import express from "express"; import { authenticationGuard } from "../middleware/Authority.js"; import { needDatabase } from "../middleware/Database.js"; import User from "../schemas/User.js"; const UserController = express.Router(); UserController.post("/login", needDatabase, async (req, res) => { try { const email = req.body.email; const pwd = req.body.password; const user = await User.credentialsExist(email, pwd); if (!user) { res.sendStatus(401); return; } else { req.session.userId = user._id; req.session.email = user.email.value; res.status(200).send("Authenticated."); } } catch (error) { if (error.name === "TypeError") { res.status(400).send("Missing required user info."); } else if (error.message === "Credentials do not exist.") { res.status(401).send("Credentials do not exist."); } else { console.error(error); if (process.env.NODE_ENV === "development") { res.status(500).send(error.toString()); } else { res.status(500).send("Internal server error. This issue has been noted."); } } } }); UserController.get("/logout", authenticationGuard, (req, res) => { req.session.destroy((err) => { if (err) { console.error(err); if (process.env.NODE_ENV === "development") { res.status(500).send(err.toString()); } else { res.status(500).send("Internal server error. This issue has been noted."); } res.status(500).send(""); } else { res.sendStatus(200); } }); }); UserController.get("/email/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (selUser.email.public || curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ email: selUser.email.value }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/firstName/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (selUser.firstName.public || curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ firstName: selUser.firstName.value }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/lastName/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (selUser.lastName.public || curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ email: selUser.lastName.value }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/phone/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (selUser.phone.public || curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ phone: selUser.phone.value }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/participatingMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId).populate("participatingMatches.value"); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (selUser.participatingMatches.public || curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ participatingMatches: selUser.participatingMatches.value }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/joinDate/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ joinDate: selUser.joinDate }); } else { res.status(401).send("Could not authenticate request."); } }); UserController.get("/createdMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => { if (!req.params.userId) req.params.userId = req.session.userId; const curUser = await User.findById(req.session.userId).populate("createdMatches"); const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (curUser._id === selUser._id || curUser.accessLevel > 2) { res.status(200).send({ createdMatches: selUser.createdMatches }); } else { res.status(401).send("Could not authenticate request."); } }); // TODO: Finish update requests using put. UserController.post("/", needDatabase, async (req, res) => { try { let createdUser = new User({ email: req.body.email, firstName: req.body.firstName, lastName: req.body.lastName, phone: req.body.phone, password: req.body.password, }); await createdUser.save(); res.sendStatus(201); } catch (err) { if (err.name === "TypeError" || err.name === "ValidationError") { if (process.env.NODE_ENV === "development") { console.error(err); res.status(400).send(err.toString()); } else { res.status(400).send("Missing required user info."); } } else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) { if (process.env.NODE_ENV === "development") { console.error(err); res.status(409).send(err.toString()); } else { res.status(409).send("User already exists."); } } else { console.error(err); if (process.env.NODE_ENV === "development") { res.status(500).send(err.toString()); } else { res.status(500).send("Internal server error. This issue has been noted."); } } } }); export default UserController;