Merge pull request #8 from mahesh548/dev

mahesh548 · web-flow · commit 4e224fb679c1 · 2025-06-28T19:06:47.000+05:30
This merge introduces critical backend functionalities that support download access control and admin role management. Key updates include:

Creation of updateDownload route for handling download permission requests.

Addition of admin route with endpoints for admin actions and user statistics.

Implementation of searchUser and updateRole to enable admin-level user management.

Integration of transactional email notifications to inform users and admins of role and permission updates.

All changes have been tested locally and verified for stability and correctness. Approving this merge for deployment to ensure complete feature parity with the frontend and enable full admin functionality across the HTh Beats platform.
diff --git a/Database b/Database
@@ -1 +1 @@
-Subproject commit e8ad7af4e5b8359cf499606e9900e1b29d96c6cc
+Subproject commit 39969a1cf6f0612a69c154cc8f6784ed011ab0e2
diff --git a/Routes/Controller/admin.js b/Routes/Controller/admin.js
@@ -0,0 +1,199 @@
+const Users = require("../../Database/Models/Users");
+const Entity = require("../../Database/Models/Entity");
+const Song = require("../../Database/Models/Song");
+const utils = require("../../utils");
+const admin = async (req, res) => {
+  const { user, adminAction } = req.body;
+  if (!user || user?.role !== "admin") {
+    return res.status(403).json({ status: false, msg: "Unauthorized access!" });
+  }
+  try {
+    if (!adminAction) {
+      return res.status(400).json({ status: false, msg: "Invalid input!" });
+    }
+
+    if (adminAction?.action === "getCounts") {
+      const totalUsers = await Users.aggregate([
+        {
+          $facet: {
+            approved: [
+              { $match: { downloadAccess: "approved" } },
+              { $count: "count" },
+            ],
+            users: [{ $match: { role: "user" } }, { $count: "count" }],
+          },
+        },
+      ]);
+
+      const detailData = await Users.aggregate([
+        {
+          $facet: {
+            admins: [
+              { $match: { role: "admin" } },
+              { $project: { username: 1, pic: 1, createdAt: 1 } },
+            ],
+            requests: [
+              { $match: { downloadAccess: "requested" } },
+              { $project: { username: 1, pic: 1, createdAt: 1, id: 1 } },
+            ],
+          },
+        },
+      ]);
+
+      const UsersCount = Object.fromEntries(
+        Object.entries(totalUsers[0]).map(([key, value]) => [
+          key,
+          value[0]?.count || 0,
+        ])
+      );
+
+      UsersCount.admin = detailData[0].admins?.length || 0;
+      UsersCount.request = detailData[0].requests?.length || 0;
+
+      const totalEntity = await Entity.aggregate([
+        {
+          $facet: {
+            playlists: [{ $match: { type: "playlist" } }, { $count: "count" }],
+            albums: [{ $match: { type: "album" } }, { $count: "count" }],
+            mixes: [{ $match: { type: "mix" } }, { $count: "count" }],
+          },
+        },
+      ]);
+      const EntityCount = Object.fromEntries(
+        Object.entries(totalEntity[0]).map(([key, value]) => [
+          key,
+          value[0]?.count || 0,
+        ])
+      );
+
+      const songCount = await Song.countDocuments({});
+      EntityCount.songs = songCount;
+
+      return res.status(200).json({
+        status: true,
+        data: { UsersCount, EntityCount, detailData: detailData[0] },
+      });
+    }
+    if (adminAction?.action === "searchUser") {
+      const { searchId } = adminAction;
+      if (!searchId) {
+        return res.status(400).json({ status: false, msg: "Invalid input!" });
+      }
+      const isValidUsername = utils.isValidUsername(searchId);
+      if (!isValidUsername && !utils.isValidEmail(searchId)) {
+        return res.status(400).json({ status: false, msg: "Invalid input!" });
+      }
+
+      const usersData = await Users.find(
+        {
+          username: { $regex: new RegExp("^" + searchId), $options: "i" },
+        },
+        ["username", "id", "pic", "role", "createdAt", "downloadAccess", "-_id"]
+      );
+
+      return res.status(200).json({
+        status: true,
+        data: usersData,
+      });
+    }
+
+    if (adminAction?.action === "updateRole") {
+      const { targetId, role } = adminAction;
+      if (!targetId || !role) {
+        return res.status(400).json({ status: false, msg: "Invalid input!" });
+      }
+      const validRoles = ["user", "admin"];
+      if (!validRoles.includes(role)) {
+        return res.status(400).json({ status: false, msg: "Invalid role!" });
+      }
+
+      const userData = await Users.findOneAndUpdate(
+        { id: targetId },
+        { $set: { role: role } },
+        { new: true }
+      );
+
+      if (!userData) {
+        return res.status(404).json({ status: false, msg: "User not found!" });
+      }
+      sendEmail(
+        userData?.username,
+        [{ email: userData?.email, name: userData?.username }],
+        role
+      );
+
+      return res.status(200).json({
+        status: true,
+        msg: `User role updated successfully!`,
+      });
+    }
+    return res
+      .status(200)
+      .json({ status: false, msg: "Invalid admin action!" });
+  } catch (error) {
+    console.log(error);
+    return res
+      .status(500)
+      .json({ status: false, msg: "something went wrong!" });
+  }
+};
+
+const sendEmail = async (username, emails, type) => {
+  if (!username || !emails || !type) return;
+  let message = "";
+  let subject = "";
+
+  if (type == "admin") {
+    subject = "Welcome to the HTh Beats Admin Team!";
+
+    message =
+      `Dear ${username},\n\n` +
+      `Congratulations! 🎉 You have been promoted to the Admin Team on HTh Beats.\n\n` +
+      `As an admin, you now have access to several new responsibilities and capabilities:\n` +
+      `• Approve or deny download requests submitted by users\n` +
+      `• Grant or revoke download permissions, even if a request hasn't been made\n` +
+      `• Promote other users to admin or remove current admins\n` +
+      `• View internal statistics related to HTh Beats' usage and activity\n\n` +
+      `To access the Admin Panel, please use the link below:\n` +
+      `${process.env.FURL}/admin\n\n` +
+      `If the above link doesn’t work for any reason, simply open your account settings within the app and look for the “Admin Panel” button.\n\n` +
+      `We trust that you will use your new role responsibly and help maintain the quality and fairness of our platform. If for any reason you do not wish to continue as an admin, you can contact our support team at ${process.env.SUPPORT_MAIL}.\n\n` +
+      `Enjoy your new role, and thank you for being a valuable part of the HTh Beats community.\n\n` +
+      `Best regards,\n` +
+      `The HTh Beats Team`;
+  }
+  if (type == "user") {
+    subject = "Your Admin Role Has Been Revoked on HTh Beats";
+
+    message =
+      `Dear ${username},\n\n` +
+      `We’d like to inform you that your admin privileges on HTh Beats have been revoked, and your account has been returned to a regular user role.\n\n` +
+      `This means you will no longer be able to:\n` +
+      `• Approve or deny download requests\n` +
+      `• Grant or revoke download access for users\n` +
+      `• Add or remove admins\n` +
+      `• View administrative statistics or privileged data\n\n` +
+      `This decision was made by the HTh Beats Admin Team. We ask you to please respect this decision as part of maintaining the integrity and responsibility expected from admin roles.\n\n` +
+      `However, if you believe this action was taken in error or would like clarification, feel free to contact us at ${process.env.SUPPORT_MAIL} and we’ll be happy to assist you.\n\n` +
+      `Thank you for your past contributions as an admin. We hope you’ll continue enjoying HTh Beats as a valued user.\n\n` +
+      `Sincerely,\n` +
+      `The HTh Beats Team`;
+  }
+  if (!subject || !message) return;
+  await utils.sendMail(emails, subject, message);
+  const securityMessage =
+    `Dear Mahesh,\n\n` +
+    `There is new changes in HTh Beats Admin Team as @${username} has been ${
+      type == "admin" ? "added to" : "removed from"
+    } the Team. \n\n` +
+    `New admin's email: ${emails[0]?.email} \n` +
+    `New admin's username: ${emails[0]?.name} \n\n` +
+    `The HTh Beats Safety System`;
+  await utils.sendMail(
+    [{ email: "mkmjnp5@gmail.com", name: "Mahesh" }],
+    "Changes in HTh Beats Admin Team",
+    securityMessage
+  );
+};
+
+module.exports = admin;
diff --git a/Routes/Controller/updateDownload.js b/Routes/Controller/updateDownload.js
@@ -0,0 +1,125 @@
+const Users = require("../../Database/Models/Users");
+const utils = require("../../utils");
+
+const updateDownload = async (req, res) => {
+  const { accessData, user } = req.body;
+  if (!accessData)
+    return res.status(200).json({ status: false, msg: "invalid input!" });
+
+  try {
+    const { access } = accessData;
+    if (!access)
+      return res.status(400).json({ status: false, msg: "invalid input!" });
+
+    if (access === "requested") {
+      const updatedUser = await Users.findOneAndUpdate(
+        { id: user.id },
+        { $set: { downloadAccess: "requested" } },
+        { new: true }
+      );
+
+      let adminsMail = await Users.find({ role: "admin" }, [
+        "email",
+        "username",
+      ]);
+      adminsMail = adminsMail.map((item) => {
+        return { email: item.email, name: item.username };
+      });
+
+      sendEmail(updatedUser?.username, adminsMail, "request");
+
+      return res
+        .status(200)
+        .json({ status: true, msg: "Download access requested successfully!" });
+    }
+
+    if (access === "approved" || access === "default") {
+      const { targetId } = accessData;
+      if (!targetId)
+        return res.status(400).json({ status: false, msg: "invalid input!" });
+      const adminData = await Users.findOne({ id: user.id, role: "admin" });
+      if (!adminData)
+        return res
+          .status(403)
+          .json({ status: false, msg: "unauthorized access!" });
+
+      const updatedUser = await Users.findOneAndUpdate(
+        { id: targetId },
+        { $set: { downloadAccess: access } },
