User routes
parent
576ad7cfba
commit
d88beab540
|
@ -5,13 +5,16 @@ const update = require('./update');
|
|||
const remove = require('./delete');
|
||||
const notes = require('./notes');
|
||||
|
||||
const Authentication = require.main.require('./app/validation/auth');
|
||||
const Authentication = require.main.require('./app/validation/auth/auth');
|
||||
const UpdateValidation = require.main.require('./app/validation/user/update');
|
||||
const DeleteValidation = require.main.require('./app/validation/user/delete');
|
||||
|
||||
/**
|
||||
* @api {get} /user/me Get account information
|
||||
* @apiName GetUser
|
||||
* @apiGroup User
|
||||
*
|
||||
* @apiSuccess {String} id Unique ID of the User.
|
||||
* @apiSuccess {String} firstname Firstname of the User.
|
||||
* @apiSuccess {String} lastname Lastname of the User.
|
||||
* @apiSuccess {String} email Email of the User.
|
||||
|
@ -24,22 +27,27 @@ user.get('/me', Authentication, profile);
|
|||
* @apiGroup User
|
||||
* @apiDescription Send only password and new_password to change the password. Otherwise they will be ignored.
|
||||
*
|
||||
* @apiParam {String} Firstname New firstname.
|
||||
* @apiParam {String} Lastname New lastname.
|
||||
* @apiParam {String} Email New email address.
|
||||
* @apiParam {String} Password Actual password.
|
||||
* @apiParam {String} Password New password.
|
||||
* @apiParam {String} firstname New firstname. (optional)
|
||||
* @apiParam {String} lastname New lastname. (optional)
|
||||
* @apiParam {String} email New email address. (optional)
|
||||
* @apiParam {String} password Actual password. (optional)
|
||||
* @apiParam {String} new_password New password (only if you passed password parameter).
|
||||
*
|
||||
* @apiSuccess {Object} user User object.
|
||||
* @apiSuccess {String} id Unique ID of the User.
|
||||
* @apiSuccess {String} firstname Firstname of the User.
|
||||
* @apiSuccess {String} lastname Lastname of the User.
|
||||
* @apiSuccess {String} email Email of the User.
|
||||
*/
|
||||
user.put('/me', Authentication, update);
|
||||
user.put('/me', Authentication, UpdateValidation, update);
|
||||
|
||||
/**
|
||||
* @api {delete} /user/me Delete account
|
||||
* @apiName DeleteUser
|
||||
* @apiGroup User
|
||||
*
|
||||
* @apiParam {String} password Account password.
|
||||
*/
|
||||
user.delete('/me', Authentication, remove);
|
||||
user.delete('/me', Authentication, DeleteValidation, remove);
|
||||
|
||||
/**
|
||||
* @api {get} /user/me/notes Get all notes
|
||||
|
|
|
@ -1,20 +1,45 @@
|
|||
const mongoose = require('mongoose');
|
||||
const jwt = require('jsonwebtoken');
|
||||
const bcrypt = require('bcrypt-nodejs');
|
||||
|
||||
module.exports = (req, res, next) => {
|
||||
const UserModel = mongoose.model('User');
|
||||
|
||||
const { user } = jwt.decode(req.headers.authorization);
|
||||
|
||||
return UserModel.findById(user.id, 'id firstname lastname email')
|
||||
.lean()
|
||||
.exec()
|
||||
.then((result) => {
|
||||
if (result === null) {
|
||||
return UserModel.findOne({ _id: user.id }, (err, userObj) => {
|
||||
if (!userObj) {
|
||||
return next({ status: 401, message: 'User does not exists.' });
|
||||
}
|
||||
|
||||
return res.status(200).json(result);
|
||||
})
|
||||
.catch(() => next({ status: 401, message: 'User does not exists.' }));
|
||||
if (req.body.password) {
|
||||
bcrypt.compare(req.body.password, user.password, (error, result) => {
|
||||
if (!result || error) {
|
||||
return next(
|
||||
{
|
||||
status: 401,
|
||||
message: 'Authentication failed. Wrong password.',
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
if (req.body.password === req.body.new_password) {
|
||||
return next(
|
||||
{
|
||||
status: 401,
|
||||
message: 'New password must be different than old password.',
|
||||
}
|
||||
);
|
||||
}
|
||||
|
||||
userObj.password = bcrypt.hashSync(req.body.new_password);
|
||||
});
|
||||
} else {
|
||||
userObj.firstname = req.body.firstname || userObj.firstname;
|
||||
userObj.lastname = req.body.lastname || userObj.lastname;
|
||||
userObj.email = req.body.email || userObj.email;
|
||||
}
|
||||
|
||||
return userObj.save(() => res.status(200).json(userObj));
|
||||
});
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue