219 lines
6.8 KiB
JavaScript
219 lines
6.8 KiB
JavaScript
import express from "express";
|
|
import { requireAdmin, requireAuthenticated } from "../middleware/authority.js";
|
|
import { needDatabase } from "../middleware/database.js";
|
|
import userModel from "../schemas/userModel.js";
|
|
import User from "../schemas/userModel.js";
|
|
const UserController = express.Router();
|
|
|
|
UserController.post("/login", needDatabase, async (req, res) => {
|
|
try {
|
|
const email = req.body.email;
|
|
const pwd = req.body.password;
|
|
const user = await User.credentialsExist(email, pwd);
|
|
if (!user) {
|
|
res.sendStatus(401);
|
|
return;
|
|
} else {
|
|
req.session.userId = user._id;
|
|
req.session.email = user.email;
|
|
user.password = undefined;
|
|
res.status(200).send(user);
|
|
}
|
|
} catch (error) {
|
|
if (error.name === "TypeError") {
|
|
res.status(400).send("Missing required user info.");
|
|
} else if (error.message === "Credentials do not exist.") {
|
|
res.status(401).send("Credentials do not exist.");
|
|
} else {
|
|
console.error(error);
|
|
if (process.env.NODE_ENV === "development") {
|
|
res.status(500).send(error.toString());
|
|
} else {
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
UserController.get("/logout", requireAuthenticated, (req, res) => {
|
|
req.session.destroy((err) => {
|
|
if (err) {
|
|
console.error(err);
|
|
if (process.env.NODE_ENV === "development") {
|
|
res.status(500).send(err.toString());
|
|
} else {
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
}
|
|
res.status(500).send("");
|
|
} else {
|
|
res.sendStatus(200);
|
|
}
|
|
});
|
|
});
|
|
|
|
UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
|
|
let user = null;
|
|
if (req.params.id) {
|
|
if (req.user.accessLevel > 2) {
|
|
user = await userModel.findById(req.params.id);
|
|
} else {
|
|
res.status(401).send("Unauthorized.");
|
|
return;
|
|
}
|
|
} else {
|
|
user = req.user;
|
|
}
|
|
user.password = undefined;
|
|
res.status(200).send(user);
|
|
});
|
|
|
|
|
|
UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
|
|
try {
|
|
let user = null;
|
|
if (req.params.id) {
|
|
if (req.user.accessLevel > 2) {
|
|
user = await userModel.findById(req.params.id);
|
|
} else {
|
|
res.status(401).send("Unauthorized.");
|
|
return;
|
|
}
|
|
} else {
|
|
user = req.user;
|
|
}
|
|
if (req.body._id) {
|
|
res.status(400).send("Cannot change user ID.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.createdMatches) {
|
|
res.status(400).send("Cannot directly change the list of created matches.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.password) {
|
|
res.status(400).send("Cannot directly change user password.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.participatingMatches) {
|
|
res.status(400).send("Cannot directly change the list of participating matches.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.joinDate) {
|
|
res.status(400).send("Cannot change the join date.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.accessLevel && req.user.accessLevel < 3) {
|
|
res.status(401).send("Unauthorized to change the access level of this user.");
|
|
return;
|
|
}
|
|
|
|
if (req.body.suspend && req.user.accessLevel < 3) {
|
|
res.status(401).send("Unauthorized to change the accounts disabled date. ");
|
|
return;
|
|
}
|
|
|
|
await user.updateOne(req.body);
|
|
res.status(200).send("Updated.");
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.status(500).send("Internal server error");
|
|
}
|
|
});
|
|
|
|
UserController.get("/all", requireAdmin, async (req, res) => {
|
|
try {
|
|
let all = await userModel.find();
|
|
res.status(200).send({ all: all });
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.status(500).send("Internal server error");
|
|
}
|
|
});
|
|
|
|
UserController.get("/all/active", requireAdmin, async (req, res) => {
|
|
try {
|
|
let active = await userModel.find().where("suspend").lt(Date.now());
|
|
res.status(200).send({ active: active });
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.status(500).send("Internal server error");
|
|
}
|
|
});
|
|
|
|
UserController.get("/all/suspended", requireAuthenticated, async (req, res) => {
|
|
try {
|
|
let suspended = await userModel.find().where("suspend").gte(Date.now());
|
|
res.status(200).send({ suspended: suspended });
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.status(500).send("Internal server error");
|
|
}
|
|
});
|
|
|
|
/* TODO: Implement middleware for removing users.
|
|
|
|
UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
|
|
let user = null;
|
|
if (req.params.id) {
|
|
if (req.user.accessLevel > 2) {
|
|
user = await userModel.findById(req.params.id);
|
|
} else {
|
|
res.status(401).send("Unauthorized.");
|
|
return;
|
|
}
|
|
} else {
|
|
user = req.user;
|
|
}
|
|
|
|
await user.deleteOne();
|
|
res.status(200).send("Deleted user.");
|
|
});
|
|
|
|
*/
|
|
|
|
UserController.post("/", needDatabase, async (req, res) => {
|
|
try {
|
|
const data = {
|
|
email: req.body.email,
|
|
firstName: req.body.firstName,
|
|
lastName: req.body.lastName,
|
|
phone: req.body.phone,
|
|
password: req.body.password,
|
|
};
|
|
|
|
let createdUser = new User(data);
|
|
await createdUser.save();
|
|
res.sendStatus(201);
|
|
return;
|
|
} catch (err) {
|
|
if (err.name === "TypeError" || err.name === "ValidationError") {
|
|
if (process.env.NODE_ENV === "development") {
|
|
console.error(err);
|
|
res.status(400).send(err.toString());
|
|
} else {
|
|
res.status(400).send("Missing required user info.");
|
|
}
|
|
} else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {
|
|
if (process.env.NODE_ENV === "development") {
|
|
console.error(err);
|
|
res.status(409).send(err.toString());
|
|
} else {
|
|
res.status(409).send("User already exists.");
|
|
}
|
|
} else {
|
|
console.error(err);
|
|
if (process.env.NODE_ENV === "development") {
|
|
res.status(500).send(err.toString());
|
|
} else {
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
}
|
|
}
|
|
}
|
|
});
|
|
|
|
export default UserController;
|