@ -4,8 +4,9 @@ const {sign} = require('jsonwebtoken');
module . exports = ( app , router ) => {
const Users = app . db . models . ani . users ;
router . get ( '/user' , ( req , res ) => res . send ( "/user: /user/:id required." ) ) ;
//router.use(app.util.list(router, '/user')); //list users
//router.get('/user', (req, res) => res.send("/user: /user/:id required."));
router . use ( '/users' , ( req , res , next ) => { req . listData = Object . keys ( app . cache . users ) ; next ( ) } , app . util . list ( router , '/users' ) ) ; //list users
router . use ( '/user' , ( req , res , next ) => { req . listData = Object . keys ( app . cache . users ) ; next ( ) } , app . util . list ( router , '/user' ) ) ;
router . route ( '/user/:id' )
. get ( async ( req , res ) => {
@ -21,27 +22,30 @@ module.exports = (app, router) => {
if ( ! req . body ) { return res . status ( 400 ) . send ( "Missing body!" ) ; }
if (
! req . body . name || ! req . body . discord || ! req . body . permissions || ! Array . isArray ( req . body . permissions )
|| ! req . body . name . match ( /^[\w_ ]+$/gm ) || req . body . name . length > 20
|| ! req . params . id . match ( /^[\w_]+$/gm ) || req . params . id . length > 15
|| ! req . body . name . match ( /^[\w_\- ]+$/gm ) || req . body . name . length > 20
|| ! req . params . id . match ( /^[\w_\- ]+$/gm ) || req . params . id . length > 15
|| ! req . body . password || req . body . password . length > 30
) { return res . status ( 400 ) . send ( "Malformed body or missing body data. Make sure you have all the required parameters, and you don't have illegal characters present." ) ; }
const newUser = new Users ( {
id : req . params . id . toLowerCase ( ) ,
name : req . body . name ,
permissions : req . body . permissions ,
permissions : req . body . permissions . map ( permission => permission . toLowerCase ( ) ) ,
discord : req . body . discord ,
password : hashSync ( req . body . password , 8 )
} ) ;
return newUser . save ( )
. then ( ( ) => res . json ( {
message : "Successfully added user." ,
name : newUser . name ,
discord : newUser . discord ,
id : newUser . id ,
permissions : newUser . permissions ,
accessToken : sign ( { id : newUser . id } , app . auth . jwt _secret , { expiresIn : "15d" } )
} ) )
. then ( ( ) => {
app . cache . users [ newUser . id ] = { id : newUser . id , discord : newUser . discord } ;
return res . json ( {
message : "Successfully added user." ,
name : newUser . name ,
discord : newUser . discord ,
id : newUser . id ,
permissions : newUser . permissions ,
accessToken : sign ( { id : newUser . id } , app . auth . jwt _secret , { expiresIn : "15d" } )
} ) ;
} )
. catch ( e => { console . error ( "Error trying to add new user" , e ) ; res . status ( 500 ) . send ( "Something went wrong." ) ; } ) ;
}
catch ( e ) { console . error ( "Error trying to add new user" , e ) ; res . status ( 500 ) . send ( "Something went wrong." ) ; }
@ -66,17 +70,17 @@ module.exports = (app, router) => {
} ) ;
} )
. get ( app . auth . token , ( req , res ) => {
if ( ! req . user ) { return res . status ( 401 ) . send ( "You have not been authenticated, and will not be able to access any sensitive routes." ) ; }
if ( ! req . a uthenticatedU ser) { return res . status ( 401 ) . send ( "You have not been authenticated, and will not be able to access any sensitive routes." ) ; }
return res . json ( {
message : "You are authenticated, and your token is valid." ,
name : req . user . name ,
discord : req . user . discord ,
id : req . user . id ,
permissions : req . user . permissions
name : req . a uthenticatedU ser. name ,
discord : req . a uthenticatedU ser. discord ,
id : req . a uthenticatedU ser. id ,
permissions : req . a uthenticatedU ser. permissions
} ) ;
} ) ;
router . use ( '/user/:id/permissions' , async ( req , res , next ) => {
router . use ( '/user/:id/permissions' , app . auth . tokenPass , app . auth . permsPass ( 'edit-users' ) , async ( req , res , next ) => {
if ( ! req . params . id ) { return res . status ( 400 ) . send ( "Missing ID!" ) ; }
const user = await Users . findOne ( { id : req . params . id . toLowerCase ( ) } ) ;
if ( ! user ) { return res . status ( 404 ) . send ( "That user doesn't exist!" ) ; }
@ -89,5 +93,9 @@ module.exports = (app, router) => {
req . user . permissions = permissions ;
req . user . markModified ( 'permissions' ) ;
await req . user . save ( ) ;
} , ( req , res , next ) => {
if ( ! req . authenticatedUser ) { return res . status ( 401 ) . send ( "You must be authenticated before you do that!" ) ; }
if ( req . unauthorized ) { return res . status ( 401 ) . send ( "You are not authorized to edit users!" ) ; }
return next ( ) ;
} ) ) ;
} ;