+        { new: true }
+      );
+
+      sendEmail(
+        updatedUser?.username,
+        [{ email: updatedUser?.email, name: updatedUser?.username }],
+        access
+      );
+
+      return res
+        .status(200)
+        .json({ status: true, msg: "Download access updated successfully!" });
+    }
+
+    return res.status(200).json({ status: false, msg: "invalid access type!" });
+  } catch (error) {
+    console.log(error);
+    res.status(500).json({ status: false });
+  }
+};
+
+const sendEmail = async (username, emails, type) => {
+  if (!username || !emails || !type) return;
+  let message = "";
+  let subject = "";
+  if (type == "request") {
+    const pending = await Users.countDocuments({ downloadAccess: "requested" });
+    subject = `${pending} Pending Download Request${
+      pending > 1 ? "s" : ""
+    } - Action Required`;
+
+    message =
+      `Dear HTh Beats Admin Team,\n\n` +
+      `A new download request has been submitted by user @${username}.\n\n` +
+      `There are currently (${pending}) pending download request${
+        pending > 1 ? "s" : ""
+      } awaiting your review.\n\n` +
+      `Please visit the Admin Panel to take the necessary actions:\n` +
+      `${process.env.FURL}/admin\n\n` +
+      `IF LINK ABOVE NOT WORKING THEN SIMPLY OPEN YOUR ACCOUNT AND ACCESS ADMIN PANEL FROM SETTINGS\n\n` +
+      `Your continued support helps keep HTh Beats running smoothly and ensures a great experience for our users.\n` +
+      `We appreciate your attention to this matter.\n\n` +
+      `Best regards,\n` +
+      `The HTh Beats Team`;
+  }
+  if (type == "approved") {
+    subject = "Your Download Request Has Been Approved!";
+
+    message =
+      `Dear ${username},\n\n` +
+      `Congratulations! Your download request has been approved, and the download feature is now unlocked for your account.\n\n` +
+      `You can now enjoy downloading your favorite music directly from the app.\n\n` +
+      `We kindly remind you that all downloaded content is for personal use only. Please refrain from using the material for any commercial purposes and help us maintain a piracy-free and respectful environment.\n\n` +
+      `If you experience any issues accessing the download feature, please don't hesitate to contact our support team at ${process.env.SUPPORT_MAIL}.\n\n` +
+      `Thank you for being a valued part of the HTh Beats community. We hope you enjoy the enhanced experience!\n\n` +
+      `Best regards,\n` +
+      `The HTh Beats Team`;
+  }
+  if (type == "default") {
+    subject = "Your Download Request Was Not Approved";
+
+    message =
+      `Dear ${username},\n\n` +
+      `Thank you for your interest in accessing the download feature on HTh Beats.\n\n` +
+      `After reviewing your request, we regret to inform you that it has not been approved at this time.\n\n` +
+      `This feature is selectively granted based on internal criteria, and unfortunately, your account did not meet the requirements for approval.\n\n` +
+      `We encourage you to continue enjoying all the other features HTh Beats has to offer and welcome you to reapply in the future if needed.\n\n` +
+      `If you believe this decision was made in error or if you have any questions, feel free to reach out to our support team at ${process.env.SUPPORT_MAIL}.\n\n` +
+      `Thank you for being a part of the HTh Beats community.\n\n` +
+      `Best regards,\n` +
+      `The HTh Beats Team`;
+  }
+  if (!subject || !message) return;
+  utils.sendMail(emails, subject, message);
+};
+
+module.exports = updateDownload;
diff --git a/Routes/Controller/userData.js b/Routes/Controller/userData.js
@@ -12,6 +12,8 @@ const userData = async (req, res) => {
       "languages",
       "pic",
       "email",
+      "role",
+      "downloadAccess",
       "-_id",
     ]).lean();
     const email = usersData.email;
diff --git a/Routes/Middlewares/authentication.js b/Routes/Middlewares/authentication.js
@@ -27,7 +27,7 @@ const auth = async (req, res, next) => {
       { expiresIn: "30d" }
     );
 
-    req.body.user = user;
+    req.body.user = { ...user, role: realUser?.role };
     //setting session token into headers
     res.setHeader("Access-Control-Expose-Headers", "session");
     res.setHeader("session", refreshedToken);
diff --git a/Routes/Router.js b/Routes/Router.js
@@ -47,6 +47,8 @@ const room = require("./Controller/room.js");
 const uploadPic = require("./Controller/uploadPic.js");
 const deletePic = require("./Controller/deletePic.js");
 const deleteAccount = require("./Controller/deleteAccount.js");
+const updateDownload = require("./Controller/updateDownload.js");
+const admin = require("./Controller/admin.js");
 
 //routes
 router.post("/signup", [userMailValidator], signUp);
@@ -75,6 +77,10 @@ router.delete("/activity", [auth], deleteActivity);
 
 router.post("/room/:event", [auth], room);
 
+router.post("/updateAccess", [auth], updateDownload);
+
+router.post("/admin", [auth], admin);
+
 router.post("/profile_pic", [upload.single("image"), auth], uploadPic);
 router.delete("/profile_pic", [auth], deletePic);
 
diff --git a/readme.md b/readme.md
diff --git a/utils.js b/utils.js
