      // );
      const spretoOTP = await strapi
        .service("api::end-user.end-user")
        .sendOTPToSpreto(finalData);
      // console.log("spretoOTP", spretoOTP);
      //  EMAIL RESPONSE
      ctx.request.body.httpEmailRequestHeaders = JSON.stringify(
        spretoOTP.spertoEmailResponse.headers
      );
      ctx.request.body.httpEmailRequestMethod =
        spretoOTP.spertoEmailResponse.config.method;
      ctx.request.body.httpEmailRequestUrl =
        spretoOTP.spertoEmailResponse.config.url;
      ctx.request.body.httpsEmailRequestBody =
        spretoOTP.spertoEmailResponse.config.data;
      ctx.request.body.httpEmailResposneBody = JSON.stringify(
        spretoOTP.spertoEmailResponse.data
      );

      // SMS RESPONSE

      ctx.request.body.httpSMSRequestHeaders = JSON.stringify(
        spretoOTP.spertoSMSResponse.headers
      );
      ctx.request.body.httpSMSRequestMethod =
        spretoOTP.spertoSMSResponse.config.method;
      ctx.request.body.httpSMSRequestUrl =
        spretoOTP.spertoSMSResponse.config.url;
      // ctx.request.body.httpsSMSRequestBody = spretoOTP.spertoSMSResponse.config.data;
      ctx.request.body.httpSMSResposneBody = JSON.stringify(
        spretoOTP.spertoSMSResponse.data
      );

      ctx.request.body.thirdPartyApiError = false;
      // console.log("spretoOTP", spretoOTP);

      // return spretoOTP;
    } catch (error) {
      // Email errors
      ctx.request.body.httpEmailRequestHeaders = JSON.stringify(
        error.config.headers
      );
      ctx.request.body.httpEmailRequestMethod = error.config.method;
      ctx.request.body.httpEmailRequestUrl = error.config.url;
      ctx.request.body.httpsEmailRequestBody = error.config.data;
      ctx.request.body.httpEmailResposneBody = JSON.stringify(error.message);

      // SMS headers
      ctx.request.body.httpSMSRequestHeaders = JSON.stringify(
        error.config.headers
      );
      ctx.request.body.httpSMSRequestMethod = error.config.method;
      ctx.request.body.httpSMSRequestUrl = error.config.url;
      // ctx.request.body.httpsSMSRequestBody = error.config.data;
      ctx.request.body.httpSMSResposneBody = JSON.stringify(error.message);
      ctx.request.body.thirdPartyApiError = true;
    }
    // NOTE: Update the user before sending the email so an Admin can generate the link if the email fails
    await getService("user").edit(user.id, {
      oneTimePassword: `${oneTimePassword}`,
    });
    await strapi.entityService.update(
      "api::channel-partner.channel-partner",
      channelPartner.id,
      {
        data: {
          // httpRequestIsVerifiedHeaders:
          //   ctx.request.body.httpRequestIsVerifiedHeaders,
          // httpsRequestIsVerifiedBody: ctx.request.body.httpsRequestIsVerifiedBody,
          // httpRequestIsVerifiedUrl: ctx.request.body.httpRequestIsVerifiedUrl,
          // httpRequestIsVerifiedMethod:
          //   ctx.request.body.httpRequestIsVerifiedMethod,
          // httpResposneIsVerifiedBody: ctx.request.body.httpResposneIsVerifiedBody,

          // httpRequestIsVerifiedHeaders:
          //   ctx.request.body.httpRequestIsVerifiedHeaders,
          // httpsRequestIsVerifiedBody: ctx.request.body.httpsRequestIsVerifiedBody,
          httpSMSRequestUrl: ctx.request.body.httpSMSRequestUrl,
          httpSMSRequestMethod: ctx.request.body.httpSMSRequestMethod,
          httpSMSResposneBody: ctx.request.body.httpSMSResposneBody,
          httpSMSRequestHeaders: ctx.request.body.httpSMSRequestHeaders,

          httpsEmailRequestBody: ctx.request.body.httpsEmailRequestBody,
          httpEmailRequestUrl: ctx.request.body.httpEmailRequestUrl,
          httpEmailRequestMethod: ctx.request.body.httpEmailRequestMethod,
          httpEmailResposneBody: ctx.request.body.httpEmailResposneBody,
          httpEmailRequestHeaders: ctx.request.body.httpEmailRequestHeaders,

          httpThirdPartyOTPApiRequestHeaders:
            ctx.request.body.httpThirdPartyOTPApiRequestHeaders,
          token: ctx.request.body.token,
          httpThirdPartyOTPApiRequestMethod:
            ctx.request.body.httpThirdPartyOTPApiRequestMethod,
          httpThirdPartyOTPApiRequestUrl:
            ctx.request.body.httpThirdPartyOTPApiRequestUrl,
          httpsThirdPartyOTPApiRequestBody:
            ctx.request.body.httpsThirdPartyOTPApiRequestBody,
          httpThirdPartyOTPApiResposneBody:
            ctx.request.body.httpThirdPartyOTPApiResposneBody,
        },
      }
    );
    // Send an email to the user.
    // await strapi.plugin("email").service("email").send(emailToSend);

