definma-api/src/routes/user.ts

import express from 'express';
import mongoose from 'mongoose';
import bcrypt from 'bcryptjs';
import UserValidate from './validate/user';
import UserModel from '../models/user';
import mail from '../helpers/mail';

const router = express.Router();

router.get('/users', (req, res) => {
  if (!req.auth(res, ['admin'], 'basic')) return;

  UserModel.find({}).lean().exec(  (err, data:any) => {
    res.json(data.map(e => UserValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
  });
});

router.get('/user:username([/](?!key|new).?*|/?)', (req, res, next) => {  // this path matches /user, /user/ and /user/xxx, but not /user/key or user/new. See https://forbeslindesay.github.io/express-route-tester/ for the generated regex
  req.params.username = req.params[0];
  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;
  let username = req.authDetails.username;
  if (req.params.username !== undefined) {
    if (!req.auth(res, ['admin'], 'basic')) return;
    username = req.params.username;
  }

  UserModel.findOne({name: username}).lean().exec(  (err, data:any) => {
    if (err) next(err);
    if (data) {
      res.json(UserValidate.output(data));  // validate all and filter null values from validation errors
    }
    else {
      res.status(404).json({status: 'Not found'});
    }
  });
});

router.put('/user:username([/](?!key|new).?*|/?)', (req, res, next) => {  // this path matches /user, /user/ and /user/xxx, but not /user/key or user/new
  console.log(req.authDetails);
  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;
  let username = req.authDetails.username;
  if (req.params.username !== undefined) {
    if (!req.auth(res, ['admin'], 'basic')) return;
    username = req.params.username;
  }
  const {error, value: user} = UserValidate.input(req.body, 'change' + (req.authDetails.level === 'admin'? 'admin' : ''));
  console.log(error);
  console.log(user);
  if(error !== undefined) {
    res.status(400).json({status: 'Invalid body format'});
    return;
  }

  if (user.hasOwnProperty('pass')) {
    user.pass = bcrypt.hashSync(user.pass, 10);
  }

  // check that user does not already exist if new name was specified
  if (user.hasOwnProperty('name') && user.name !== username) {
    UserModel.find({name: user.name}).lean().exec(  (err, data:any) => {
      if (err) next(err);
      if (data.length > 0) {
        res.status(400).json({status: 'Username already taken'});
        return;
      }

      UserModel.findOneAndUpdate({name: username}, user, {new: true}).lean().exec(  (err, data:any) => {
        if (err) next(err);
        if (data) {
          res.json(UserValidate.output(data));  // validate all and filter null values from validation errors
        }
        else {
          res.status(404).json({status: 'Not found'});
        }
      });
    });
  }
  else {
    UserModel.findOneAndUpdate({name: username}, user, {new: true}).lean().exec(  (err, data:any) => {
      if (err) next(err);
      if (data) {
        res.json(UserValidate.output(data));  // validate all and filter null values from validation errors
      }
      else {
        res.status(404).json({status: 'Not found'});
      }
    });
  }
});

router.get('/user/key', (req, res, next) => {
  console.log('hmm');
  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;

  UserModel.findOne({name: req.authDetails.username}).lean().exec(  (err, data:any) => {
    if (err) next(err);
    res.json({key: data.key});
  });
});

router.post('/user/new', (req, res, next) => {
  if (!req.auth(res, ['admin'], 'basic')) return;

  // validate input
  const {error, value: user} = UserValidate.input(req.body, 'new');
  if(error !== undefined) {
    res.status(400).json({status: 'Invalid body format'});
    return;
  }

