csc309-team58/sports-matcher/server/controllers/userController.js

import express from "express";
import validator from "validator";
import { requireAdmin, requireAuthenticated } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js";
import userModel from "../schemas/userModel.js";
import User from "../schemas/userModel.js";
const UserController = express.Router();

UserController.post("/login", needDatabase, async (req, res) => {
    try {
        const email = req.body.email;
        const pwd = req.body.password;
        const user = await User.credentialsExist(email, pwd);
        if (!user) {
            res.sendStatus(401);
            return;
        } else {
            req.session.userId = user._id;
            req.session.email = user.email;
            user.password = undefined;
            res.status(200).send(user);
        }
    } catch (error) {
        if (error.name === "TypeError") {
            res.status(400).send("Missing required user info.");
        } else if (error.message === "Credentials do not exist.") {
            res.status(401).send("Credentials do not exist.");
        } else {
            console.error(error);
            if (process.env.NODE_ENV === "development") {
                res.status(500).send(error.toString());
            } else {
                res.status(500).send("Internal server error. This issue has been noted.");
            }
        }
    }
});

UserController.get("/logout", requireAuthenticated, (req, res) => {
    req.session.destroy((err) => {
        if (err) {
            console.error(err);
            if (process.env.NODE_ENV === "development") {
                res.status(500).send(err.toString());
            } else {
                res.status(500).send("Internal server error. This issue has been noted.");
            }
            res.status(500).send("");
        } else {
            res.sendStatus(200);
        }
    });
});

UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
    let user = null;
    if (req.params.id) {
        if (req.user.accessLevel > 2) {
            user = await userModel.findById(req.params.id);
        } else {
            res.status(401).send("Unauthorized.");
            return;
        }
    } else {
        user = req.user;
    }
    user.password = undefined;
    res.status(200).send(user);
});


UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
    try {
        let user = null;
        if (req.params.id) {
            if (req.user.accessLevel > 2) {
                user = await userModel.findById(req.params.id);
            } else {
                res.status(401).send("Unauthorized.");
                return;
            }
        } else {
            user = req.user;
        }
        if (req.body._id) {
            res.status(400).send("Cannot change user ID.");
            return;
        }

        if (req.body.createdMatches) {
            res.status(400).send("Cannot directly change the list of created matches.");
            return;
        }

        if (req.body.password) {
            res.status(400).send("Cannot directly change user password.");
            return;
        }

        if (req.body.participatingMatches) {
            res.status(400).send("Cannot directly change the list of participating matches.");
            return;
        }

        if (req.body.joinDate) {
            res.status(400).send("Cannot change the join date.");
            return;
        }

        if (req.body.accessLevel && req.user.accessLevel < 3) {
            res.status(401).send("Unauthorized to change the access level of this user.");
            return;
        }

        if (req.body.suspend && req.user.accessLevel < 3) {
            res.status(401).send("Unauthorized to change the accounts disabled date. ");
            return;
        }

        await user.updateOne(req.body);
        res.status(200).send("Updated.");
    } catch (error) {
        console.error(error);
        res.status(500).send("Internal server error");
    }
});

UserController.get("/all/active", requireAdmin, async (req, res) => {
    try {
        if (req.user.accessLevel < 3) {
            res.status(401).send("You do not have the required privileges.");
            return;
        }
        let res = await userModel.find().where("suspend").lt(Date.now);
        res.status(200).send({ all: res });
    } catch (error) {
        console.error(error);
        res.status(500).send("Internal server error");
    }
});

UserController.get("/all/suspended", requireAuthenticated, async (req, res) => {
    try {
        let res = await userModel.find().where("suspend").gte(Date.now);
        res.status(200).send({ suspended: res });
    } catch (error) {
        console.error(error);
        res.status(500).send("Internal server error");
    }
});

/* TODO: Implement middleware for removing users.

UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
    let user = null;
    if (req.params.id) {
        if (req.user.accessLevel > 2) {
            user = await userModel.findById(req.params.id);
        } else {
            res.status(401).send("Unauthorized.");
            return;
        }
    } else {
        user = req.user;
    }

    await user.deleteOne();
    res.status(200).send("Deleted user.");
});

*/

UserController.post("/", needDatabase, async (req, res) => {
    try {
        const data = {
            email: req.body.email,
            firstName: req.body.firstName,
            lastName: req.body.lastName,
            phone: req.body.phone,
            password: req.body.password,
        };

        let createdUser = new User(data);
        await createdUser.save();
        res.sendStatus(201);
        return;
    } catch (err) {
        if (err.name === "TypeError" || err.name === "ValidationError") {
            if (process.env.NODE_ENV === "development") {
                console.error(err);
                res.status(400).send(err.toString());
            } else {
                res.status(400).send("Missing required user info.");
            }
        } else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {
            if (process.env.NODE_ENV === "development") {
                console.error(err);
                res.status(409).send(err.toString());
            } else {
                res.status(409).send("User already exists.");
            }
        } else {
            console.error(err);
            if (process.env.NODE_ENV === "development") {
                res.status(500).send(err.toString());
            } else {
                res.status(500).send("Internal server error. This issue has been noted.");
            }
        }
    }
});

export default UserController;
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`import express from "express";`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`import validator from "validator";`
			`import { requireAdmin, requireAuthenticated } from "../middleware/authority.js";`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`import { needDatabase } from "../middleware/database.js";`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`import userModel from "../schemas/userModel.js";`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`import User from "../schemas/userModel.js";`
			`const UserController = express.Router();`

