sports-matcher/server/controllers/UserController.js

169 lines
7.2 KiB
JavaScript

import express from "express";
import { authenticationGuard } from "../middleware/Authority.js";
import { needDatabase } from "../middleware/Database.js";
import User from "../schemas/User.js";
const UserController = express.Router();
UserController.post("/login", needDatabase, async (req, res) => {
try {
const email = req.body.email;
const pwd = req.body.password;
const user = await User.credentialsExist(email, pwd);
if (!user) {
res.sendStatus(401);
return;
} else {
req.session.userId = user._id;
req.session.email = user.email.value;
res.status(200).send("Authenticated.");
}
} catch (error) {
if (error.name === "TypeError") {
res.status(400).send("Missing required user info.");
} else if (error.message === "Credentials do not exist.") {
res.status(401).send("Credentials do not exist.");
} else {
console.error(error);
if (process.env.NODE_ENV === "development") {
res.status(500).send(error.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
}
}
});
UserController.get("/logout", authenticationGuard, (req, res) => {
req.session.destroy((err) => {
if (err) {
console.error(err);
if (process.env.NODE_ENV === "development") {
res.status(500).send(err.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
res.status(500).send("");
} else {
res.sendStatus(200);
}
});
});
UserController.get("/email/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.email.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ email: selUser.email.value });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/firstName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.firstName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ firstName: selUser.firstName.value });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/lastName/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.lastName.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ email: selUser.lastName.value });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/phone/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.phone.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ phone: selUser.phone.value });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/participatingMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId).populate("participatingMatches.value");
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.participatingMatches.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ participatingMatches: selUser.participatingMatches.value });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/joinDate/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ joinDate: selUser.joinDate });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/createdMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId).populate("createdMatches");
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ createdMatches: selUser.createdMatches });
} else {
res.status(401).send("Could not authenticate request.");
}
});
// TODO: Finish update requests using put.
UserController.post("/", needDatabase, async (req, res) => {
try {
let createdUser = new User({
email: req.body.email,
firstName: req.body.firstName,
lastName: req.body.lastName,
phone: req.body.phone,
password: req.body.password,
});
await createdUser.save();
res.sendStatus(201);
} catch (err) {
if (err.name === "TypeError" || err.name === "ValidationError") {
if (process.env.NODE_ENV === "development") {
console.error(err);
res.status(400).send(err.toString());
} else {
res.status(400).send("Missing required user info.");
}
} else if (err.name === "MongoServerError" && err.message.startsWith("E11000")) {
if (process.env.NODE_ENV === "development") {
console.error(err);
res.status(409).send(err.toString());
} else {
res.status(409).send("User already exists.");
}
} else {
console.error(err);
if (process.env.NODE_ENV === "development") {
res.status(500).send(err.toString());
} else {
res.status(500).send("Internal server error. This issue has been noted.");
}
}
}
});
export default UserController;