Lightemerald/hsp-gdh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moved '/:userId' endpoints priority

Browse Source
This commit is contained in:
Lightemerald
2024-03-09 14:30:27 +01:00
parent 323e934cd7
commit 6d941b7bf1
1 changed files with 83 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

167
routes/users.js
View File

@@ -120,90 +120,6 @@ router.post('/', verifyToken, checkBanned, checkPermissions('user', 2), async (r
}
});
router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT id, first_name, last_name, username, email, phone FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
const user = rows[0];
delete user.password;
return await respondWithStatusJSON(res, 200, user);
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const { type } = req.body;
let { value } = req.body;
const [rows] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
const excludedKeys = ['id'];
const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
if (fields[0].includes(type)) {
if (type === 'password') value = await Bun.password.hash(value);
const [result] = await pool.execute(`UPDATE users SET ${type} = ? WHERE id = ?`, [value, req.params.userId]);
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
return respondWithStatus(res, 200, 'User updated successfully');
}
else {
return await respondWithStatus(res, 400, 'Invalid type or disallowed');
}
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const { first_name, last_name, username, password = null, email, phone = null } = req.body;
if ([first_name, last_name, username, email].every(Boolean)) {
let sqlQuery = 'UPDATE users SET first_name = ?, last_name = ?, username = ?, email = ?';
const queryParams = [first_name, last_name, username, email];
if (password) {
const hashedPassword = await Bun.password.hash(password);
sqlQuery = +' password = ?';
queryParams.append(hashedPassword);
}
else if (phone && isPhoneNumber(phone)) {
sqlQuery = ' phone = ?';
queryParams.append(phone);
}
const [result] = await pool.execute(sqlQuery + ' WHERE id = ?', queryParams.append(req.params.userId));
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
return respondWithStatus(res, 200, 'User updated successfully');
}
if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 4)) return await respondWithStatus(res, 403, 'Missing permission');
if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
const [result] = await pool.execute('DELETE FROM users WHERE id = ?', [ req.params.userId ]);
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing user');
return respondWithStatus(res, 200, 'User deleted successfully');
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
// Email verification endpoints
router.get('/email/request', verifyToken, checkBanned, async (req, res) => {
const userId = req.userId;
@@ -322,4 +238,87 @@ router.patch('/password/verify', async (req, res) => {
}
});
router.get('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 1)) return await respondWithStatus(res, 403, 'Missing permission');
const [rows] = await pool.execute('SELECT id, first_name, last_name, username, email, phone FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
const user = rows[0];
delete user.password;
return await respondWithStatusJSON(res, 200, user);
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.patch('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const { type } = req.body;
let { value } = req.body;
const [rows] = await pool.execute('SELECT * FROM users WHERE id = ? LIMIT 1', [req.params.userId]);
if (rows.length === 0) return await respondWithStatus(res, 404, 'User not found');
const excludedKeys = ['id'];
const fields = rows.map(row => Object.keys(row).filter(key => !excludedKeys.includes(key)));
if (fields[0].includes(type)) {
if (type === 'password') value = await Bun.password.hash(value);
const [result] = await pool.execute(`UPDATE users SET ${type} = ? WHERE id = ?`, [value, req.params.userId]);
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
return respondWithStatus(res, 200, 'User updated successfully');
}
else {
return await respondWithStatus(res, 400, 'Invalid type or disallowed');
}
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.put('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 2)) return await respondWithStatus(res, 403, 'Missing permission');
const { first_name, last_name, username, password = null, email, phone = null } = req.body;
if ([first_name, last_name, username, email].every(Boolean)) {
let sqlQuery = 'UPDATE users SET first_name = ?, last_name = ?, username = ?, email = ?';
const queryParams = [first_name, last_name, username, email];
if (password) {
const hashedPassword = await Bun.password.hash(password);
sqlQuery = +' password = ?';
queryParams.append(hashedPassword);
}
else if (phone && isPhoneNumber(phone)) {
sqlQuery = ' phone = ?';
queryParams.append(phone);
}
const [result] = await pool.execute(sqlQuery + ' WHERE id = ?', queryParams.append(req.params.userId));
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error updating user');
return respondWithStatus(res, 200, 'User updated successfully');
}
if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
router.delete('/:userId', verifyToken, checkBanned, async (req, res) => {
try {
if (req.params.userId != req.userId && !verifyPermissions(req.userId, 'user', 4)) return await respondWithStatus(res, 403, 'Missing permission');
if (!userExists(req.params.userId)) return await respondWithStatus(res, 404, 'User not found');
const [result] = await pool.execute('DELETE FROM users WHERE id = ?', [ req.params.userId ]);
if (result.affectedRows === 0) return await respondWithStatus(res, 500, 'Error removing user');
return respondWithStatus(res, 200, 'User deleted successfully');
}
catch (err) {
error(err);
return await respondWithStatus(res, 500, 'An error has occured');
}
});
export default router;