Files
adastra_api/src/controllers/users.controller.js
T
julien 96da68e18e chore(deps): upgrade to Express 5 and remove redundant middleware
- Express 4 → 5.2.1
- Remove method-override (unused with Angular HttpClient) and errorhandler (superseded by exceptions.handler.js)
- Remove asyncHandler wrapper from all controllers — Express 5 propagates async rejections natively
- Remove body-parser (redundant, Express 5 includes it internally)
- Patch/minor updates: cors, dotenv, ejs, express-jwt, express-session, jsonwebtoken, morgan, mysql2, sequelize, underscore
- Dev updates: eslint 9.0→9.39, nodemon 2→3, globals, sequelize-cli
- Fix getUser endpoint to include SkydiverProfile data in response
- docs: add ADR 0013, update README
2026-05-01 20:42:39 +02:00

234 lines
8.6 KiB
JavaScript

const { UserService, SkydiverProfileService } = require('../services');
const ErrorResponse = require("../utils/errorResponse");
var crypto = require('crypto');
const passport = require('passport');
module.exports.authenticate = async (req, res, next) => {
try {
passport.authenticate('headerapikey', { session: false }, function (err, application, info) {
if (err) {
//return res.status(err.status || 500).json({message: "An authentication error occured.", err: err.message});
return next(new ErrorResponse('Something went wrong while authenticating.', err.status || 500, err.message));
}
if (!application) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (application.author) {
application.author.token = application.author.generateJWT();
return res.json({
user: application.author.toAuthJSON(),
application: application.toAuthJSON()
});
} else {
return res.status(422).json(info);
}
})(req, res, next);
} catch (err) {
//res.status(500).json({ message: 'Something went wrong while authenticating.', error: err.message });
return next(new ErrorResponse('Something went wrong while authenticating.', 500, err.message));
}
};
module.exports.createUser = async (req, res, next) => {
try {
const { username, firstname, lastname, phone, email, password } = req.body.user;
const userSlug = UserService.slugify(username);
const slugInDB = await UserService.isUsernameUsed(userSlug);
if (slugInDB) {
return next(new ErrorResponse("Username already exists", 400));
}
const uuid = crypto.randomUUID()
const user = await UserService.createUser({
id: uuid,
username,
firstname,
lastname,
phone,
email,
password
});
res.status(201).json({
message: 'User created successfully.',
data: user,
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while creating user.', 500, err.message));
}
};
module.exports.getAllUsers = async (req, res, next) => {
try {
const users = await UserService.getAllUsers();
res.status(200).json({
data: users,
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message));
}
};
module.exports.getUser = async (req, res, next) => {
try {
const user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "Authentication required."));
}
const profile = await SkydiverProfileService.getByUserId(req.payload.id);
res.status(200).json({
user: {
...user.toAuthJSON(),
...(profile ? profile.toJSONFor() : { poids: null, licence: null, bg_image: null }),
}
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message));
}
};
module.exports.loginAsUser = async (req, res, next) => {
try {
passport.authenticate('local', { session: false }, function (err, user, info) {
if (err) {
return next(err);
}
if (user) {
user.token = user.generateJWT();
return res.json({ user: user.toAuthJSON() });
} else {
return res.status(422).json(info);
}
})(req, res, next);
} catch (err) {
return next(new ErrorResponse('Something went wrong while processing login.', 500, err.message));
}
};
module.exports.updateUser = async (req, res, next) => {
try {
let user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (typeof req.body.user.firstname !== 'undefined') {
user.firstname = req.body.user.firstname;
}
if (typeof req.body.user.lastname !== 'undefined') {
user.lastname = req.body.user.lastname;
}
if (typeof req.body.user.phone !== 'undefined') {
user.phone = req.body.user.phone;
}
if (typeof req.body.user.image !== 'undefined') {
user.image = req.body.user.image;
}
if (typeof req.body.user.role !== 'undefined') {
return next(new ErrorResponse("Forbidden", 403, "A suspected attempt to usurp rights has been detected. The suspicious activity has been reported and xill be investigated."));
}
const updatedUser = await UserService.updateUserById(user, req.payload.id);
const skydiverFields = {};
if (typeof req.body.user.licence !== 'undefined') skydiverFields.licence = req.body.user.licence;
if (typeof req.body.user.poids !== 'undefined') skydiverFields.poids = req.body.user.poids;
if (typeof req.body.user.bg_image !== 'undefined') skydiverFields.bg_image = req.body.user.bg_image;
if (Object.keys(skydiverFields).length > 0) {
await SkydiverProfileService.upsert(req.payload.id, skydiverFields);
}
res.status(200).json({
user: updatedUser.toAuthJSON()
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
}
};
module.exports.updateUserEmail = async (req, res, next) => {
try {
let user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (typeof req.body.user.email !== 'undefined') {
user.email = req.body.user.email;
}
user = await UserService.updateUserById(user, req.payload.id);
res.status(200).json({
user: user.toAuthJSON(),
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
}
};
module.exports.updateUserPassword = async (req, res, next) => {
try {
let user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (typeof req.body.user.password !== 'undefined') {
const {salt, hash} = UserService.generateSaltHash(req.body.user.password);
user.salt = salt;
user.hash = hash;
}
user = await UserService.updateUserById(user, req.payload.id);
res.status(200).json({
user: user.toAuthJSON(),
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
}
};
module.exports.updateUserRole = async (req, res, next) => {
try {
let user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (user.role !== 'Admin') {
return next(new ErrorResponse("Forbidden", 403, "You are not allowed to change user roles."));
}
if (typeof req.body.user.role !== 'undefined') {
user.role = req.body.user.role;
}
user = await UserService.updateUserById(user, req.payload.id);
res.status(200).json({
user: user.toAuthJSON(),
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
}
};
module.exports.updateUserUsername = async (req, res, next) => {
try {
let user = await UserService.getUserById(req.payload.id);
if (!user) {
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
}
if (typeof req.body.user.username !== 'undefined') {
user.username = req.body.user.username;
}
user = await UserService.updateUserById(user, req.payload.id);
res.status(200).json({
user: user.toAuthJSON(),
});
} catch (err) {
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
}
};