Added U and D endpoints.

sports-matcher/server/controllers/userController.js

@@ -1,6 +1,7 @@
 import express from "express";
 import { authenticationGuard } from "../middleware/authority.js";
 import { needDatabase } from "../middleware/database.js";
+import userModel from "../schemas/userModel.js";
 import User from "../schemas/userModel.js";
 const UserController = express.Router();
 
@@ -49,84 +50,88 @@ UserController.get("/logout", authenticationGuard, (req, res) => {
     });
 });
 
-UserController.get("/email/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (selUser.email.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ email: selUser.email });
+UserController.get("/:id?", needDatabase, authenticationGuard, async (req, res) => {
+    let user = null;
+    if (req.params.id) {
+        if (req.user.accessLevel > 2) {
+            user = await userModel.findById(req.params.id);
+        } else {
+            res.status(401).send("Unauthorized.");
+            return;
+        }
     } else {
-        res.status(401).send("Could not authenticate request.");
+        user = req.user;
     }
+    user.password = undefined;
+    res.status(200).send(user);
 });
 
-UserController.get("/firstName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (selUser.firstName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ firstName: selUser.firstName });
+UserController.patch("/:id?", needDatabase, authenticationGuard, async (req, res) => {
+    let user = null;
+    if (req.params.id) {
+        if (req.user.accessLevel > 2) {
+            user = await userModel.findById(req.params.id);
+        } else {
+            res.status(401).send("Unauthorized.");
+            return;
+        }
     } else {
-        res.status(401).send("Could not authenticate request.");
+        user = req.user;
     }
+    if (req.body._id) {
+        res.status(400).send("Cannot change user ID.");
+        return;
+    }
+
+    if (req.body.createdMatches) {
+        res.status(400).send("Cannot directly change the list of created matches.");
+        return;
+    }
+
+    if (req.body.password) {
+        res.status(400).send("Cannot directly change user password.");
+        return;
+    }
+
+    if (req.body.participatingMatches) {
+        res.status(400).send("Cannot directly change the list of participating matches.");
+        return;
+    }
+
+    if (req.body.joinDate) {
+        res.status(400).send("Cannot change the join date.");
+        return;
+    }
+
+    if (req.body.accessLevel && req.user.accessLevel < 3) {
+        res.status(401).send("Unauthorized to change the access level of this user.");
+        return;
+    }
+
+    await user.updateOne(req.body);
+    res.status(200).send("Updated.");
 });
 
-UserController.get("/lastName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (selUser.lastName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ email: selUser.lastName });
+/* TODO: Implement middleware for removing users.
+
+UserController.delete("/:id?", needDatabase, authenticationGuard, async (req, res) => {
+    let user = null;
+    if (req.params.id) {
+        if (req.user.accessLevel > 2) {
+            user = await userModel.findById(req.params.id);
+        } else {
+            res.status(401).send("Unauthorized.");
+            return;
+        }
     } else {
-        res.status(401).send("Could not authenticate request.");
+        user = req.user;
     }
+
+    await user.deleteOne();
+    res.status(200).send("Deleted user.");
 });
 
-UserController.get("/phone/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (selUser.phone.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ phone: selUser.phone });
-    } else {
-        res.status(401).send("Could not authenticate request.");
-    }
-});
-
-UserController.get("/participatingMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (selUser.participatingMatches.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ participatingMatches: selUser.participatingMatches });
-    } else {
-        res.status(401).send("Could not authenticate request.");
-    }
-});
-
-UserController.get("/joinDate/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ joinDate: selUser.joinDate });
-    } else {
-        res.status(401).send("Could not authenticate request.");
-    }
-});
-
-UserController.get("/createdMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
-    if (!req.params.userId) req.params.userId = req.session.userId;
-    const curUser = await User.findById(req.session.userId);
-    const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
-    if (curUser._id === selUser._id || curUser.accessLevel > 2) {
-        res.status(200).send({ createdMatches: selUser.createdMatches });
-    } else {
-        res.status(401).send("Could not authenticate request.");
-    }
-});
-
-// TODO: Finish update requests using put.
+*/
 
 UserController.post("/", needDatabase, async (req, res) => {
     try {