const { UserService, SkydiverProfileService } = require('../services'); const ErrorResponse = require("../utils/errorResponse"); var crypto = require('crypto'); const passport = require('passport'); module.exports.authenticate = async (req, res, next) => { try { passport.authenticate('headerapikey', { session: false }, function (err, application, info) { if (err) { //return res.status(err.status || 500).json({message: "An authentication error occured.", err: err.message}); return next(new ErrorResponse('Something went wrong while authenticating.', err.status || 500, err.message)); } if (!application) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (application.author) { application.author.token = application.author.generateJWT(); return res.json({ user: application.author.toAuthJSON(), application: application.toAuthJSON() }); } else { return res.status(422).json(info); } })(req, res, next); } catch (err) { //res.status(500).json({ message: 'Something went wrong while authenticating.', error: err.message }); return next(new ErrorResponse('Something went wrong while authenticating.', 500, err.message)); } }; module.exports.createUser = async (req, res, next) => { try { const { username, firstname, lastname, phone, email, password } = req.body.user; const userSlug = UserService.slugify(username); const slugInDB = await UserService.isUsernameUsed(userSlug); if (slugInDB) { return next(new ErrorResponse("Username already exists", 400)); } const uuid = crypto.randomUUID() const user = await UserService.createUser({ id: uuid, username, firstname, lastname, phone, email, password }); res.status(201).json({ message: 'User created successfully.', data: user, }); } catch (err) { return next(new ErrorResponse('Something went wrong while creating user.', 500, err.message)); } }; module.exports.getAllUsers = async (req, res, next) => { try { const users = await UserService.getAllUsers(); res.status(200).json({ data: users, }); } catch (err) { return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message)); } }; module.exports.getUser = async (req, res, next) => { try { const user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "Authentication required.")); } const profile = await SkydiverProfileService.getByUserId(req.payload.id); res.status(200).json({ user: { ...user.toAuthJSON(), ...(profile ? profile.toJSONFor() : { poids: null, licence: null, bg_image: null }), } }); } catch (err) { return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message)); } }; module.exports.loginAsUser = async (req, res, next) => { try { passport.authenticate('local', { session: false }, function (err, user, info) { if (err) { return next(err); } if (user) { user.token = user.generateJWT(); return res.json({ user: user.toAuthJSON() }); } else { return res.status(422).json(info); } })(req, res, next); } catch (err) { return next(new ErrorResponse('Something went wrong while processing login.', 500, err.message)); } }; module.exports.updateUser = async (req, res, next) => { try { let user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (typeof req.body.user.firstname !== 'undefined') { user.firstname = req.body.user.firstname; } if (typeof req.body.user.lastname !== 'undefined') { user.lastname = req.body.user.lastname; } if (typeof req.body.user.phone !== 'undefined') { user.phone = req.body.user.phone; } if (typeof req.body.user.image !== 'undefined') { user.image = req.body.user.image; } if (typeof req.body.user.role !== 'undefined') { return next(new ErrorResponse("Forbidden", 403, "A suspected attempt to usurp rights has been detected. The suspicious activity has been reported and xill be investigated.")); } const updatedUser = await UserService.updateUserById(user, req.payload.id); const skydiverFields = {}; if (typeof req.body.user.licence !== 'undefined') skydiverFields.licence = req.body.user.licence; if (typeof req.body.user.poids !== 'undefined') skydiverFields.poids = req.body.user.poids; if (typeof req.body.user.bg_image !== 'undefined') skydiverFields.bg_image = req.body.user.bg_image; if (Object.keys(skydiverFields).length > 0) { await SkydiverProfileService.upsert(req.payload.id, skydiverFields); } res.status(200).json({ user: updatedUser.toAuthJSON() }); } catch (err) { return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message)); } }; module.exports.updateUserEmail = async (req, res, next) => { try { let user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (typeof req.body.user.email !== 'undefined') { user.email = req.body.user.email; } user = await UserService.updateUserById(user, req.payload.id); res.status(200).json({ user: user.toAuthJSON(), }); } catch (err) { return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message)); } }; module.exports.updateUserPassword = async (req, res, next) => { try { let user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (typeof req.body.user.password !== 'undefined') { const {salt, hash} = UserService.generateSaltHash(req.body.user.password); user.salt = salt; user.hash = hash; } user = await UserService.updateUserById(user, req.payload.id); res.status(200).json({ user: user.toAuthJSON(), }); } catch (err) { return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message)); } }; module.exports.updateUserRole = async (req, res, next) => { try { let user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (user.role !== 'Admin') { return next(new ErrorResponse("Forbidden", 403, "You are not allowed to change user roles.")); } if (typeof req.body.user.role !== 'undefined') { user.role = req.body.user.role; } user = await UserService.updateUserById(user, req.payload.id); res.status(200).json({ user: user.toAuthJSON(), }); } catch (err) { return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message)); } }; module.exports.updateUserUsername = async (req, res, next) => { try { let user = await UserService.getUserById(req.payload.id); if (!user) { return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource.")); } if (typeof req.body.user.username !== 'undefined') { user.username = req.body.user.username; } user = await UserService.updateUserById(user, req.payload.id); res.status(200).json({ user: user.toAuthJSON(), }); } catch (err) { return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message)); } };