61cdec00e7
Replaces the broken fieldValidation helper (called next() without return, so execution continued on invalid input) with express-validator chains applied at the route level. Validation covers: email format, username constraints, password min length, field lengths, URL and phone formats. products and tags controllers retain their local fieldValidation pending a separate ecommerce validation pass.
34 lines
1.7 KiB
JavaScript
34 lines
1.7 KiB
JavaScript
const express = require('express');
|
|
const rateLimit = require('express-rate-limit');
|
|
const {
|
|
authenticate, createUser, getUser, loginAsUser,
|
|
updateUser, updateUserEmail, updateUserPassword, updateUserRole, updateUserUsername
|
|
} = require('../../../controllers/users.controller');
|
|
const auth = require('../../../middlewares/auth');
|
|
const validate = require('../../../middlewares/validate');
|
|
const { createUserRules, loginRules, updateUserRules, updateEmailRules, updateUsernameRules, updateRoleRules } = require('../../../middlewares/validators/users.validators');
|
|
|
|
const userRouter = express.Router();
|
|
|
|
const authLimiter = rateLimit({
|
|
windowMs: 15 * 60 * 1000,
|
|
max: 10,
|
|
standardHeaders: true,
|
|
legacyHeaders: false,
|
|
message: { errors: { 'rate limit': 'too many attempts, please try again later' } }
|
|
});
|
|
|
|
userRouter.get('/', auth.required, getUser);
|
|
userRouter.put('/', auth.required, updateUserRules, validate, updateUser);
|
|
userRouter.post('/', authLimiter, auth.optional, createUserRules, validate, createUser);
|
|
userRouter.get('/authenticate', auth.optional, authenticate);
|
|
userRouter.post('/login', authLimiter, auth.optional, loginRules, validate, loginAsUser);
|
|
//userRouter.post('/register', auth.optional, createUser);
|
|
//userRouter.get('/users', auth.required, getAllUsers);
|
|
userRouter.put('/update/email', auth.required, updateEmailRules, validate, updateUserEmail);
|
|
userRouter.put('/update/password', auth.required, updateUserPassword);
|
|
userRouter.put('/update/role', auth.required, updateRoleRules, validate, updateUserRole);
|
|
userRouter.put('/update/username', auth.required, updateUsernameRules, validate, updateUserUsername);
|
|
|
|
module.exports = userRouter;
|