    // TODO: Send SMS.
    console.log("responseBody", responseBody);
    ctx.send({ data: responseBody.data });
  };

  plugin.controllers.user.finishChannelPartnerOtpLogin = async (ctx) => {
    const { oneTimePassword, mahareraNumber, mobileNumber } = ctx.request.body;
    if (!oneTimePassword || !mahareraNumber) {
      throw new ValidationError(
        "Please specify the oneTimePassword, maharera number and mobile numbers."
      );
    }
    console.log("{ oneTimePassword, mahareraNumber, mobileNumber }", {
      oneTimePassword,
      mahareraNumber,
    });
    // Find the channel partner first.
    const channelPartner = await strapi
      .query("api::channel-partner.channel-partner")
      .findOne({
        populate: ["user"],
        where: {
          $and: [
            { publishedAt: { $notNull: true } },
            { reraNumber: mahareraNumber },
          ],
        },
      });

    if (!channelPartner) {
      throw new ValidationError(
        "No channel partner registered with specified maharera number, mobile number combination."
      );
    }

    // Find the linked user next.
    const user = await strapi.query("plugin::users-permissions.user").findOne({
      where: {
        $and: [
          { id: channelPartner.user.id },
          { oneTimePassword: oneTimePassword },
        ],
      },
    });
    if (!user || user.blocked) {
      throw new ValidationError("Code provided is not valid.");
    }

    await getService("user").edit(user.id, {
      oneTimePassword: null,
      password: oneTimePassword,
    });
    console.log("ctx >>>>>>>>>", user);
    ctx.send({ ok: true, message: "otp updated", data: user });
  };

  /** Example of overriding an existing route. */
  plugin.controllers.auth.register = async (ctx) => {
    const pluginStore = await strapi.store({
      type: "plugin",
      name: "users-permissions",
    });

    const settings = await pluginStore.get({ key: "advanced" });

    if (!settings.allow_register) {
      throw new ApplicationError("Register action is currently disabled");
    }

    const params = {
      ..._.omit(ctx.request.body, [
        "confirmed",
        "blocked",
        "confirmationToken",
        "resetPasswordToken",
        "provider",
      ]),
      provider: "local",
    };

    await validateRegisterBody(params);

    // We have added the ability to choose the role.
    // This is the customisation that we wanted to do to make this possible
    const newUserRole = params?.role ? params?.role : settings.default_role;

    // the query was also changed to apply a query on "name" rather than the default "type".
    const role = await strapi
      .query("plugin::users-permissions.role")
      .findOne({ where: { name: newUserRole } });

    if (!role) {
      throw new ApplicationError("Impossible to find the default role");
    }
    console.log("HERE ARE PARAMS >>>>>", params);
    // @ts-ignore
    const { email, username, provider } = params;

    const identifierFilter = {
      $or: [
        // { email: email.toLowerCase() },
        // { username: email.toLowerCase() },
        { username },
        // { email: username },
      ],
    };

    const conflictingUserCount = await strapi
      .query("plugin::users-permissions.user")
      .count({
        where: { ...identifierFilter, provider },
      });
      
    if (conflictingUserCount > 0) {
      throw new ApplicationError("RERA Number already in use.");
    }

    // if (settings.unique_email) {
    //   const conflictingUserCount = await strapi
    //     .query("plugin::users-permissions.user")
    //     .count({
    //       where: { ...identifierFilter },
    //     });

    //   if (conflictingUserCount > 0) {
    //     throw new ApplicationError("Email or Username are already taken");
    //   }
    // }

    let newUser = {
      ...params,
      role: role.id,
      email: email.toLowerCase(),
      username,
      confirmed: !settings.email_confirmation,
    };
    console.log("newUser 123456789>>>>>", newUser);
    const user = await strapi
      .plugin("users-permissions")
      .service("user")
      .add(newUser);

    const sanitizedUser = await sanitizeUser(user, ctx);
    console.log("SANITIZE sanitizedUser", sanitizedUser);

    // if (settings.email_confirmation) {
    //   try {
    //     await strapi
    //       .plugin("users-permissions")
    //       .service("user")
    //       .sendConfirmationEmail(sanitizedUser);
    //   } catch (err) {
    //     throw new ApplicationError(err.message);
    //   }
    //   return ctx.send({ user: sanitizedUser });
    // }

    const jwt = strapi
      .plugin("users-permissions")
      .service("jwt")
      .issue(_.pick(user, ["id"]));
    console.log("jwt");
    return ctx.send({
      jwt,
      user: sanitizedUser,
    });
  };

  /** Endpoint used to allow edits on a user done by currently logged in user only their own record. */
  plugin.routes["content-api"].routes.push({
    method: "PUT",
    path: "/users/me",
    handler: "user.updateMe",
  });

  /** Endpoints used to facilitate channel partner login with otp */
  plugin.routes["content-api"].routes.push({
    method: "POST",
    path: "/users/channel-partner/start-otp-login",
    handler: "user.startChannelPartnerOtpLogin",
  });
  plugin.routes["content-api"].routes.push({
    method: "POST",
    path: "/users/channel-partner/finish-otp-login",
    handler: "user.finishChannelPartnerOtpLogin",
  });

  /** Endpoints used to facilitate end user login with otp */
  plugin.routes["content-api"].routes.push({
    method: "POST",
    path: "/users/end-user/start-otp-login",
    handler: "user.startEndUserOtpLogin",
  });
  plugin.routes["content-api"].routes.push({
    method: "POST",
    path: "/users/end-user/finish-otp-login",
    handler: "user.finishEndUserOtpLogin",
  });

  return plugin;
};

module.exports = userPermissionExtension;