Files
adastra_api/src/routes/api/cms/users.routes.js
T
julien 61cdec00e7 feat(validation): introduce express-validator on CMS user and article endpoints
Replaces the broken fieldValidation helper (called next() without return,
so execution continued on invalid input) with express-validator chains
applied at the route level. Validation covers: email format, username
constraints, password min length, field lengths, URL and phone formats.
products and tags controllers retain their local fieldValidation pending
a separate ecommerce validation pass.
2026-04-26 22:06:28 +02:00

34 lines
1.7 KiB
JavaScript

const express = require('express');
const rateLimit = require('express-rate-limit');
const {
authenticate, createUser, getUser, loginAsUser,
updateUser, updateUserEmail, updateUserPassword, updateUserRole, updateUserUsername
} = require('../../../controllers/users.controller');
const auth = require('../../../middlewares/auth');
const validate = require('../../../middlewares/validate');
const { createUserRules, loginRules, updateUserRules, updateEmailRules, updateUsernameRules, updateRoleRules } = require('../../../middlewares/validators/users.validators');
const userRouter = express.Router();
const authLimiter = rateLimit({
windowMs: 15 * 60 * 1000,
max: 10,
standardHeaders: true,
legacyHeaders: false,
message: { errors: { 'rate limit': 'too many attempts, please try again later' } }
});
userRouter.get('/', auth.required, getUser);
userRouter.put('/', auth.required, updateUserRules, validate, updateUser);
userRouter.post('/', authLimiter, auth.optional, createUserRules, validate, createUser);
userRouter.get('/authenticate', auth.optional, authenticate);
userRouter.post('/login', authLimiter, auth.optional, loginRules, validate, loginAsUser);
//userRouter.post('/register', auth.optional, createUser);
//userRouter.get('/users', auth.required, getAllUsers);
userRouter.put('/update/email', auth.required, updateEmailRules, validate, updateUserEmail);
userRouter.put('/update/password', auth.required, updateUserPassword);
userRouter.put('/update/role', auth.required, updateRoleRules, validate, updateUserRole);
userRouter.put('/update/username', auth.required, updateUsernameRules, validate, updateUserUsername);
module.exports = userRouter;