|
|
|
const router = require('express-promise-router')()
|
|
|
|
const parseJSON = require('body-parser').json()
|
|
|
|
const db = require('../db')
|
|
|
|
const ensureAdmin = require('./middleware/ensureAdmin')
|
|
|
|
const ensureUser = require('./middleware/ensureUser')
|
|
|
|
|
|
|
|
const sendgrid = require('@sendgrid/mail')
|
|
|
|
sendgrid.setApiKey(process.env.SENDGRID_KEY)
|
|
|
|
|
|
|
|
const validate = require('./middleware/validators')
|
|
|
|
|
|
|
|
const registerValidation = [
|
|
|
|
validate.unusedEmail('email'),
|
|
|
|
validate.validPassword('password'),
|
|
|
|
validate.bothPasswordsMatch,
|
|
|
|
validate.handleApiError
|
|
|
|
]
|
|
|
|
|
|
|
|
router.post('/', parseJSON, registerValidation, async (req, res) => {
|
|
|
|
const user = await db.user.register(
|
|
|
|
req.body.email,
|
|
|
|
req.body.password
|
|
|
|
)
|
|
|
|
|
|
|
|
if(!user){
|
|
|
|
return res.status(422).json({errors: [{
|
|
|
|
param: 'email',
|
|
|
|
msg: 'Unable to complete registration'
|
|
|
|
},{
|
|
|
|
param: 'password',
|
|
|
|
msg: ' '
|
|
|
|
},{
|
|
|
|
param: 'password2',
|
|
|
|
msg: ' '
|
|
|
|
}]})
|
|
|
|
}
|
|
|
|
|
|
|
|
await db.session.create(req, user)
|
|
|
|
|
|
|
|
// Send login email TODO: Abstract this so api/email and this route use the same function
|
|
|
|
const confirmUrl = await db.user.createLoginLink(user.uuid)
|
|
|
|
|
|
|
|
const msg = {
|
|
|
|
to: user.email,
|
|
|
|
from: {email: 'registration@email.societyofsocks.us', name: 'Society of Socks'},
|
|
|
|
templateId: 'd-33407f1dd1b14b7b84dd779511039c95',
|
|
|
|
dynamic_template_data: {
|
|
|
|
confirmUrl: confirmUrl
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
await sendgrid.send(msg);
|
|
|
|
|
|
|
|
res.json(user)
|
|
|
|
})
|
|
|
|
|
|
|
|
router.get('/', ensureAdmin, async (req, res) => {
|
|
|
|
const users = await db.user.findAll()
|
|
|
|
res.json(users)
|
|
|
|
})
|
|
|
|
|
|
|
|
router.get('/:uuid', ensureAdmin, async (req, res) => {
|
|
|
|
const user = await db.user.findById(req.params.uuid)
|
|
|
|
res.json(user)
|
|
|
|
})
|
|
|
|
|
|
|
|
router.get('/:uuid/orders', ensureAdmin, async (req, res) => {
|
|
|
|
return res.json(await db.order.findAllForUser(req.params.uuid))
|
|
|
|
})
|
|
|
|
|
|
|
|
router.put('/:uuid/admin', ensureAdmin, async (req, res) => {
|
|
|
|
const user = await db.user.makeAdmin(req.params.uuid)
|
|
|
|
res.json(user)
|
|
|
|
})
|
|
|
|
|
|
|
|
router.delete('/:uuid/admin', ensureAdmin, async (req, res) => {
|
|
|
|
const user = await db.user.removeAdmin(req.params.uuid)
|
|
|
|
res.json(user)
|
|
|
|
})
|
|
|
|
|
|
|
|
const changePasswordValidation = [
|
|
|
|
validate.validPassword('password'),
|
|
|
|
validate.bothPasswordsMatch,
|
|
|
|
validate.oldPasswordNotSame,
|
|
|
|
validate.handleApiError
|
|
|
|
]
|
|
|
|
router.put('/current/password', parseJSON, changePasswordValidation, ensureUser, async (req, res) => {
|
|
|
|
const user = await db.user.changePassword(
|
|
|
|
req.user.uuid,
|
|
|
|
req.body.oldPassword,
|
|
|
|
req.body.password
|
|
|
|
)
|
|
|
|
|
|
|
|
if(!user){
|
|
|
|
return res.status(422).json({errors: [{
|
|
|
|
param: 'oldPassword',
|
|
|
|
msg: 'Incorrect password'
|
|
|
|
}]})
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
res.json(user)
|
|
|
|
})
|
|
|
|
|
|
|
|
module.exports = router;
|