ydeng/csc309-team58
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
88c0de660e
csc309-team58/sports-matcher/server/controllers/userController.js

219 lines
6.8 KiB
JavaScript
Raw Normal View History

Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
import express from "express";
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
import { requireAdmin, requireAuthenticated } from "../middleware/authority.js";
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
import { needDatabase } from "../middleware/database.js";
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
import userModel from "../schemas/userModel.js";
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
import User from "../schemas/userModel.js";
const UserController = express.Router();
UserController.post("/login", needDatabase, async (req, res) => {
try {
const email = req.body.email;
const pwd = req.body.password;
const user = await User.credentialsExist(email, pwd);
if (!user) {
res.sendStatus(401);
return;
} else {
req.session.userId = user._id;
req.session.email = user.email;
Login endpoint now returns the user profile.
2022-04-07 03:53:20 +00:00
user.password = undefined;
res.status(200).send(user);
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
}
} catch (error) {
if (error.name === "TypeError") {
res.status(400).send("Missing required user info.");
} else if (error.message === "Credentials do not exist.") {
res.status(401).send("Credentials do not exist.");
} else {
console.error(error);
if (process.env.NODE_ENV === "development") {
res.status(500).send(error.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
}
}
});
Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function.
2022-04-05 16:50:35 +00:00
UserController.get("/logout", requireAuthenticated, (req, res) => {
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
req.session.destroy((err) => {
if (err) {
console.error(err);
if (process.env.NODE_ENV === "development") {
res.status(500).send(err.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
res.status(500).send("");
} else {
res.sendStatus(200);
}
});
});
Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function.
2022-04-05 16:50:35 +00:00
UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {
user = await userModel.findById(req.params.id);
} else {
res.status(401).send("Unauthorized.");
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
} else {
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
user = req.user;
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
}
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
user.password = undefined;
res.status(200).send(user);
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
});
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function.
2022-04-05 16:50:35 +00:00
UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
try {
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {
user = await userModel.findById(req.params.id);
} else {
res.status(401).send("Unauthorized.");
return;
}
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
} else {
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
user = req.user;
}
if (req.body._id) {
res.status(400).send("Cannot change user ID.");
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
if (req.body.createdMatches) {
res.status(400).send("Cannot directly change the list of created matches.");
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
if (req.body.password) {
res.status(400).send("Cannot directly change user password.");
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
if (req.body.participatingMatches) {
res.status(400).send("Cannot directly change the list of participating matches.");
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
if (req.body.joinDate) {
res.status(400).send("Cannot change the join date.");
return;
}
if (req.body.accessLevel && req.user.accessLevel < 3) {
res.status(401).send("Unauthorized to change the access level of this user.");
return;
}
if (req.body.suspend && req.user.accessLevel < 3) {
res.status(401).send("Unauthorized to change the accounts disabled date. ");
return;
}
await user.updateOne(req.body);
res.status(200).send("Updated.");
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
}
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
});
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
Fixed date issue with models.
2022-04-08 01:23:32 +00:00
UserController.get("/all", requireAdmin, async (req, res) => {
try {
let all = await userModel.find();
res.status(200).send({ all: all });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
}
});
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
UserController.get("/all/active", requireAdmin, async (req, res) => {
try {
Fixed date issue with models.
2022-04-08 01:23:32 +00:00
let active = await userModel.find().where("suspend").lt(Date.now());
res.status(200).send({ active: active });
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
}
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
});
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
UserController.get("/all/suspended", requireAuthenticated, async (req, res) => {
try {
Fixed date issue with models.
2022-04-08 01:23:32 +00:00
let suspended = await userModel.find().where("suspend").gte(Date.now());
res.status(200).send({ suspended: suspended });
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
});
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
/* TODO: Implement middleware for removing users.
Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function.
2022-04-05 16:50:35 +00:00
UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {
user = await userModel.findById(req.params.id);
} else {
res.status(401).send("Unauthorized.");
return;
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
} else {
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
user = req.user;
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
}
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
await user.deleteOne();
res.status(200).send("Deleted user.");
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
});
Added U and D endpoints.
2022-04-05 03:50:26 +00:00
*/
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
UserController.post("/", needDatabase, async (req, res) => {
try {
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
const data = {
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
email: req.body.email,
firstName: req.body.firstName,
lastName: req.body.lastName,
phone: req.body.phone,
password: req.body.password,
Added suspension mechanism.
2022-04-07 22:56:04 +00:00
};
let createdUser = new User(data);
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD.
2022-04-05 01:15:43 +00:00
await createdUser.save();
res.sendStatus(201);
return;
} catch (err) {
if (err.name === "TypeError" || err.name === "ValidationError") {
if (process.env.NODE_ENV === "development") {
console.error(err);
res.status(400).send(err.toString());
} else {
res.status(400).send("Missing required user info.");
}
} else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {
if (process.env.NODE_ENV === "development") {
console.error(err);
res.status(409).send(err.toString());
} else {
res.status(409).send("User already exists.");
}
} else {
console.error(err);
if (process.env.NODE_ENV === "development") {
res.status(500).send(err.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
}
}
});
export default UserController;
Reference in New Issue Copy Permalink