dragonroll/backend/routes/user.js

const express = require('express');
const router = express.Router();

const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const passport = require('passport');
const secret = require('../services/keys').secret;
const rateLimitMiddleware = require("../services/rate-limiter");
const { default: jwtDecode } = require('jwt-decode');
const crypto = require("crypto");

const { isAdmin } = require('../services/middleware');

const User = require("../models/User");

const upload = require("../services/storage");

// Admin registers new user
router.post('/register', isAdmin, (req, res) => {
    let setupCode = crypto.randomBytes(64).toString('base64url');
    
    let user = new User({
        admin: false,
        name: crypto.randomBytes(16).toString('base64url'),
        username: crypto.randomBytes(16).toString('base64url'),
        email: crypto.randomBytes(16).toString('base64url'),
        setupCode
    });

    user.save().then(user => {
        res.json({
            status: "ok",
            code: setupCode,
        });
    }).catch({status: "err", msg: "internal"})
});

// User gets if setup account exists given the query code
router.get('/verify-setup', (req, res) => {
    User.findOne({setupCode: req.query.code}).then(user => {
        if(user){
            res.json({status: "ok", code: req.query.code});
        } else {
            res.json({status: "err", msg: "not-exists"})
        }
    });
});

// User posts the parameters of his new account given by admin
router.post('/setup', rateLimitMiddleware, (req, res) => {
    let {
        name,
        username,
        email,
        password
    } = req.body;
    let setupCode = req.query.code;

    if(!(name && username && email && password && setupCode)){
        res.json({
            error: true,
            msg: "params"
        });
        return;
    }

    User.findOne({setupCode}).then((user) => {
        User.findOne({email: email}).then((sameUser) => {
            if(sameUser){
                res.json({
                    error: true,
                    msg: "already-email"
                });
            } else {
                bcrypt.genSalt(10, (err, salt) => {
                    bcrypt.hash(password, salt, (err, hash) => {
                        if(err) throw err;
                        user.password = hash;
                        user.username = username;
                        user.email = email;
                        user.setupCode = undefined;

                        user.save().then(user => {
                            res.json({
                                success: true
                            });
                            return;
                        }).catch((error) => { res.json({ error: true }); return; });
                    });
                })
            }
        }).catch((error) => { res.json({ error: true, msg: "internal" }); return; });
    }).catch((error) => { res.json({ error: true, msg: "internal" }); return; });
});

// Login post
router.post('/login', rateLimitMiddleware, (req, res) => {
    const username = req.body.username;
    const password = req.body.password;
    if(!(username && password)){
        res.json({
            error: true,
            msg: "params"
        });
        return;
    }
    User.findOne({ username: req.body.username}).then((user) => {
        if(!user){
            res.json({
                error: true,
                msg: "wrong"
            });
            return;
        }

        bcrypt.compare(password, user.password).then(isMatch => {
            if(isMatch){
                const payload = {
                    _id: user._id,
                    username: user.username,
                    name: user.name,
                    email: user.email,
                    admin: user.admin,
                    settings: user.settings
                }
                jwt.sign(payload, secret, {
                    expiresIn: 172800
                }, (err, token) => {
                    res.json({
                        success: true,
                        token: token,
                        msg: "success"
                    });
                    return;
                });
            } else {
                res.json({
                    error: true,
                    msg: "wrong"
                });
            }
        });
    });
});

// Upload avatar post
router.post("/upload-avatar", upload.single("image"), passport.authenticate('jwt', {session: false}), (req, res) => {
    const imageName = req.file.filename;

    User.updateOne(req.user, {image: imageName}).then(() => {
        res.json({
            msg: "uploaded",
            success: true
        });
    }).catch((err) => {
        res.json({
            msg: "internal",
            error: true
        });
    });
    
});

router.get("/retrieve-avatar", (req, res) => {
    User.findOne({username: req.query.username}).then((data) => {
        res.json({ status: "ok", image: data.image });
    }).catch((err) => {
        res.json({ status: "error" })
    });
});

router.get("/has-admin", (req, res) => {
    User.findOne({admin: true}).then((data) => {
        if(data) res.json({status: "ok"});
        else res.json({status: "init"});
    }).catch((err) => {
        res.json({ status: "error" });
    });
});

router.post("/update-settings", passport.authenticate('jwt', {session: false}), (req, res) => {
    User.updateOne(req.user, {settings: req.body.settings}).then(() => {
        res.json({
            status: "ok",
            settings: req.body.settings
        })
    }).catch((err) => {
        res.json({status: "error", msg: "internal"})
    });
});

router.get('/get-settings', passport.authenticate('jwt', {session: false}), (req, res) => {
    User.findOne(req.user).then((data) => {
        res.json({
            status: "ok",
            settings: data.settings
        });
    }).catch((err) => res.json({status: "error", msg: "internal"}));
})

module.exports = router;
First commir!!! 2024-08-01 21:26:01 +00:00			`const express = require('express');`
			`const router = express.Router();`

			`const bcrypt = require('bcryptjs');`
			`const jwt = require('jsonwebtoken');`
			`const passport = require('passport');`
Testing backend and client works! 2024-10-09 13:43:58 +00:00			`const secret = require('../services/keys').secret;`
			`const rateLimitMiddleware = require("../services/rate-limiter");`
First commir!!! 2024-08-01 21:26:01 +00:00			`const { default: jwtDecode } = require('jwt-decode');`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`const crypto = require("crypto");`
First commir!!! 2024-08-01 21:26:01 +00:00
Testing backend and client works! 2024-10-09 13:43:58 +00:00			`const { isAdmin } = require('../services/middleware');`
AQ 2024-09-22 15:51:04 +00:00
First commir!!! 2024-08-01 21:26:01 +00:00			`const User = require("../models/User");`

