const router = require('express-promise-router')() const parseJSON = require('body-parser').json() const db = require('../db') const ensureAdmin = require('./middleware/ensureAdmin') const ensureUser = require('./middleware/ensureUser') const sendgrid = require('@sendgrid/mail') sendgrid.setApiKey(process.env.SENDGRID_KEY) const validate = require('./middleware/validators') const registerValidation = [ validate.unusedEmail('email'), validate.validPassword('password'), validate.bothPasswordsMatch, validate.handleApiError ] router.post('/', parseJSON, registerValidation, async (req, res) => { const user = await db.user.register( req.body.email, req.body.password ) if(!user){ return res.status(422).json({errors: [{ param: 'email', msg: 'Unable to complete registration' },{ param: 'password', msg: ' ' },{ param: 'password2', msg: ' ' }]}) } await db.session.create(req, user) // Send login email TODO: Abstract this so api/email and this route use the same function const confirmUrl = await db.user.createLoginLink(user.uuid) const msg = { to: user.email, from: {email: 'registration@email.societyofsocks.us', name: 'Society of Socks'}, templateId: 'd-33407f1dd1b14b7b84dd779511039c95', dynamic_template_data: { confirmUrl: confirmUrl } }; await sendgrid.send(msg); res.json(user) }) router.get('/', ensureAdmin, async (req, res) => { const users = await db.user.findAll() res.json(users) }) router.get('/:uuid', ensureAdmin, async (req, res) => { const user = await db.user.findById(req.params.uuid) res.json(user) }) router.get('/:uuid/orders', ensureAdmin, async (req, res) => { return res.json(await db.order.findAllForUser(req.params.uuid)) }) router.put('/:uuid/admin', ensureAdmin, async (req, res) => { const user = await db.user.makeAdmin(req.params.uuid) res.json(user) }) router.delete('/:uuid/admin', ensureAdmin, async (req, res) => { const user = await db.user.removeAdmin(req.params.uuid) res.json(user) }) const changePasswordValidation = [ validate.validPassword('password'), validate.bothPasswordsMatch, validate.oldPasswordNotSame, validate.handleApiError ] router.put('/current/password', parseJSON, changePasswordValidation, ensureUser, async (req, res) => { const user = await db.user.changePassword( req.user.uuid, req.body.oldPassword, req.body.password ) if(!user){ return res.status(422).json({errors: [{ param: 'oldPassword', msg: 'Incorrect password' }]}) } res.json(user) }) module.exports = router;