definma-api/src/routes/user.ts

import express from 'express';
import mongoose from 'mongoose';
import bcrypt from 'bcryptjs';
import UserValidate from './validate/user';
import UserModel from '../models/user';
import mail from '../helpers/mail';

const router = express.Router();

router.get('/users', (req, res) => {
  res.json({message: 'users up and running!'});
});

router.post('/user/new', (req, res, next) => {
  if (!req.auth(res, ['admin'], 'basic')) return;

  // validate input
  const {error, value: user} = UserValidate.input(req.body);
  if(error !== undefined) {
    res.status(400).json({status: 'Invalid body format'});
    return;
  }

  // check that user does not already exist
  UserModel.find({name: user.name}).lean().exec( 'find', (err, data) => {
    if (err) next(err);
    if (data.length > 0) {
      res.status(400).json({status: 'Username already taken'});
      return;
    }

    user.key = mongoose.Types.ObjectId();  // use object id as unique API key
    bcrypt.hash(user.pass, 10, (err, hash) => {  // password hashing
      user.pass = hash;
      new UserModel(user).save((err, data) => {  // store user
        if (err) next(err);
        res.json(UserValidate.output(data.toObject()));
      });
    });
  });
});

router.post('/user/passreset', (req, res, next) => {
  // check if user/email combo exists
  UserModel.find({name: req.body.name, email: req.body.email}).lean().exec( 'find', (err, data) => {
    if (err) next(err);
    if (data.length === 1) {  // it exists
      const newPass = Math.random().toString(36).substring(2);
      bcrypt.hash(newPass, 10, (err, hash) => {  // password hashing
        if (err) next(err);
        UserModel.findOneAndUpdate({name: req.body.name, email: req.body.email}, {pass: hash}, err => {
          if (err) next(err);
          mail(data[0].email, 'Your new password for the DFOP database', 'Hi, <br><br> You requested to reset your password.<br>Your new password is:<br><br>' + newPass + '<br><br>If you did not request a password reset, talk to the sysadmin quickly!<br><br>Have a nice day.<br><br>The DFOP team', err => {
            if (err) next(err);
            res.json({status: 'OK'});
          });
        });
      });
    }
    else {
      res.status(404).json({status: 'Not found'});
    }
  });
});

module.exports = router;
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`import express from 'express';`
			`import mongoose from 'mongoose';`
			`import bcrypt from 'bcryptjs';`
			`import UserValidate from './validate/user';`
			`import UserModel from '../models/user';`
added passreset and mail helper 2020-04-23 17:46:00 +02:00			`import mail from '../helpers/mail';`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00
			`const router = express.Router();`

			`router.get('/users', (req, res) => {`
			`res.json({message: 'users up and running!'});`
			`});`

			`router.post('/user/new', (req, res, next) => {`
added authorization 2020-04-23 13:59:45 +02:00			`if (!req.auth(res, ['admin'], 'basic')) return;`

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`// validate input`
			`const {error, value: user} = UserValidate.input(req.body);`
			`if(error !== undefined) {`
			`res.status(400).json({status: 'Invalid body format'});`
			`return;`
			`}`

cannot add username twice 2020-04-22 17:38:24 +02:00			`// check that user does not already exist`
			`UserModel.find({name: user.name}).lean().exec( 'find', (err, data) => {`
			`if (err) next(err);`
			`if (data.length > 0) {`
			`res.status(400).json({status: 'Username already taken'});`
			`return;`
			`}`

			`user.key = mongoose.Types.ObjectId(); // use object id as unique API key`
			`bcrypt.hash(user.pass, 10, (err, hash) => { // password hashing`
			`user.pass = hash;`
			`new UserModel(user).save((err, data) => { // store user`
			`if (err) next(err);`
			`res.json(UserValidate.output(data.toObject()));`
			`});`
implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`});`
			`});`
			`});`

added passreset and mail helper 2020-04-23 17:46:00 +02:00			`router.post('/user/passreset', (req, res, next) => {`
			`// check if user/email combo exists`
			`UserModel.find({name: req.body.name, email: req.body.email}).lean().exec( 'find', (err, data) => {`
			`if (err) next(err);`
			`if (data.length === 1) { // it exists`
			`const newPass = Math.random().toString(36).substring(2);`
			`bcrypt.hash(newPass, 10, (err, hash) => { // password hashing`
			`if (err) next(err);`
			`UserModel.findOneAndUpdate({name: req.body.name, email: req.body.email}, {pass: hash}, err => {`
			`if (err) next(err);`
			`mail(data[0].email, 'Your new password for the DFOP database', 'Hi, <br><br> You requested to reset your password.<br>Your new password is:<br><br>' + newPass + '<br><br>If you did not request a password reset, talk to the sysadmin quickly!<br><br>Have a nice day.<br><br>The DFOP team', err => {`
			`if (err) next(err);`
			`res.json({status: 'OK'});`
			`});`
			`});`
			`});`
			`}`
			`else {`
			`res.status(404).json({status: 'Not found'});`
			`}`
			`});`
			`});`

implemented first tests and basic functionality 2020-04-22 17:24:15 +02:00			`module.exports = router;`