  // check that user does not already exist
  UserModel.find({name: user.name}).lean().exec(  (err, data:any) => {
    if (err) next(err);
    if (data.length > 0) {
      res.status(400).json({status: 'Username already taken'});
      return;
    }

    user.key = mongoose.Types.ObjectId();  // use object id as unique API key
    bcrypt.hash(user.pass, 10, (err, hash) => {  // password hashing
      user.pass = hash;
      new UserModel(user).save((err, data) => {  // store user
        if (err) next(err);
        res.json(UserValidate.output(data.toObject()));
      });
    });
  });
});

router.post('/user/passreset', (req, res, next) => {
  // check if user/email combo exists
  UserModel.find({name: req.body.name, email: req.body.email}).lean().exec( (err, data: any) => {
    if (err) next(err);
    if (data.length === 1) {  // it exists
      const newPass = Math.random().toString(36).substring(2);
      bcrypt.hash(newPass, 10, (err, hash) => {  // password hashing
        if (err) next(err);
        UserModel.findByIdAndUpdate(data[0]._id, {pass: hash}, err => {  // write new password
          if (err) next(err);
          mail(data[0].email, 'Your new password for the DFOP database', 'Hi, <br><br> You requested to reset your password.<br>Your new password is:<br><br>' + newPass + '<br><br>If you did not request a password reset, talk to the sysadmin quickly!<br><br>Have a nice day.<br><br>The DFOP team', err => {
            if (err) next(err);
            res.json({status: 'OK'});
          });
        });
      });
    }
    else {
      res.status(404).json({status: 'Not found'});
    }
  });
});

module.exports = router;
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import express from 'express';`
			`import mongoose from 'mongoose';`
			`import bcrypt from 'bcryptjs';`
			`import UserValidate from './validate/user';`
			`import UserModel from '../models/user';`
added passreset and mail helper 2020-04-23 17:46:00 +02:00			`import mail from '../helpers/mail';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
			`const router = express.Router();`

			`router.get('/users', (req, res) => {`
added GET /user route 2020-04-24 12:25:32 +02:00			`if (!req.auth(res, ['admin'], 'basic')) return;`

			`UserModel.find({}).lean().exec( (err, data:any) => {`
			`res.json(data.map(e => UserValidate.output(e)).filter(e => e !== null)); // validate all and filter null values from validation errors`
			`});`
			`});`

added /user/key and edited /user regex 2020-04-27 14:26:51 +02:00			`router.get('/user:username([/](?!key\|new).?*\|/?)', (req, res, next) => { // this path matches /user, /user/ and /user/xxx, but not /user/key or user/new. See https://forbeslindesay.github.io/express-route-tester/ for the generated regex`
			`req.params.username = req.params[0];`
added GET /user route 2020-04-24 12:25:32 +02:00			`if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;`
			`let username = req.authDetails.username;`
			`if (req.params.username !== undefined) {`
			`if (!req.auth(res, ['admin'], 'basic')) return;`
			`username = req.params.username;`
			`}`

			`UserModel.findOne({name: username}).lean().exec( (err, data:any) => {`
added PUT /user route 2020-04-24 17:36:39 +02:00			`if (err) next(err);`
			`if (data) {`
			`res.json(UserValidate.output(data)); // validate all and filter null values from validation errors`
			`}`
			`else {`
			`res.status(404).json({status: 'Not found'});`
			`}`
added GET /user route 2020-04-24 12:25:32 +02:00			`});`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`});`

added /user/key and edited /user regex 2020-04-27 14:26:51 +02:00			`router.put('/user:username([/](?!key\|new).?*\|/?)', (req, res, next) => { // this path matches /user, /user/ and /user/xxx, but not /user/key or user/new`
added PUT /user route 2020-04-24 17:36:39 +02:00			`console.log(req.authDetails);`
			`if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;`
			`let username = req.authDetails.username;`
			`if (req.params.username !== undefined) {`
			`if (!req.auth(res, ['admin'], 'basic')) return;`
			`username = req.params.username;`
			`}`
			`const {error, value: user} = UserValidate.input(req.body, 'change' + (req.authDetails.level === 'admin'? 'admin' : ''));`
			`console.log(error);`
			`console.log(user);`
			`if(error !== undefined) {`
			`res.status(400).json({status: 'Invalid body format'});`
			`return;`
			`}`

			`if (user.hasOwnProperty('pass')) {`
			`user.pass = bcrypt.hashSync(user.pass, 10);`
			`}`

			`// check that user does not already exist if new name was specified`
			`if (user.hasOwnProperty('name') && user.name !== username) {`
			`UserModel.find({name: user.name}).lean().exec( (err, data:any) => {`
			`if (err) next(err);`
			`if (data.length > 0) {`
			`res.status(400).json({status: 'Username already taken'});`
			`return;`
			`}`

