sos-nextjs/api/users.js

const router = require('express-promise-router')()
const parseJSON = require('body-parser').json()
const db = require('../db')
const ensureAdmin = require('./middleware/ensureAdmin')
const ensureUser = require('./middleware/ensureUser')
const email = require('../utils/email')

const sendgrid = require('@sendgrid/mail')
sendgrid.setApiKey(process.env.SENDGRID_KEY)

const validate = require('./middleware/validators')

const registerValidation = [
  validate.unusedEmail('email'),
  validate.validPassword('password'),
  validate.bothPasswordsMatch,
  validate.handleApiError
]

router.post('/', parseJSON, registerValidation, async (req, res) => {
  const user = await db.user.register(
    req.body.email,
    req.body.password
  )

  if(!user){
    return res.status(422).json({errors: [{
      param: 'email',
      msg: 'Unable to complete registration'
    },{
      param: 'password',
      msg: ' '
    },{
      param: 'password2',
      msg: ' '
    }]})
  }

  await db.session.create(req, user)
  await email.sendAccountConfirmation(user)

  res.json(user)
})

router.post('/recover', parseJSON, validate.validEmail('email'), async (req, res) => {
  const user = await db.user.findByEmail(req.body.email)

  if(user)
    email.sendPasswordReset(user)
  else
    email.sendNoSuchAccount(req.body.email)

  res.end()
})

router.post('/recover/password', parseJSON,
validate.validPassword('password'),
validate.bothPasswordsMatch, async (req, res) => {
  const {password, link_uuid, link_key} = req.body

  const user = await db.user.verifyPasswordReset(link_uuid, link_key)
  if(!user){
    return res.status(422).json({errors: [{
      param: 'password',
      msg: 'Invalid reset link'
    }]})
  }

  await email.sendPasswordChanged(user)

  const updatedUser = await db.user.overwritePassword(user.uuid, password)
  await db.user.markLinkUsed(link_uuid)
  await db.session.create(req, updatedUser)

  res.json(updatedUser)
})

router.get('/', ensureAdmin, async (req, res) => {
  const users = await db.user.findAll()
  res.json(users)
})

router.get('/:uuid', ensureAdmin, async (req, res) => {
  const user = await db.user.findById(req.params.uuid)
  res.json(user)
})

router.get('/:uuid/orders', ensureAdmin, async (req, res) => {
  return res.json(await db.order.findAllForUser(req.params.uuid))
})

router.put('/:uuid/admin', ensureAdmin, async (req, res) => {
  const user = await db.user.makeAdmin(req.params.uuid)
  res.json(user)
})

router.delete('/:uuid/admin', ensureAdmin, async (req, res) => {
  const user = await db.user.removeAdmin(req.params.uuid)
  res.json(user)
})

const changePasswordValidation = [
  validate.validPassword('password'),
  validate.bothPasswordsMatch,
  validate.oldPasswordNotSame,
  validate.handleApiError
]
router.put('/current/password', parseJSON, changePasswordValidation, ensureUser, async (req, res) => {
  const user = await db.user.changePassword(
    req.user.uuid,
    req.body.oldPassword,
    req.body.password
  )

  if(!user){
    return res.status(422).json({errors: [{
      param: 'oldPassword',
      msg: 'Incorrect password'
    }]})
  }

  await email.sendPasswordChanged(user)

  res.json(user)
})

module.exports = router;
Basic DB function structure 5 years ago			`const router = require('express-promise-router')()`
Login / register (no sessions yet) 5 years ago			`const parseJSON = require('body-parser').json()`
Basic DB function structure 5 years ago			`const db = require('../db')`
Admin can manage users 4 years ago			`const ensureAdmin = require('./middleware/ensureAdmin')`
User can change password 4 years ago			`const ensureUser = require('./middleware/ensureUser')`
Password reset implemetation 4 years ago			`const email = require('../utils/email')`
Basic DB function structure 5 years ago
Email verification 4 years ago			`const sendgrid = require('@sendgrid/mail')`
			`sendgrid.setApiKey(process.env.SENDGRID_KEY)`

Login / register (no sessions yet) 5 years ago			`const validate = require('./middleware/validators')`