			`UserController.post("/login", needDatabase, async (req, res) => {`
			`try {`
			`const email = req.body.email;`
			`const pwd = req.body.password;`
			`const user = await User.credentialsExist(email, pwd);`
			`if (!user) {`
			`res.sendStatus(401);`
			`return;`
			`} else {`
			`req.session.userId = user._id;`
			`req.session.email = user.email;`
Login endpoint now returns the user profile. 2022-04-07 03:53:20 +00:00			`user.password = undefined;`
			`res.status(200).send(user);`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`}`
			`} catch (error) {`
			`if (error.name === "TypeError") {`
			`res.status(400).send("Missing required user info.");`
			`} else if (error.message === "Credentials do not exist.") {`
			`res.status(401).send("Credentials do not exist.");`
			`} else {`
			`console.error(error);`
			`if (process.env.NODE_ENV === "development") {`
			`res.status(500).send(error.toString());`
			`} else {`
			`res.status(500).send("Internal server error. This issue has been noted.");`
			`}`
			`}`
			`}`
			`});`

Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function. 2022-04-05 16:50:35 +00:00			`UserController.get("/logout", requireAuthenticated, (req, res) => {`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`req.session.destroy((err) => {`
			`if (err) {`
			`console.error(err);`
			`if (process.env.NODE_ENV === "development") {`
			`res.status(500).send(err.toString());`
			`} else {`
			`res.status(500).send("Internal server error. This issue has been noted.");`
			`}`
			`res.status(500).send("");`
			`} else {`
			`res.sendStatus(200);`
			`}`
			`});`
			`});`

Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function. 2022-04-05 16:50:35 +00:00			`UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res) => {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`let user = null;`
			`if (req.params.id) {`
			`if (req.user.accessLevel > 2) {`
			`user = await userModel.findById(req.params.id);`
			`} else {`
			`res.status(401).send("Unauthorized.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`} else {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`user = req.user;`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`}`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`user.password = undefined;`
			`res.status(200).send(user);`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`});`

Added suspension mechanism. 2022-04-07 22:56:04 +00:00
Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function. 2022-04-05 16:50:35 +00:00			`UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`try {`
			`let user = null;`
			`if (req.params.id) {`
			`if (req.user.accessLevel > 2) {`
			`user = await userModel.findById(req.params.id);`
			`} else {`
			`res.status(401).send("Unauthorized.");`
			`return;`
			`}`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`} else {`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`user = req.user;`
			`}`
			`if (req.body._id) {`
			`res.status(400).send("Cannot change user ID.");`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`if (req.body.createdMatches) {`
			`res.status(400).send("Cannot directly change the list of created matches.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`if (req.body.password) {`
			`res.status(400).send("Cannot directly change user password.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`if (req.body.participatingMatches) {`
			`res.status(400).send("Cannot directly change the list of participating matches.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`if (req.body.joinDate) {`
			`res.status(400).send("Cannot change the join date.");`
			`return;`
			`}`

			`if (req.body.accessLevel && req.user.accessLevel < 3) {`
			`res.status(401).send("Unauthorized to change the access level of this user.");`
			`return;`
			`}`

			`if (req.body.suspend && req.user.accessLevel < 3) {`
			`res.status(401).send("Unauthorized to change the accounts disabled date. ");`
			`return;`
			`}`

			`await user.updateOne(req.body);`
			`res.status(200).send("Updated.");`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).send("Internal server error");`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`}`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`});`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`UserController.get("/all/active", requireAdmin, async (req, res) => {`
			`try {`
			`if (req.user.accessLevel < 3) {`
			`res.status(401).send("You do not have the required privileges.");`
			`return;`
			`}`
			`let res = await userModel.find().where("suspend").lt(Date.now);`
			`res.status(200).send({ all: res });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).send("Internal server error");`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`}`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`});`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`UserController.get("/all/suspended", requireAuthenticated, async (req, res) => {`
			`try {`
			`let res = await userModel.find().where("suspend").gte(Date.now);`
			`res.status(200).send({ suspended: res });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).send("Internal server error");`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`});`

Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`/* TODO: Implement middleware for removing users.`

Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function. 2022-04-05 16:50:35 +00:00			`UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, res) => {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`let user = null;`
			`if (req.params.id) {`
			`if (req.user.accessLevel > 2) {`
			`user = await userModel.findById(req.params.id);`
			`} else {`
			`res.status(401).send("Unauthorized.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`} else {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`user = req.user;`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`}`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00
			`await user.deleteOne();`
			`res.status(200).send("Deleted user.");`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`});`

Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`*/`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00
			`UserController.post("/", needDatabase, async (req, res) => {`
			`try {`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`const data = {`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`email: req.body.email,`
			`firstName: req.body.firstName,`
			`lastName: req.body.lastName,`
			`phone: req.body.phone,`
			`password: req.body.password,`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`};`

			`let createdUser = new User(data);`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`await createdUser.save();`
			`res.sendStatus(201);`
			`return;`
			`} catch (err) {`
			`if (err.name === "TypeError" \|\| err.name === "ValidationError") {`
			`if (process.env.NODE_ENV === "development") {`
			`console.error(err);`
			`res.status(400).send(err.toString());`
			`} else {`
			`res.status(400).send("Missing required user info.");`
			`}`
			`} else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {`
			`if (process.env.NODE_ENV === "development") {`
			`console.error(err);`
			`res.status(409).send(err.toString());`
			`} else {`
			`res.status(409).send("User already exists.");`
			`}`
			`} else {`
			`console.error(err);`
			`if (process.env.NODE_ENV === "development") {`
			`res.status(500).send(err.toString());`
			`} else {`
			`res.status(500).send("Internal server error. This issue has been noted.");`
			`}`
			`}`
			`}`
			`});`

			`export default UserController;`