User routes

develop
sundowndev 2018-11-16 18:20:25 +01:00
parent 576ad7cfba
commit d88beab540
2 changed files with 52 additions and 19 deletions

View File

@ -5,13 +5,16 @@ const update = require('./update');
const remove = require('./delete');
const notes = require('./notes');
const Authentication = require.main.require('./app/validation/auth');
const Authentication = require.main.require('./app/validation/auth/auth');
const UpdateValidation = require.main.require('./app/validation/user/update');
const DeleteValidation = require.main.require('./app/validation/user/delete');
/**
* @api {get} /user/me Get account information
* @apiName GetUser
* @apiGroup User
*
* @apiSuccess {String} id Unique ID of the User.
* @apiSuccess {String} firstname Firstname of the User.
* @apiSuccess {String} lastname Lastname of the User.
* @apiSuccess {String} email Email of the User.
@ -24,22 +27,27 @@ user.get('/me', Authentication, profile);
* @apiGroup User
* @apiDescription Send only password and new_password to change the password. Otherwise they will be ignored.
*
* @apiParam {String} Firstname New firstname.
* @apiParam {String} Lastname New lastname.
* @apiParam {String} Email New email address.
* @apiParam {String} Password Actual password.
* @apiParam {String} Password New password.
* @apiParam {String} firstname New firstname. (optional)
* @apiParam {String} lastname New lastname. (optional)
* @apiParam {String} email New email address. (optional)
* @apiParam {String} password Actual password. (optional)
* @apiParam {String} new_password New password (only if you passed password parameter).
*
* @apiSuccess {Object} user User object.
* @apiSuccess {String} id Unique ID of the User.
* @apiSuccess {String} firstname Firstname of the User.
* @apiSuccess {String} lastname Lastname of the User.
* @apiSuccess {String} email Email of the User.
*/
user.put('/me', Authentication, update);
user.put('/me', Authentication, UpdateValidation, update);
/**
* @api {delete} /user/me Delete account
* @apiName DeleteUser
* @apiGroup User
*
* @apiParam {String} password Account password.
*/
user.delete('/me', Authentication, remove);
user.delete('/me', Authentication, DeleteValidation, remove);
/**
* @api {get} /user/me/notes Get all notes

View File

@ -1,20 +1,45 @@
const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
const bcrypt = require('bcrypt-nodejs');
module.exports = (req, res, next) => {
const UserModel = mongoose.model('User');
const { user } = jwt.decode(req.headers.authorization);
return UserModel.findById(user.id, 'id firstname lastname email')
.lean()
.exec()
.then((result) => {
if (result === null) {
return UserModel.findOne({ _id: user.id }, (err, userObj) => {
if (!userObj) {
return next({ status: 401, message: 'User does not exists.' });
}
return res.status(200).json(result);
})
.catch(() => next({ status: 401, message: 'User does not exists.' }));
if (req.body.password) {
bcrypt.compare(req.body.password, user.password, (error, result) => {
if (!result || error) {
return next(
{
status: 401,
message: 'Authentication failed. Wrong password.',
}
);
}
if (req.body.password === req.body.new_password) {
return next(
{
status: 401,
message: 'New password must be different than old password.',
}
);
}
userObj.password = bcrypt.hashSync(req.body.new_password);
});
} else {
userObj.firstname = req.body.firstname || userObj.firstname;
userObj.lastname = req.body.lastname || userObj.lastname;
userObj.email = req.body.email || userObj.email;
}
return userObj.save(() => res.status(200).json(userObj));
});
};