			`UserModel.findOneAndUpdate({name: username}, user, {new: true}).lean().exec( (err, data:any) => {`
			`if (err) next(err);`
			`if (data) {`
			`res.json(UserValidate.output(data)); // validate all and filter null values from validation errors`
			`}`
			`else {`
			`res.status(404).json({status: 'Not found'});`
			`}`
			`});`
			`});`
			`}`
			`else {`
			`UserModel.findOneAndUpdate({name: username}, user, {new: true}).lean().exec( (err, data:any) => {`
			`if (err) next(err);`
			`if (data) {`
			`res.json(UserValidate.output(data)); // validate all and filter null values from validation errors`
			`}`
			`else {`
			`res.status(404).json({status: 'Not found'});`
			`}`
			`});`
			`}`
			`});`

added /user/key and edited /user regex 2020-04-27 14:26:51 +02:00			`router.get('/user/key', (req, res, next) => {`
			`console.log('hmm');`
			`if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'basic')) return;`

			`UserModel.findOne({name: req.authDetails.username}).lean().exec( (err, data:any) => {`
			`if (err) next(err);`
			`res.json({key: data.key});`
			`});`
			`});`

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`router.post('/user/new', (req, res, next) => {`
added authorization 2020-04-23 13:59:45 +02:00			`if (!req.auth(res, ['admin'], 'basic')) return;`

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`// validate input`
added PUT /user route 2020-04-24 17:36:39 +02:00			`const {error, value: user} = UserValidate.input(req.body, 'new');`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`if(error !== undefined) {`
			`res.status(400).json({status: 'Invalid body format'});`
			`return;`
			`}`

cannot add username twice 2020-04-22 17:38:24 +02:00			`// check that user does not already exist`
added GET /user route 2020-04-24 12:25:32 +02:00			`UserModel.find({name: user.name}).lean().exec( (err, data:any) => {`
cannot add username twice 2020-04-22 17:38:24 +02:00			`if (err) next(err);`
			`if (data.length > 0) {`
			`res.status(400).json({status: 'Username already taken'});`
			`return;`
			`}`

			`user.key = mongoose.Types.ObjectId(); // use object id as unique API key`
			`bcrypt.hash(user.pass, 10, (err, hash) => { // password hashing`
			`user.pass = hash;`
			`new UserModel(user).save((err, data) => { // store user`
			`if (err) next(err);`
			`res.json(UserValidate.output(data.toObject()));`
			`});`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`});`
			`});`
			`});`

added passreset and mail helper 2020-04-23 17:46:00 +02:00			`router.post('/user/passreset', (req, res, next) => {`
			`// check if user/email combo exists`
changed to findById and improved db.loadJson 2020-04-24 10:53:45 +02:00			`UserModel.find({name: req.body.name, email: req.body.email}).lean().exec( (err, data: any) => {`
added passreset and mail helper 2020-04-23 17:46:00 +02:00			`if (err) next(err);`
			`if (data.length === 1) { // it exists`
			`const newPass = Math.random().toString(36).substring(2);`
			`bcrypt.hash(newPass, 10, (err, hash) => { // password hashing`
			`if (err) next(err);`
changed to findById and improved db.loadJson 2020-04-24 10:53:45 +02:00			`UserModel.findByIdAndUpdate(data[0]._id, {pass: hash}, err => { // write new password`
added passreset and mail helper 2020-04-23 17:46:00 +02:00			`if (err) next(err);`
			`mail(data[0].email, 'Your new password for the DFOP database', 'Hi, <br><br> You requested to reset your password.<br>Your new password is:<br><br>' + newPass + '<br><br>If you did not request a password reset, talk to the sysadmin quickly!<br><br>Have a nice day.<br><br>The DFOP team', err => {`
			`if (err) next(err);`
			`res.json({status: 'OK'});`
			`});`
			`});`
			`});`
			`}`
			`else {`
			`res.status(404).json({status: 'Not found'});`
			`}`
			`});`
			`});`

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`module.exports = router;`