- Initial commit... A DB, some routes, and basic authentication routines...

2019-07-04 16:19:30 -04:00
commit d9a2d33913
32 changed files with 3465 additions and 0 deletions
--- a/routes/users.js
+++ b/routes/users.js
@@ -0,0 +1,169 @@
+const aqp = require('api-query-params');
+const errors = require('restify-errors');
+
+const User = require('../models/user');
+const { PUBLIC, PROTECTED } = require('../strategies/selects/user');
+
+module.exports = function (server, auth) {
+	server.post('/users', auth.manager, (req, res, next) => {
+		let { password = null, ...data } = req.body || {};
+
+		let user = new User(data);
+		user.save(function(err) {
+			if (err) {
+				console.error(err);
+				return next(new errors.InternalError(err.message));
+				next();
+			}
+
+      if (password) {
+        user.setPassword(password);
+      }
+
+			res.send(201);
+			next();
+		});
+	});
+
+	server.get('/users', auth.manager, (req, res, next) => {
+    const { filter } = aqp(req.query);
+    const select = req.user.isManager ? PROTECTED : PUBLIC;
+
+		User.find(filter, select, function (err, docs) {
+			if (err) {
+				console.error(err);
+				return next(
+					new errors.InvalidContentError(err),
+				);
+			}
+
+			res.send(docs);
+			next();
+		});
+	});
+
+	server.get('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
+    const select = req.user.isManager ? PROTECTED : PUBLIC;
+
+		User.findOne({ _id: req.params.user_id }, select, function (err, doc) {
+			if (err) {
+				console.error(err);
+				return next(
+					new errors.InvalidContentError(err),
+				);
+			}
+
+			res.send(doc);
+			next();
+		});
+	});
+
+	server.put('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
+		let data = req.body || {};
+
+		if (!data._id) {
+			data = Object.assign({}, data, { _id: req.params.user_id });
+		}
+
+		User.findOne({ _id: req.params.user_id }, function (err, doc) {
+			if (err) {
+				console.error(err);
+				return next(
+					new errors.InvalidContentError(err),
+				);
+			} else if (!doc) {
+				return next(
+					new errors.ResourceNotFoundError(
+						'The resource you requested could not be found.',
+					),
+				);
+			}
+
+			User.update({ _id: data._id }, data, function (err) {
+				if (err) {
+					console.error(err);
+					return next(
+						new errors.InvalidContentError(err),
+					);
+				}
+
+				res.send(200, data);
+				next();
+			});
+		});
+	});
+
+	server.put('/users/password/:user_id/:reset_token?', function (req, res, next) {
+		let {
+		  currentPassword = null,
+		  newPassword = null,
+		  ...data
+		} = req.body || {};
+
+    if (!newPassword) {
+			return next(
+				new errors.InvalidContentError('Password cannot be empty.'),
+			);
+    }
+
+    let filter = { _id: req.params.user_id };
+    let resetToken = req.params.reset_token || null;
+    if (resetToken) {
+      fiter.resetToken = resetToken;
+    }
+
+		User.findOne(filter, function (err, user) {
+			if (err) {
+				console.error(err);
+				return next(
+					new errors.InvalidContentError(err),
+				);
+			}
+
+			if (!user) {
+				return next(
+					new errors.ResourceNotFoundError(
+						'The user you requested could not be found.',
+					),
+				);
+			}
+
+			if (!resetToken &&
+  			!!user.getAuthStrategy('local') &&
+			  !user.validatePassword(currentPassword)
+			) {
+        return next(
+          new errors.InvalidContentError(
+            'The current password was incorrect.',
+          ),
+        );
+      }
+
+      user.setPassword(newPassword, function (err) {
+				if (err) {
+					console.error(err);
+					return next(
+						new errors.InvalidContentError(err),
+					);
+				}
+
+				res.send(200, data);
+				next();
+      });
+		});
+	});
+
+	server.del('/users/:user_id', auth.manager, (req, res, next) => {
+		User.deleteOne({ _id: req.params.user_id }, function (err) {
+			if (err) {
+				console.error(err);
+				return next(
+					new errors.InvalidContentError(err),
+				);
+			}
+
+			res.send(204);
+			next();
+		});
+	});
+};