mifi/looking-monorepo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move backend files to backend/ subdirectory

Browse Source
This commit is contained in:
Mike Fitzpatrick
2025-07-25 19:09:35 -03:00
parent d04304b573
commit 1bd4ca0d98
59 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
backend/routes/auth.js Normal file
View File

@@ -0,0 +1,200 @@
const EventEmitter = require('events');
const Express = require('express');
const ResetModel = require('../models/reset');
const Router = Express.Router();
const Token = require('../modules/token');
Router.route('/login')
.post((req, res, next) => {
var AuthEvents = new EventEmitter();
var data = req.body;
var headers = req.headers;
AuthEvents.once('authenticateUser', (err, result) => {
console.log('[AuthRoute::POST::/auth/login] User Authenticated', { err: err, result: result });
login = result || {};
login.status = result.status || 500;
if (err) {
login.err = err;
res.status(login.status).json(login);
}
if (login) {
// Authenticated - create session
if (login.authorized) {
var TokenEvents = new EventEmitter();
TokenEvents.once('token:create', (err, token) => {
if (err) {
login = {
status: 500,
authorized: false,
err: err
};
}
if (token) {
login.token = token;
res.status(login.status).json(login);
}
});
Token.create(TokenEvents, login.user);
}
// Authentication failed
else {
res.status(login.status).json(login);
}
}
});
UserModel.authenticateUser(AuthEvents, data, headers);
});
Router.route('/secure/:auth/:expires?')
.get((req, res) => {
if (req.params.auth === 'gutenberg') {
let TokenEvents = new EventEmitter();
let expires = req.params.expires || '15m';
let token = { username: 'apiuser', can: ['add','edit','delete','manage','super','update','view'] };
TokenEvents.once('token:create', (err, token) => {
if (err) {
res.status(500).json({
authorized: false,
err: err
});
}
if (token) {
res.status(200).json({
authorized: true,
token: token
});
}
});
Token.create(TokenEvents, token, expires);
} else {
res.status(403).json({ authorized: false, message: 'operation not authorized' });
}
});
Router.route('/reset/:id?/:token?')
.get((req, res) => {
var id = req.params.id ? decodeURIComponent(req.params.id) : false;
var token = req.params.token ? decodeURIComponent(req.params.token) : false;
var ResetEvents = new EventEmitter();
ResetEvents.once('checkReset', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error validating the password reset', err: err });
}
if (result) {
res.status(200).json(result);
}
});
ResetModel.checkReset(ResetEvents, id, token);
})
.post((req, res) => {
var username = req.body.username;
var ResetEvents = new EventEmitter();
ResetEvents.once('sendReset', (err, result) => {
if (err) {
console.log('[routes/auth::sendReset] Error: ', { err: err });
res.status(500).json({ message: 'There was an error requesting the password reset', err: err });
}
if (result) {
console.log('[routes/auth::sendReset] Success: ', { result: result });
res.status(200).json(result);
}
});
UserModel.findUser({ userName: username }, (err, user) => {
ResetModel.sendReset(ResetEvents, user);
});
})
.put((req, res) => {
var id = req.params.id ? decodeURIComponent(req.params.id) : false;
var token = req.params.token ? decodeURIComponent(req.params.token) : false;
var data = req.body;
var UserEvents = new EventEmitter();
UserEvents.once('updatePassword', (err, result) => {
if (err) {
res.status(500).json({ message: err.message, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updatePassword(UserEvents, id, token, data);
});
Router.route('/session')
.get((req, res) => {
var AuthEvents = new EventEmitter();
var token = req.get('authorization');
AuthEvents.once('token:validate', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error validating the token', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Token.validate(AuthEvents, token);
})
.post((req, res) => {
var AuthEvents = new EventEmitter();
AuthEvents.once('token:create', (err, token) => {
if (err) {
res.status(500).json({
status: 500,
authorized: false,
err: err
});
}
if (token) {
res.status(200).json({
status: 200,
authorized: false,
token: token
});
}
});
Token.anonymous(AuthEvents);
})
.put((req, res) => {
var AuthEvents = new EventEmitter();
var token = req.get('authorization');
AuthEvents.once('token:refresh', (err, token) => {
if (err) {
res.status(500).json({ message: 'There was an error refreshing the token', err: err });
}
if (token) {
res.status(200).json(token);
}
});
Token.refresh(AuthEvents, token);
});
module.exports = Router;