Refactor validators 5 years ago			`const registerValidation = [`
			`validate.unusedEmail('email'),`
			`validate.validPassword('password'),`
			`validate.bothPasswordsMatch,`
			`validate.handleApiError`
			`]`
Login / register (no sessions yet) 5 years ago
Refactor validators 5 years ago			`router.post('/', parseJSON, registerValidation, async (req, res) => {`
Login / register (no sessions yet) 5 years ago			`const user = await db.user.register(`
			`req.body.email,`
			`req.body.password`
			`)`

Form controller can handle form submit and errors 5 years ago			`if(!user){`
			`return res.status(422).json({errors: [{`
			`param: 'email',`
			`msg: 'Unable to complete registration'`
			`},{`
			`param: 'password',`
			`msg: ' '`
			`},{`
			`param: 'password2',`
			`msg: ' '`
			`}]})`
			`}`

Add to cart functionality 5 years ago			`await db.session.create(req, user)`
Password reset implemetation 4 years ago			`await email.sendAccountConfirmation(user)`
Basic DB function structure 5 years ago
Password reset implemetation 4 years ago			`res.json(user)`
			`})`
Email verification 4 years ago
Password reset implemetation 4 years ago			`router.post('/recover', parseJSON, validate.validEmail('email'), async (req, res) => {`
			`const user = await db.user.findByEmail(req.body.email)`
Email verification 4 years ago
Password reset implemetation 4 years ago			`if(user)`
			`email.sendPasswordReset(user)`
Handles password reset where no user found 4 years ago			`else`
			`email.sendNoSuchAccount(req.body.email)`
Email verification 4 years ago
Password reset implemetation 4 years ago			`res.end()`
			`})`

			`router.post('/recover/password', parseJSON,`
Handles password reset where no user found 4 years ago			`validate.validPassword('password'),`
Password reset implemetation 4 years ago			`validate.bothPasswordsMatch, async (req, res) => {`
			`const {password, link_uuid, link_key} = req.body`

			`const user = await db.user.verifyPasswordReset(link_uuid, link_key)`
			`if(!user){`
			`return res.status(422).json({errors: [{`
			`param: 'password',`
			`msg: 'Invalid reset link'`
			`}]})`
			`}`

Password change notification email 4 years ago			`await email.sendPasswordChanged(user)`

Password reset implemetation 4 years ago			`const updatedUser = await db.user.overwritePassword(user.uuid, password)`
			`await db.user.markLinkUsed(link_uuid)`
			`await db.session.create(req, updatedUser)`

			`res.json(updatedUser)`
Basic DB function structure 5 years ago			`})`

Admin can manage users 4 years ago			`router.get('/', ensureAdmin, async (req, res) => {`
			`const users = await db.user.findAll()`
			`res.json(users)`
			`})`

			`router.get('/:uuid', ensureAdmin, async (req, res) => {`
			`const user = await db.user.findById(req.params.uuid)`
			`res.json(user)`
			`})`

			`router.get('/:uuid/orders', ensureAdmin, async (req, res) => {`
			`return res.json(await db.order.findAllForUser(req.params.uuid))`
			`})`

			`router.put('/:uuid/admin', ensureAdmin, async (req, res) => {`
			`const user = await db.user.makeAdmin(req.params.uuid)`
			`res.json(user)`
			`})`

			`router.delete('/:uuid/admin', ensureAdmin, async (req, res) => {`
			`const user = await db.user.removeAdmin(req.params.uuid)`
			`res.json(user)`
			`})`

User can change password 4 years ago			`const changePasswordValidation = [`
			`validate.validPassword('password'),`
			`validate.bothPasswordsMatch,`
			`validate.oldPasswordNotSame,`
			`validate.handleApiError`
			`]`
			`router.put('/current/password', parseJSON, changePasswordValidation, ensureUser, async (req, res) => {`
			`const user = await db.user.changePassword(`
			`req.user.uuid,`
			`req.body.oldPassword,`
			`req.body.password`
			`)`

			`if(!user){`
			`return res.status(422).json({errors: [{`
			`param: 'oldPassword',`
			`msg: 'Incorrect password'`
			`}]})`
			`}`

Password change notification email 4 years ago			`await email.sendPasswordChanged(user)`
User can change password 4 years ago
			`res.json(user)`
			`})`

Basic DB function structure 5 years ago			`module.exports = router;`