96da68e18e
- Express 4 → 5.2.1 - Remove method-override (unused with Angular HttpClient) and errorhandler (superseded by exceptions.handler.js) - Remove asyncHandler wrapper from all controllers — Express 5 propagates async rejections natively - Remove body-parser (redundant, Express 5 includes it internally) - Patch/minor updates: cors, dotenv, ejs, express-jwt, express-session, jsonwebtoken, morgan, mysql2, sequelize, underscore - Dev updates: eslint 9.0→9.39, nodemon 2→3, globals, sequelize-cli - Fix getUser endpoint to include SkydiverProfile data in response - docs: add ADR 0013, update README
234 lines
8.6 KiB
JavaScript
234 lines
8.6 KiB
JavaScript
const { UserService, SkydiverProfileService } = require('../services');
|
|
const ErrorResponse = require("../utils/errorResponse");
|
|
var crypto = require('crypto');
|
|
const passport = require('passport');
|
|
|
|
module.exports.authenticate = async (req, res, next) => {
|
|
try {
|
|
passport.authenticate('headerapikey', { session: false }, function (err, application, info) {
|
|
if (err) {
|
|
//return res.status(err.status || 500).json({message: "An authentication error occured.", err: err.message});
|
|
return next(new ErrorResponse('Something went wrong while authenticating.', err.status || 500, err.message));
|
|
}
|
|
if (!application) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
if (application.author) {
|
|
application.author.token = application.author.generateJWT();
|
|
return res.json({
|
|
user: application.author.toAuthJSON(),
|
|
application: application.toAuthJSON()
|
|
});
|
|
} else {
|
|
return res.status(422).json(info);
|
|
}
|
|
})(req, res, next);
|
|
} catch (err) {
|
|
//res.status(500).json({ message: 'Something went wrong while authenticating.', error: err.message });
|
|
return next(new ErrorResponse('Something went wrong while authenticating.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.createUser = async (req, res, next) => {
|
|
try {
|
|
const { username, firstname, lastname, phone, email, password } = req.body.user;
|
|
const userSlug = UserService.slugify(username);
|
|
const slugInDB = await UserService.isUsernameUsed(userSlug);
|
|
if (slugInDB) {
|
|
return next(new ErrorResponse("Username already exists", 400));
|
|
}
|
|
|
|
const uuid = crypto.randomUUID()
|
|
const user = await UserService.createUser({
|
|
id: uuid,
|
|
username,
|
|
firstname,
|
|
lastname,
|
|
phone,
|
|
email,
|
|
password
|
|
});
|
|
|
|
res.status(201).json({
|
|
message: 'User created successfully.',
|
|
data: user,
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while creating user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.getAllUsers = async (req, res, next) => {
|
|
try {
|
|
const users = await UserService.getAllUsers();
|
|
|
|
res.status(200).json({
|
|
data: users,
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.getUser = async (req, res, next) => {
|
|
try {
|
|
const user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "Authentication required."));
|
|
}
|
|
|
|
const profile = await SkydiverProfileService.getByUserId(req.payload.id);
|
|
|
|
res.status(200).json({
|
|
user: {
|
|
...user.toAuthJSON(),
|
|
...(profile ? profile.toJSONFor() : { poids: null, licence: null, bg_image: null }),
|
|
}
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while fetching user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.loginAsUser = async (req, res, next) => {
|
|
try {
|
|
passport.authenticate('local', { session: false }, function (err, user, info) {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
if (user) {
|
|
user.token = user.generateJWT();
|
|
return res.json({ user: user.toAuthJSON() });
|
|
} else {
|
|
return res.status(422).json(info);
|
|
}
|
|
})(req, res, next);
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while processing login.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.updateUser = async (req, res, next) => {
|
|
try {
|
|
let user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
if (typeof req.body.user.firstname !== 'undefined') {
|
|
user.firstname = req.body.user.firstname;
|
|
}
|
|
if (typeof req.body.user.lastname !== 'undefined') {
|
|
user.lastname = req.body.user.lastname;
|
|
}
|
|
if (typeof req.body.user.phone !== 'undefined') {
|
|
user.phone = req.body.user.phone;
|
|
}
|
|
if (typeof req.body.user.image !== 'undefined') {
|
|
user.image = req.body.user.image;
|
|
}
|
|
if (typeof req.body.user.role !== 'undefined') {
|
|
return next(new ErrorResponse("Forbidden", 403, "A suspected attempt to usurp rights has been detected. The suspicious activity has been reported and xill be investigated."));
|
|
}
|
|
|
|
const updatedUser = await UserService.updateUserById(user, req.payload.id);
|
|
|
|
const skydiverFields = {};
|
|
if (typeof req.body.user.licence !== 'undefined') skydiverFields.licence = req.body.user.licence;
|
|
if (typeof req.body.user.poids !== 'undefined') skydiverFields.poids = req.body.user.poids;
|
|
if (typeof req.body.user.bg_image !== 'undefined') skydiverFields.bg_image = req.body.user.bg_image;
|
|
if (Object.keys(skydiverFields).length > 0) {
|
|
await SkydiverProfileService.upsert(req.payload.id, skydiverFields);
|
|
}
|
|
|
|
res.status(200).json({
|
|
user: updatedUser.toAuthJSON()
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.updateUserEmail = async (req, res, next) => {
|
|
try {
|
|
let user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
|
|
if (typeof req.body.user.email !== 'undefined') {
|
|
user.email = req.body.user.email;
|
|
}
|
|
|
|
user = await UserService.updateUserById(user, req.payload.id);
|
|
res.status(200).json({
|
|
user: user.toAuthJSON(),
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.updateUserPassword = async (req, res, next) => {
|
|
try {
|
|
let user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
if (typeof req.body.user.password !== 'undefined') {
|
|
const {salt, hash} = UserService.generateSaltHash(req.body.user.password);
|
|
user.salt = salt;
|
|
user.hash = hash;
|
|
}
|
|
user = await UserService.updateUserById(user, req.payload.id);
|
|
res.status(200).json({
|
|
user: user.toAuthJSON(),
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.updateUserRole = async (req, res, next) => {
|
|
try {
|
|
let user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
if (user.role !== 'Admin') {
|
|
return next(new ErrorResponse("Forbidden", 403, "You are not allowed to change user roles."));
|
|
}
|
|
|
|
if (typeof req.body.user.role !== 'undefined') {
|
|
user.role = req.body.user.role;
|
|
}
|
|
|
|
user = await UserService.updateUserById(user, req.payload.id);
|
|
res.status(200).json({
|
|
user: user.toAuthJSON(),
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
|
|
}
|
|
};
|
|
|
|
module.exports.updateUserUsername = async (req, res, next) => {
|
|
try {
|
|
let user = await UserService.getUserById(req.payload.id);
|
|
if (!user) {
|
|
return next(new ErrorResponse("Unauthorized", 401, "You are not allowed to access this resource."));
|
|
}
|
|
|
|
if (typeof req.body.user.username !== 'undefined') {
|
|
user.username = req.body.user.username;
|
|
}
|
|
|
|
user = await UserService.updateUserById(user, req.payload.id);
|
|
res.status(200).json({
|
|
user: user.toAuthJSON(),
|
|
});
|
|
} catch (err) {
|
|
return next(new ErrorResponse('Something went wrong while updating user.', 500, err.message));
|
|
}
|
|
};
|
|
|