137 lines
3.6 KiB
JavaScript
137 lines
3.6 KiB
JavaScript
const asyncHandler = require("express-async-handler");
|
|
const bcrypt = require("bcryptjs");
|
|
const User = require("../models/user.js");
|
|
const { body, validationResult } = require("express-validator");
|
|
const { default: mongoose } = require("mongoose");
|
|
|
|
// C
|
|
exports.put = [
|
|
// Validate and sanitize username
|
|
body("username", "Please enter username!")
|
|
.isLength({ min: 1 })
|
|
.trim()
|
|
.escape(),
|
|
|
|
// Validate and sanitize password
|
|
body("password", "Please enter password!")
|
|
.isLength({ min: 1 })
|
|
.trim()
|
|
.escape(),
|
|
|
|
asyncHandler(async (req, res, next) => {
|
|
const errors = validationResult(req);
|
|
// if there are validation errors, return them
|
|
if (!errors.isEmpty()) {
|
|
return res.status(400).json({
|
|
message: "Comment produced validation errors!",
|
|
errors: errors.array(),
|
|
});
|
|
}
|
|
const { username, password } = req.body; // get fields from body
|
|
const dbUser = await User.findOne({ username: req.params.username })
|
|
.lean()
|
|
.exec();
|
|
const exists = await User.findOne({ username: username }).lean().exec();
|
|
|
|
if (exists) {
|
|
return res.status(409).json({
|
|
message: "Username is taken!",
|
|
});
|
|
}
|
|
// else
|
|
const user = new User({
|
|
username: username,
|
|
password: await bcrypt.hash(password, 10),
|
|
_id: dbUser._id,
|
|
});
|
|
|
|
await User.findByIdAndUpdate(dbUser._id, user, {});
|
|
|
|
return res.status(200).json({
|
|
message: "User updated!",
|
|
});
|
|
}),
|
|
];
|
|
|
|
// R
|
|
exports.get = asyncHandler(async (req, res, next) => {
|
|
const user = await User.findOne({ username: req.params.username })
|
|
.lean()
|
|
.exec(); // gets user based on username
|
|
return res.status(200).json({
|
|
user,
|
|
});
|
|
});
|
|
|
|
// U
|
|
exports.post = [
|
|
// Validate and sanitize username
|
|
body("username", "Please enter username!")
|
|
.isLength({ min: 1 })
|
|
.trim()
|
|
.escape(),
|
|
|
|
// Validate and sanitize password
|
|
body("password", "Please enter password!")
|
|
.isLength({ min: 1 })
|
|
.trim()
|
|
.escape(),
|
|
|
|
asyncHandler(async (req, res, next) => {
|
|
// begin by authorizing token
|
|
const token = req.cookies.JWT_TOKEN;
|
|
// if token is not for this user - compares by creating another token
|
|
let opts = {
|
|
expiresIn: "1d",
|
|
};
|
|
const originalUsername = req.params.username;
|
|
const userToken = jwt.sign(
|
|
{ originalUsername },
|
|
process.env.SECRET_KEY,
|
|
opts
|
|
);
|
|
if (token != userToken) {
|
|
return res.status(403).json({
|
|
message: "Not authorized!",
|
|
});
|
|
}
|
|
|
|
// then return any validation errors
|
|
const errors = validationResult(req);
|
|
// if there are validation errors, return them
|
|
if (!errors.isEmpty()) {
|
|
return res.status(400).json({
|
|
message: "Comment produced validation errors!",
|
|
errors: errors.array(),
|
|
});
|
|
}
|
|
|
|
// check for duplicates
|
|
const { username, password } = req.body; // get fields from body
|
|
const exists = await User.findOne({ username: originalUsername })
|
|
.lean()
|
|
.exec();
|
|
if (exists) {
|
|
return res.status(409).json({
|
|
message: "Username is taken!",
|
|
});
|
|
}
|
|
|
|
// otherwise update user
|
|
const user = new User({
|
|
username: username,
|
|
password: await bcrypt.hash(password, 10),
|
|
});
|
|
await user.save(); // make and save user
|
|
return res.status(200).json({
|
|
message: "User created!",
|
|
});
|
|
}),
|
|
];
|
|
|
|
// D
|
|
exports.delete = asyncHandler(async (req, res, next) => {
|
|
// if everything is correct, delete user
|
|
await User.findOneAndDelete({ username: originalUsername }).exec();
|
|
return res.status(200).json({ message: "Post deleted!" });
|
|
});
|