86
backend/routes/geocache.js Normal file
View File

@@ -0,0 +1,86 @@
var EventEmitter = require('events');
var Express = require('express');
var GeocacheModel = require('../models/geocache');
var Router = Express.Router();
var Token = require('../modules/token');
function updateGeocache (req, res, next) {
Token.verifyThen(req.get('authorization'), 'manageAppPreferences', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
GeoEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel.update(GeoEvents, id, geodata);
});
}
Router.route('/populate/:field')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manageAppPreferences', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var method = 'populate' + (req.params.field[0].toUpperCase() + req.params.field.substring(1));
GeoEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel[method](GeoEvents);
});
});
Router.route('/:id?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'viewPublicDetails', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
var GeoEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getGeo' : 'getGeos';
GeoEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get geodata' + (id ? ' for id: ' + id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
GeocacheModel[method](GeoEvents, id || null);
});
})
.patch( updateGeocache )
.post( updateGeocache )
.put( updateGeocache );
module.exports = Router;

445
backend/routes/profiles.js Normal file
View File

@@ -0,0 +1,445 @@
const EventEmitter = require('events');
const Express = require('express');
const ParamStr = '/:limit?/:skip?/:min?/:max?/:pos?/:lkng?/:tribes?/:ethnos?';
const Profiles = require('../models/profile');
const Router = Express.Router();
const Token = require('../modules/token');
function processQueryParams (params) {
var query = {};
if (params.min && !isNaN(parseInt(params.min))) {
query['details.age'] = query['details.age'] || {};
query['details.age'].$gte = parseInt(params.min);
}
if (params.max && !isNaN(parseInt(params.max))) {
query['details.age'] = query['details.age'] || {};
query['details.age'].$lte = parseInt(params.max);
}
if (params.pos && params.pos !== 'null') {
query['details.position'] = { $in: params.pos.split('|') };
}
if (params.lkng && params.lkng !== 'null') {
query['details.looking'] = { $in: params.lkng.split('|') };
}
if (params.tribes && params.tribes !== 'null') {
query['details.tribes'] = { $in: params.tribes.split('|') };
}
if (params.ethnos && params.ethnos !== 'null') {
query['details.ethnos'] = { $in: params.ethnos.split('|') };
}
return query;
}
function update (req, res, next) {
Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
if (!id || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return;
}
ProfileEvents.once('update', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.update(ProfileEvents, id, data);
}
});
}
function updateMessage (req, res, next) {
Token.verifyThen(req.get('authorization'), 'update', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
var messageId = req.params.messageId;
var data = req.body;
if (!profileId || !data) {
res.status(500).json({ message: 'No profile id or data specified.', err: err });
return;
}
ProfileEvents.once('updateMessage', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update profile id: ' + profileId + ' [' + err + ']', err: err});
}
if (result) {
res.status(200).json(result);
}
});
Profiles.updateMessage(ProfileEvents, profileId, messageId, data);
}
});
}
Router.route('/approve/:id')
.get((req, res) => {
var ProfileEvents = new EventEmitter();
var id = req.params.id;
ProfileEvents.once('approveSubmission', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not approve user profile submission', err: err, profile: profile });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.approveSubmission(ProfileEvents, id);
});
Router.route('/find' + ParamStr)
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = {
find: find,
select: null,
options: {
limit: !isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0,
skip: !isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0,
sort: { 'order': 1 }
}
};
ProfileEvents.once('find', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error getting the getting the profiles [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.find(ProfileEvents, query);
}
});
});
Router.route('/list' + ParamStr)
