imports/startup/accounts-config.js

import { Accounts } from 'meteor/accounts-base'
import { Roles } from 'meteor/alanning:roles'
import {Meteor} from "meteor/meteor";

console.log("Setting up accounts-config...")

if(Meteor.isClient) {
	Accounts.ui.config({
	    passwordSignupFields: 'USERNAME_ONLY'
	});
}

Accounts.config({
	// Allow only certain email domains.
	restrictCreationByEmailDomain: function(address) {
		let pattern = process.env.EMAIL_REGEX;

		return new RegExp(pattern, 'i').test(address)
	}
});

if(Meteor.isServer) {
	let adminEmail = process.env.ADMIN_EMAIL;
	let watchForAdmin = false;

	//Setup the roles.
	Roles.createRole('admin', {unlessExists: true});
	Roles.createRole('laptop-management', {unlessExists: true});
	Roles.addRolesToParent('laptop-management', 'admin', {unlessExists: true});
	//Roles.addUsersToRoles("zwbMiaSKHix4bWQ8d", 'admin', 'global', {unlessExists: true});

	// If we are passed an email address that should be admin by default, then ensure that user is admin, or mark it as needing to be admin if the user ever logs in.
	// Given that this app requires Google OAuth2, and we expect logins to be restricted to district email addresses, this should be very secure.
	if(adminEmail) {
		let user = Meteor.users.findOne({"services.google.email": adminEmail});

		if(user) {
			let assignment = Meteor.roleAssignment.findOne({'user._id': user._id, "role._id": "admin"});

			// console.log("Admin Role Assignment: " + JSON.stringify(assignment));
			if(!assignment) {
				Roles.addUsersToRoles(user._id, ['admin']);
			}
		}
		else {
			watchForAdmin = true;
		}
	}

	// Listen for users logging in so we can setup the admin user automatically once they log in the first time.
	if(watchForAdmin) {
		// TODO: It would be nice to remove this handler after the admin user is found, but the docs are pretty ambiguous about how to do that.  Not a big deal, just annoying.
		Accounts.onLogin(function (data) {
			// console.log("User logged in:");
			// console.log(data.user.services.google.email);

			// data.user == Meteor.user()

			//console.log(JSON.stringify(Meteor.user()));
			if (watchForAdmin) {
				try {
					if (data.user.services.google.email === adminEmail) {
						Roles.addUsersToRoles(data.user._id, ['admin']);
						watchForAdmin = false;
					}
				} catch (err) {
					console.log(err);
				}
			}
		});
	}
}

console.log("Finished setting up accounts-config.")
Cleaned up the copied project & got the Google authentication working. A lot of work still needs to be done to add content and allow only certain users access. 2022-03-09 07:55:26 -08:00			`import { Accounts } from 'meteor/accounts-base'`
Added Roles, User Management, fixed bugs, added FlexTable component (should be renamed to GridTable), other table components and test code should be removed down the line, added admin function to fix broken data structures. 2022-05-17 11:06:15 -07:00			`import { Roles } from 'meteor/alanning:roles'`
			`import {Meteor} from "meteor/meteor";`
Initial commit - cloned the Svelte todo's app with google login enabled as a starting point. This system will initially be used to let the chrome extension for students report which computers are used by which students and when. 2021-09-16 07:26:57 -07:00
Tracked down a bug in a call to MongoDB that failed to ever return. It was trying to remove an index and the call never finished. 2022-08-15 07:01:20 -07:00			`console.log("Setting up accounts-config...")`

