2022-04-01 10:36:10 +00:00
|
|
|
import express from "express";
|
2022-04-01 15:27:58 +00:00
|
|
|
import { authenticationGuard } from "../middleware/authority.js";
|
|
|
|
import { needDatabase } from "../middleware/database.js";
|
|
|
|
import User from "../schemas/userModel.js";
|
2022-04-01 10:36:10 +00:00
|
|
|
const UserController = express.Router();
|
|
|
|
|
|
|
|
UserController.post("/login", needDatabase, async (req, res) => {
|
|
|
|
try {
|
|
|
|
const email = req.body.email;
|
|
|
|
const pwd = req.body.password;
|
|
|
|
const user = await User.credentialsExist(email, pwd);
|
|
|
|
if (!user) {
|
|
|
|
res.sendStatus(401);
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
req.session.userId = user._id;
|
2022-04-01 15:27:58 +00:00
|
|
|
req.session.email = user.email;
|
2022-04-01 10:36:10 +00:00
|
|
|
res.status(200).send("Authenticated.");
|
|
|
|
}
|
|
|
|
} catch (error) {
|
|
|
|
if (error.name === "TypeError") {
|
|
|
|
res.status(400).send("Missing required user info.");
|
|
|
|
} else if (error.message === "Credentials do not exist.") {
|
|
|
|
res.status(401).send("Credentials do not exist.");
|
|
|
|
} else {
|
|
|
|
console.error(error);
|
|
|
|
if (process.env.NODE_ENV === "development") {
|
|
|
|
res.status(500).send(error.toString());
|
|
|
|
} else {
|
|
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/logout", authenticationGuard, (req, res) => {
|
|
|
|
req.session.destroy((err) => {
|
|
|
|
if (err) {
|
|
|
|
console.error(err);
|
|
|
|
if (process.env.NODE_ENV === "development") {
|
|
|
|
res.status(500).send(err.toString());
|
|
|
|
} else {
|
|
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
|
|
}
|
|
|
|
res.status(500).send("");
|
|
|
|
} else {
|
|
|
|
res.sendStatus(200);
|
|
|
|
}
|
|
|
|
});
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/email/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
|
|
|
const curUser = await User.findById(req.session.userId);
|
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (selUser.email.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
|
2022-04-01 15:27:58 +00:00
|
|
|
res.status(200).send({ email: selUser.email });
|
2022-04-01 10:36:10 +00:00
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/firstName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
|
|
|
const curUser = await User.findById(req.session.userId);
|
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (selUser.firstName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
|
2022-04-01 15:27:58 +00:00
|
|
|
res.status(200).send({ firstName: selUser.firstName });
|
2022-04-01 10:36:10 +00:00
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/lastName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
|
|
|
const curUser = await User.findById(req.session.userId);
|
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (selUser.lastName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
|
2022-04-01 15:27:58 +00:00
|
|
|
res.status(200).send({ email: selUser.lastName });
|
2022-04-01 10:36:10 +00:00
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/phone/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
|
|
|
const curUser = await User.findById(req.session.userId);
|
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (selUser.phone.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
|
2022-04-01 15:27:58 +00:00
|
|
|
res.status(200).send({ phone: selUser.phone });
|
2022-04-01 10:36:10 +00:00
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/participatingMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
2022-04-01 15:27:58 +00:00
|
|
|
const curUser = await User.findById(req.session.userId);
|
2022-04-01 10:36:10 +00:00
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (selUser.participatingMatches.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
|
2022-04-01 15:27:58 +00:00
|
|
|
res.status(200).send({ participatingMatches: selUser.participatingMatches });
|
2022-04-01 10:36:10 +00:00
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/joinDate/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
|
|
|
const curUser = await User.findById(req.session.userId);
|
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
|
|
|
|
res.status(200).send({ joinDate: selUser.joinDate });
|
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
UserController.get("/createdMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
|
|
|
|
if (!req.params.userId) req.params.userId = req.session.userId;
|
2022-04-01 15:27:58 +00:00
|
|
|
const curUser = await User.findById(req.session.userId);
|
2022-04-01 10:36:10 +00:00
|
|
|
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
|
|
|
|
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
|
|
|
|
res.status(200).send({ createdMatches: selUser.createdMatches });
|
|
|
|
} else {
|
|
|
|
res.status(401).send("Could not authenticate request.");
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
// TODO: Finish update requests using put.
|
|
|
|
|
|
|
|
UserController.post("/", needDatabase, async (req, res) => {
|
|
|
|
try {
|
|
|
|
let createdUser = new User({
|
|
|
|
email: req.body.email,
|
|
|
|
firstName: req.body.firstName,
|
|
|
|
lastName: req.body.lastName,
|
|
|
|
phone: req.body.phone,
|
|
|
|
password: req.body.password,
|
|
|
|
});
|
|
|
|
await createdUser.save();
|
|
|
|
res.sendStatus(201);
|
2022-04-01 15:27:58 +00:00
|
|
|
return;
|
2022-04-01 10:36:10 +00:00
|
|
|
} catch (err) {
|
|
|
|
if (err.name === "TypeError" || err.name === "ValidationError") {
|
|
|
|
if (process.env.NODE_ENV === "development") {
|
|
|
|
console.error(err);
|
|
|
|
res.status(400).send(err.toString());
|
|
|
|
} else {
|
|
|
|
res.status(400).send("Missing required user info.");
|
|
|
|
}
|
|
|
|
} else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {
|
|
|
|
if (process.env.NODE_ENV === "development") {
|
|
|
|
console.error(err);
|
|
|
|
res.status(409).send(err.toString());
|
|
|
|
} else {
|
|
|
|
res.status(409).send("User already exists.");
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
console.error(err);
|
|
|
|
if (process.env.NODE_ENV === "development") {
|
|
|
|
res.status(500).send(err.toString());
|
|
|
|
} else {
|
|
|
|
res.status(500).send("Internal server error. This issue has been noted.");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
export default UserController;
|