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var find = processQueryParams(req.params);
var query = {
find: find,
select: { order: 1, 'details.name': 1, 'details.pic.thumb': 1 },
options: {
limit: (!isNaN(parseInt(req.params.limit)) ? parseInt(req.params.limit) : 0),
skip: (!isNaN(parseInt(req.params.skip)) ? parseInt(req.params.skip) : 0),
sort: { 'order': 1 }
}
};
ProfileEvents.once('find', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error getting the profile list [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.find(ProfileEvents, query);
}
});
});
Router.route('/submission')
.post((req, res) => {
var ProfileEvents = new EventEmitter();
var profile = req.body;
ProfileEvents.once('processSubmission', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not process user profile submission', err: err, profile: profile });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.processSubmission(ProfileEvents, profile);
});
Router.route('/submitted')
.get( (req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
ProfileEvents.once('allSubmitted', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get profiles', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.allSubmitted(ProfileEvents);
}
});
});
Router.route('/verified')
.get( (req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
ProfileEvents.once('allVerified', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get profiles', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.allVerified(ProfileEvents);
}
});
});
Router.route('/:profileId/messages/images/:which?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var method;
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId;
switch (req.params.which) {
case "all":
method = 'allChatImages';
break;
case "sent":
method = 'allChatImagesSent';
break;
case "recd":
default:
method = 'allChatImagesReceived';
}
ProfileEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get chat images for profile ' + profileId + '. [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles[method](ProfileEvents, profileId);
}
});
});
Router.route('/:profileId/messages/:messageId?')
.delete((req, res) => {
Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null;
ProfileEvents.once('deleteMessage', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not delete message id: ' + messageId + ' [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.deleteMessage(ProfileEvents, profileId, messageId);
}
});
})
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profileId = req.params.profileId || null;
var messageId = req.params.messageId || null;
var method = messageId ? 'getMessage' : 'allMessages';
ProfileEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get message' + (messageId ? ' ' : 's ') + 'for profile' + (profileId ? '' : 's') + ' [' + err + ']', err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles[method](ProfileEvents, profileId, messageId);
}
});
})
.patch( updateMessage )
.put( updateMessage );
Router.route('/:id?')
.delete( (req, res) => {
Token.verifyThen(req.get('authorization'), 'delete', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var id = req.params.id;
ProfileEvents.once('delete', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete profile id: ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
Profiles.delete(ProfileEvents, id);
}
});
})
.get( (req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var id = req.params.id || null;
var method = id ? 'get' : 'all';
ProfileEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get profile' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
Profiles[method](ProfileEvents, id);
}
});
})
.patch( update )
.post((req, res) => {
// Token.verifyThen(req.get('authorization'), 'add', (err, decoded) => {
// if (err || (decoded && !decoded.hasPermission)) {
// res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
// return;
// }
//
// if (decoded && decoded.hasPermission) {
var ProfileEvents = new EventEmitter();
var profile = Array.isArray(req.body) ? req.body : [ req.body ];
var multi = profile.length > 1;
ProfileEvents.once('create', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create profile' + (multi ? 's' : ''), err: err, profile: profile });
}
if (result) {
res.status(200).json(result);
}
});
Profiles.create(ProfileEvents, profile);
// }
// });
})
.put( update );
module.exports = Router;