Added Roles, User Management, fixed bugs, added FlexTable component (should be renamed to GridTable), other table components and test code should be removed down the line, added admin function to fix broken data structures. 2022-05-17 11:06:15 -07:00			`if(Meteor.isClient) {`
Converted sample project into an almost working Svelte / Meteor project. Needs to fix the login/logout code, the camera code, and add Chromebook history when the QR Code is scanned. 2022-04-02 10:29:35 -07:00			`Accounts.ui.config({`
			`passwordSignupFields: 'USERNAME_ONLY'`
			`});`
			`}`
Cleaned up the copied project & got the Google authentication working. A lot of work still needs to be done to add content and allow only certain users access. 2022-03-09 07:55:26 -08:00
			`Accounts.config({`
Added Roles, User Management, fixed bugs, added FlexTable component (should be renamed to GridTable), other table components and test code should be removed down the line, added admin function to fix broken data structures. 2022-05-17 11:06:15 -07:00			`// Allow only certain email domains.`
Cleaned up the copied project & got the Google authentication working. A lot of work still needs to be done to add content and allow only certain users access. 2022-03-09 07:55:26 -08:00			`restrictCreationByEmailDomain: function(address) {`
Added Roles, User Management, fixed bugs, added FlexTable component (should be renamed to GridTable), other table components and test code should be removed down the line, added admin function to fix broken data structures. 2022-05-17 11:06:15 -07:00			`let pattern = process.env.EMAIL_REGEX;`

			`return new RegExp(pattern, 'i').test(address)`
Cleaned up the copied project & got the Google authentication working. A lot of work still needs to be done to add content and allow only certain users access. 2022-03-09 07:55:26 -08:00			`}`
			`});`
Added Roles, User Management, fixed bugs, added FlexTable component (should be renamed to GridTable), other table components and test code should be removed down the line, added admin function to fix broken data structures. 2022-05-17 11:06:15 -07:00
			`if(Meteor.isServer) {`
			`let adminEmail = process.env.ADMIN_EMAIL;`
			`let watchForAdmin = false;`

			`//Setup the roles.`
			`Roles.createRole('admin', {unlessExists: true});`
			`Roles.createRole('laptop-management', {unlessExists: true});`
			`Roles.addRolesToParent('laptop-management', 'admin', {unlessExists: true});`
			`//Roles.addUsersToRoles("zwbMiaSKHix4bWQ8d", 'admin', 'global', {unlessExists: true});`

			`// If we are passed an email address that should be admin by default, then ensure that user is admin, or mark it as needing to be admin if the user ever logs in.`
			`// Given that this app requires Google OAuth2, and we expect logins to be restricted to district email addresses, this should be very secure.`
			`if(adminEmail) {`
			`let user = Meteor.users.findOne({"services.google.email": adminEmail});`

			`if(user) {`
			`let assignment = Meteor.roleAssignment.findOne({'user._id': user._id, "role._id": "admin"});`

			`// console.log("Admin Role Assignment: " + JSON.stringify(assignment));`
			`if(!assignment) {`
			`Roles.addUsersToRoles(user._id, ['admin']);`
			`}`
			`}`
			`else {`
			`watchForAdmin = true;`
			`}`
			`}`

			`// Listen for users logging in so we can setup the admin user automatically once they log in the first time.`
			`if(watchForAdmin) {`
			`// TODO: It would be nice to remove this handler after the admin user is found, but the docs are pretty ambiguous about how to do that. Not a big deal, just annoying.`
			`Accounts.onLogin(function (data) {`
			`// console.log("User logged in:");`
			`// console.log(data.user.services.google.email);`

			`// data.user == Meteor.user()`

			`//console.log(JSON.stringify(Meteor.user()));`
			`if (watchForAdmin) {`
			`try {`
			`if (data.user.services.google.email === adminEmail) {`
			`Roles.addUsersToRoles(data.user._id, ['admin']);`
			`watchForAdmin = false;`
			`}`
			`} catch (err) {`
			`console.log(err);`
			`}`
			`}`
			`});`
			`}`
			`}`
Tracked down a bug in a call to MongoDB that failed to ever return. It was trying to remove an index and the call never finished. 2022-08-15 07:01:20 -07:00
			`console.log("Finished setting up accounts-config.")`