Eventment-API/routes/users.js

const aqp = require('api-query-params');
const errors = require('restify-errors');

const User = require('../models/user');
const { PUBLIC, PROTECTED } = require('../strategies/selects/user');

module.exports = function (server, auth) {
	server.post('/users', auth.manager, (req, res, next) => {
		let { password = null, ...data } = req.body || {};

		let user = new User(data);
		user.save(function(err) {
			if (err) {
				console.error(err);
				return next(new errors.InternalError(err.message));
				next();
			}

      if (password) {
        user.setPassword(password);
      }

			res.send(201);
			next();
		});
	});

	server.get('/users', auth.manager, (req, res, next) => {
    const { filter } = aqp(req.query);
    const select = req.user.isManager ? PROTECTED : PUBLIC;

		User.find(filter, select, function (err, docs) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(docs);
			next();
		});
	});

	server.get('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
    const select = req.user.isManager ? PROTECTED : PUBLIC;

		User.findOne({ _id: req.params.user_id }, select, function (err, doc) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(doc);
			next();
		});
	});

	server.put('/users/:user_id', auth.managerOrSelf, (req, res, next) => {
		let data = req.body || {};

		if (!data._id) {
			data = Object.assign({}, data, { _id: req.params.user_id });
		}

		User.findOne({ _id: req.params.user_id }, function (err, doc) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			} else if (!doc) {
				return next(
					new errors.ResourceNotFoundError(
						'The resource you requested could not be found.',
					),
				);
			}

			User.update({ _id: data._id }, data, function (err) {
				if (err) {
					console.error(err);
					return next(
						new errors.InvalidContentError(err),
					);
				}

				res.send(200, data);
				next();
			});
		});
	});

	server.put('/users/password/:user_id/:reset_token?', function (req, res, next) {
		let {
		  currentPassword = null,
		  newPassword = null,
		  ...data
		} = req.body || {};

    if (!newPassword) {
			return next(
				new errors.InvalidContentError('Password cannot be empty.'),
			);
    }

    let filter = { _id: req.params.user_id };
    let resetToken = req.params.reset_token || null;
    if (resetToken) {
      fiter.resetToken = resetToken;
    }

		User.findOne(filter, function (err, user) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			if (!user) {
				return next(
					new errors.ResourceNotFoundError(
						'The user you requested could not be found.',
					),
				);
			}

			if (!resetToken &&
  			!!user.getAuthStrategy('local') &&
			  !user.validatePassword(currentPassword)
			) {
        return next(
          new errors.InvalidContentError(
            'The current password was incorrect.',
          ),
        );
      }

      user.setPassword(newPassword, function (err) {
				if (err) {
					console.error(err);
					return next(
						new errors.InvalidContentError(err),
					);
				}

				res.send(200, data);
				next();
      });
		});
	});

	server.del('/users/:user_id', auth.manager, (req, res, next) => {
		User.deleteOne({ _id: req.params.user_id }, function (err) {
			if (err) {
				console.error(err);
				return next(
					new errors.InvalidContentError(err),
				);
			}

			res.send(204);
			next();
		});
	});
};