328
backend/routes/users.js Normal file
View File

@@ -0,0 +1,328 @@
var EventEmitter = require('events');
var Express = require('express');
var Router = Express.Router();
var Token = require('../modules/token');
var UserModel = require('../models/user');
function updateUser (req, res, next) {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id;
var data = req.body;
if (id === decoded.data.uid || decoded.canElevate) {
if (!decoded.canElevate) {
delete data.permission;
}
UserEvents.once('updateUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not update user id ' + id, err: err});
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUser(UserEvents, id, data);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
}
});
}
function updateUserSetting (req, res, next) {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var settingsId = req.params.settingsId;
var data = req.body;
UserEvents.once('updateUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not update setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.updateUserSetting(UserEvents, userId, settingsId, data);
}
});
}
Router.route('/')
.post((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var user = req.body;
UserEvents.once('createUser', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUser(UserEvents, user);
}
});
});
Router.route('/search/:find?')
.get((req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
// Process parameters
var find = req.params.find ? decodeURIComponent(req.params.find) : false;
if (find) {
find = {
'userName': new RegExp(find, 'i'),
'name.last': new RegExp(find, 'i'),
'name.first': new RegExp(find, 'i'),
'email': new RegExp(find, 'i')
};
}
// Setup query object
var query = {
find: find || (req.query.find ? JSON.parse(decodeURIComponent(req.query.find)) : {}),
select: req.query.select ? decodeURIComponent(req.query.select) : null,
options: {
limit: req.query.limit ? parseInt(req.query.limit) : 0,
skip: req.query.ski ? parseInt(req.query.skip) : 0,
sort: req.query.sort ? JSON.parse(decodeURIComponent(req.query.sort)) : { 'userName': 1 }
}
};
UserEvents.once('getUsers', (err, result) => {
if (err) {
res.status(500).json({ message: 'There was an error performing the user search', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.getUsers(UserEvents, query);
}
});
});
Router.route('/validate/:username?')
.get((req, res) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var username = req.params.username || '';
if (username && username.length >= 4) {
UserEvents.once('isUserNameUnique', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not validate username: ' + username, err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.isUserNameUnique(UserEvents, username);
} else {
res.status(200).json({ unique: null, length: false });
}
}
});
});
Router.route('/force-password-reset/:id')
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'super', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id;
UserEvents.once('forcePasswordReset', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not force password reset for the user', err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.forcePasswordReset(UserEvents, id);
}
});
});
Router.route('/:id/settings/:key?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id;
var key = req.params.key || false;
var method = key ? 'getUserSetting' : 'getUserSettings';
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get setting' + (key ? ' key:' + key : 's') + ' for user ' + (id ? id : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id, key);
}
});
});
Router.route('/:userId/settings/:settingsId?')
.patch( updateUserSetting )
.post( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'view', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var userId = req.params.userId;
var data = req.body;
UserEvents.once('createUserSetting', (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not create setting' + (data.key ? ' key:' + data.key : 's') + ' for user ' + (userId ? userId : ''), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel.createUserSetting(UserEvents, userId, data);
}
});
})
.put( updateUserSetting );
Router.route('/:id?')
.get( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action. ' + err, err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id || false;
var method = id ? 'getUser' : 'getUsers';
if ((id === decoded.data.uid && method === 'getUser') || decoded.canElevate) {
UserEvents.once(method, (err, result) => {
if (err) {
res.status(500).json({ message: 'Could not get user' + (id ? '' : 's'), err: err });
}
if (result) {
res.status(200).json(result);
}
});
UserModel[method](UserEvents, id || false, !decoded.canElevate);
} else {
res.status(403).json({ message: 'User not authorized to perform this action.' });
}
}
});
})
.put( updateUser )
.patch( updateUser )
.delete( (req, res, next) => {
Token.verifyThen(req.get('authorization'), 'manage', (err, decoded) => {
if (err || (decoded && !decoded.hasPermission)) {
res.status(403).json({ message: 'User not authorized to perform this action.', err: err });
return;
}
if (decoded && decoded.hasPermission) {
var UserEvents = new EventEmitter();
var id = req.params.id;
if (id === decoded.data.uid) {
res.status(403).json({ message: 'You cannot delete yourself. Surely it isn\'t that bad?!' });
return;
}
UserEvents.once('deleteUser', (err, result) => {
if (err) {
res.status(500).json({message: 'Could not delete user id ' + id, err: err});
}
if (result) {
res.status(204).json({});
}
});
UserModel.deleteUser(UserEvents, id);
}
});
});
module.exports = Router;