From 6d941b7bf1d8ac51bacedd59cae78aed5694d361 Mon Sep 17 00:00:00 2001
From: Lightemerald <light_emerald@aostia.com>
Date: Sat, 9 Mar 2024 14:30:27 +0100
Subject: [PATCH] Moved '/:userId' endpoints priority

---
 routes/users.js | 167 ++++++++++++++++++++++++------------------------
 1 file changed, 83 insertions(+), 84 deletions(-)

diff --git a/routes/users.js b/routes/users.js
index bbe6e51..8a522f0 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -120,90 +120,6 @@ router.post('/', verifyToken, checkBanned, checkPermissions('user', 2), async (r
 	}
 });
 
-router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
-	try {
-		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
-		const [rows] = await pool.execute('SELECT id, first_name, last_name, username, email, phone FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
-		if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
-
-		const user = rows[0];
-		delete user.password;
-		return await respondWithStatusJSON(res, 200, user);
-	}
-	catch (err) {
-		error(err);
-		return await respondWithStatus(res, 500, 'An error has occured');
-	}
-});
-
-router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
-	try {
-		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
-		const { type } = req.body;
-		let { value } = req.body;
-		const [rows] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
-		if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
-		const excludedKeys = ['id'];
-		const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
-		if (fields[0].includes(type)) {
-			if (type === 'password') value = await Bun.password.hash(value);
-			const [result] = await pool.execute(`UPDATE users SET ${type} = ? WHERE id = ?`, [value, req.params.userId]);
-			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
-			return respondWithStatus(res, 200, 'User updated successfully');
-		}
-		else {
-			return await respondWithStatus(res, 400, 'Invalid type or disallowed');
-		}
-	}
-	catch (err) {
-		error(err);
-		return await respondWithStatus(res, 500, 'An error has occured');
-	}
-});
-
-router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
-	try {
-		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
-		const { first_name, last_name, username, password = null, email, phone = null } = req.body;
-		if ([first_name, last_name, username, email].every(Boolean)) {
-			let sqlQuery = 'UPDATE users SET first_name = ?, last_name = ?, username = ?, email = ?';
-			const queryParams = [first_name, last_name, username, email];
-			if (password) {
-				const hashedPassword = await Bun.password.hash(password);
-				sqlQuery = +' password = ?';
-				queryParams.append(hashedPassword);
-			}
-			else if (phone && isPhoneNumber(phone)) {
-				sqlQuery = ' phone = ?';
-				queryParams.append(phone);
-			}
-			const [result] = await pool.execute(sqlQuery + ' WHERE id = ?', queryParams.append(req.params.userId));
-			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
-			return respondWithStatus(res, 200, 'User updated successfully');
-		}
-		if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
-	}
-	catch (err) {
-		error(err);
-		return await respondWithStatus(res, 500, 'An error has occured');
-	}
-});
-
-router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
-	try {
-		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 4)) return await respondWithStatus(res, 403, 'Missing permission');
-		if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
-		const [result] = await pool.execute('DELETE FROM users WHERE id = ?', [ req.params.userId ]);
-		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing user');
-		return respondWithStatus(res, 200, 'User deleted successfully');
-	}
-	catch (err) {
-		error(err);
-		return await respondWithStatus(res, 500, 'An error has occured');
-	}
-});
-
-
 // Email verification endpoints
 router.get('/email/request', verifyToken, checkBanned, async (req, res) => {
 	const userId = req.userId;
@@ -322,4 +238,87 @@ router.patch('/password/verify', async (req, res) => {
 	}
 });
 
+router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
+		const [rows] = await pool.execute('SELECT id, first_name, last_name, username, email, phone FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
+
+		const user = rows[0];
+		delete user.password;
+		return await respondWithStatusJSON(res, 200, user);
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
+		const { type } = req.body;
+		let { value } = req.body;
+		const [rows] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
+		if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
+		const excludedKeys = ['id'];
+		const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
+		if (fields[0].includes(type)) {
+			if (type === 'password') value = await Bun.password.hash(value);
+			const [result] = await pool.execute(`UPDATE users SET ${type} = ? WHERE id = ?`, [value, req.params.userId]);
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
+			return respondWithStatus(res, 200, 'User updated successfully');
+		}
+		else {
+			return await respondWithStatus(res, 400, 'Invalid type or disallowed');
+		}
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
+		const { first_name, last_name, username, password = null, email, phone = null } = req.body;
+		if ([first_name, last_name, username, email].every(Boolean)) {
+			let sqlQuery = 'UPDATE users SET first_name = ?, last_name = ?, username = ?, email = ?';
+			const queryParams = [first_name, last_name, username, email];
+			if (password) {
+				const hashedPassword = await Bun.password.hash(password);
+				sqlQuery = +' password = ?';
+				queryParams.append(hashedPassword);
+			}
+			else if (phone && isPhoneNumber(phone)) {
+				sqlQuery = ' phone = ?';
+				queryParams.append(phone);
+			}
+			const [result] = await pool.execute(sqlQuery + ' WHERE id = ?', queryParams.append(req.params.userId));
+			if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
+			return respondWithStatus(res, 200, 'User updated successfully');
+		}
+		if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
+router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
+	try {
+		if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 4)) return await respondWithStatus(res, 403, 'Missing permission');
+		if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
+		const [result] = await pool.execute('DELETE FROM users WHERE id = ?', [ req.params.userId ]);
+		if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing user');
+		return respondWithStatus(res, 200, 'User deleted successfully');
+	}
+	catch (err) {
+		error(err);
+		return await respondWithStatus(res, 500, 'An error has occured');
+	}
+});
+
 export default router;
\ No newline at end of file