You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 lines
3.1 KiB
JavaScript
128 lines
3.1 KiB
JavaScript
const router = require('express-promise-router')()
|
|
const parseJSON = require('body-parser').json()
|
|
const db = require('../db')
|
|
const ensureAdmin = require('./middleware/ensureAdmin')
|
|
const ensureUser = require('./middleware/ensureUser')
|
|
const email = require('../utils/email')
|
|
|
|
const sendgrid = require('@sendgrid/mail')
|
|
sendgrid.setApiKey(process.env.SENDGRID_KEY)
|
|
|
|
const validate = require('./middleware/validators')
|
|
|
|
const registerValidation = [
|
|
validate.unusedEmail('email'),
|
|
validate.validPassword('password'),
|
|
validate.bothPasswordsMatch,
|
|
validate.handleApiError
|
|
]
|
|
|
|
router.post('/', parseJSON, registerValidation, async (req, res) => {
|
|
const user = await db.user.register(
|
|
req.body.email,
|
|
req.body.password
|
|
)
|
|
|
|
if(!user){
|
|
return res.status(422).json({errors: [{
|
|
param: 'email',
|
|
msg: 'Unable to complete registration'
|
|
},{
|
|
param: 'password',
|
|
msg: ' '
|
|
},{
|
|
param: 'password2',
|
|
msg: ' '
|
|
}]})
|
|
}
|
|
|
|
await db.session.create(req, user)
|
|
await email.sendAccountConfirmation(user)
|
|
|
|
res.json(user)
|
|
})
|
|
|
|
router.post('/recover', parseJSON, validate.validEmail('email'), async (req, res) => {
|
|
const user = await db.user.findByEmail(req.body.email)
|
|
|
|
if(user)
|
|
email.sendPasswordReset(user)
|
|
else
|
|
email.sendNoSuchAccount(req.body.email)
|
|
|
|
res.end()
|
|
})
|
|
|
|
router.post('/recover/password', parseJSON,
|
|
validate.validPassword('password'),
|
|
validate.bothPasswordsMatch, async (req, res) => {
|
|
const {password, link_uuid, link_key} = req.body
|
|
|
|
const user = await db.user.verifyPasswordReset(link_uuid, link_key)
|
|
if(!user){
|
|
return res.status(422).json({errors: [{
|
|
param: 'password',
|
|
msg: 'Invalid reset link'
|
|
}]})
|
|
}
|
|
|
|
await email.sendPasswordChanged(user)
|
|
|
|
const updatedUser = await db.user.overwritePassword(user.uuid, password)
|
|
await db.user.markLinkUsed(link_uuid)
|
|
await db.session.create(req, updatedUser)
|
|
|
|
res.json(updatedUser)
|
|
})
|
|
|
|
router.get('/', ensureAdmin, async (req, res) => {
|
|
const users = await db.user.findAll()
|
|
res.json(users)
|
|
})
|
|
|
|
router.get('/:uuid', ensureAdmin, async (req, res) => {
|
|
const user = await db.user.findById(req.params.uuid)
|
|
res.json(user)
|
|
})
|
|
|
|
router.get('/:uuid/orders', ensureAdmin, async (req, res) => {
|
|
return res.json(await db.order.findAllForUser(req.params.uuid))
|
|
})
|
|
|
|
router.put('/:uuid/admin', ensureAdmin, async (req, res) => {
|
|
const user = await db.user.makeAdmin(req.params.uuid)
|
|
res.json(user)
|
|
})
|
|
|
|
router.delete('/:uuid/admin', ensureAdmin, async (req, res) => {
|
|
const user = await db.user.removeAdmin(req.params.uuid)
|
|
res.json(user)
|
|
})
|
|
|
|
const changePasswordValidation = [
|
|
validate.validPassword('password'),
|
|
validate.bothPasswordsMatch,
|
|
validate.oldPasswordNotSame,
|
|
validate.handleApiError
|
|
]
|
|
router.put('/current/password', ensureUser, parseJSON, changePasswordValidation, async (req, res) => {
|
|
const user = await db.user.changePassword(
|
|
req.user.uuid,
|
|
req.body.oldPassword,
|
|
req.body.password
|
|
)
|
|
|
|
if(!user){
|
|
return res.status(403).json({errors: [{
|
|
param: 'oldPassword',
|
|
msg: 'Incorrect password'
|
|
}]})
|
|
}
|
|
|
|
await email.sendPasswordChanged(user)
|
|
|
|
res.json(user)
|
|
})
|
|
|
|
module.exports = router;
|