Testing backend and client works! 2024-10-09 13:43:58 +00:00			`const upload = require("../services/storage");`
First commir!!! 2024-08-01 21:26:01 +00:00
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`// Admin registers new user`
User rework falta nomes fer prompt de primera contrasenya i generar links 2024-09-29 11:49:28 +00:00			`router.post('/register', isAdmin, (req, res) => {`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`let setupCode = crypto.randomBytes(64).toString('base64url');`

			`let user = new User({`
			`admin: false,`
			`name: crypto.randomBytes(16).toString('base64url'),`
			`username: crypto.randomBytes(16).toString('base64url'),`
			`email: crypto.randomBytes(16).toString('base64url'),`
			`setupCode`
			`});`

			`user.save().then(user => {`
			`res.json({`
			`status: "ok",`
			`code: setupCode,`
			`});`
			`}).catch({status: "err", msg: "internal"})`
			`});`

			`// User gets if setup account exists given the query code`
Account creation now works 2024-09-30 13:28:04 +00:00			`router.get('/verify-setup', (req, res) => {`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`User.findOne({setupCode: req.query.code}).then(user => {`
			`if(user){`
			`res.json({status: "ok", code: req.query.code});`
Account creation now works 2024-09-30 13:28:04 +00:00			`} else {`
			`res.json({status: "err", msg: "not-exists"})`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`}`
Account creation now works 2024-09-30 13:28:04 +00:00			`});`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`});`

			`// User posts the parameters of his new account given by admin`
			`router.post('/setup', rateLimitMiddleware, (req, res) => {`
First commir!!! 2024-08-01 21:26:01 +00:00			`let {`
			`name,`
			`username,`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`email,`
			`password`
First commir!!! 2024-08-01 21:26:01 +00:00			`} = req.body;`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`let setupCode = req.query.code;`
First commir!!! 2024-08-01 21:26:01 +00:00
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`if(!(name && username && email && password && setupCode)){`
First commir!!! 2024-08-01 21:26:01 +00:00			`res.json({`
			`error: true,`
			`msg: "params"`
			`});`
			`return;`
			`}`

Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`User.findOne({setupCode}).then((user) => {`
			`User.findOne({email: email}).then((sameUser) => {`
			`if(sameUser){`
			`res.json({`
			`error: true,`
			`msg: "already-email"`
			`});`
			`} else {`
			`bcrypt.genSalt(10, (err, salt) => {`
Account creation now works 2024-09-30 13:28:04 +00:00			`bcrypt.hash(password, salt, (err, hash) => {`
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`if(err) throw err;`
			`user.password = hash;`
			`user.username = username;`
			`user.email = email;`
			`user.setupCode = undefined;`
User rework falta nomes fer prompt de primera contrasenya i generar links 2024-09-29 11:49:28 +00:00
Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`user.save().then(user => {`
			`res.json({`
			`success: true`
			`});`
			`return;`
			`}).catch((error) => { res.json({ error: true }); return; });`
			`});`
			`})`
			`}`
			`}).catch((error) => { res.json({ error: true, msg: "internal" }); return; });`
			`}).catch((error) => { res.json({ error: true, msg: "internal" }); return; });`
First commir!!! 2024-08-01 21:26:01 +00:00			`});`

Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`// Login post`
First commir!!! 2024-08-01 21:26:01 +00:00			`router.post('/login', rateLimitMiddleware, (req, res) => {`
			`const username = req.body.username;`
			`const password = req.body.password;`
			`if(!(username && password)){`
			`res.json({`
			`error: true,`
			`msg: "params"`
			`});`
			`return;`
			`}`
			`User.findOne({ username: req.body.username}).then((user) => {`
			`if(!user){`
			`res.json({`
			`error: true,`
			`msg: "wrong"`
			`});`
			`return;`
			`}`

			`bcrypt.compare(password, user.password).then(isMatch => {`
			`if(isMatch){`
			`const payload = {`
			`_id: user._id,`
			`username: user.username,`
			`name: user.name,`
			`email: user.email,`
			`admin: user.admin,`
AQ 2024-09-22 15:51:04 +00:00			`settings: user.settings`
First commir!!! 2024-08-01 21:26:01 +00:00			`}`
			`jwt.sign(payload, secret, {`
			`expiresIn: 172800`
			`}, (err, token) => {`
			`res.json({`
			`success: true,`
			`token: token,`
			`msg: "success"`
			`});`
			`return;`
			`});`
			`} else {`
			`res.json({`
			`error: true,`
			`msg: "wrong"`
			`});`
			`}`
			`});`
			`});`
			`});`

Needs to be done: copy link and setup window 2024-09-29 16:05:11 +00:00			`// Upload avatar post`
First commir!!! 2024-08-01 21:26:01 +00:00			`router.post("/upload-avatar", upload.single("image"), passport.authenticate('jwt', {session: false}), (req, res) => {`
			`const imageName = req.file.filename;`

			`User.updateOne(req.user, {image: imageName}).then(() => {`
			`res.json({`
			`msg: "uploaded",`
			`success: true`
			`});`
			`}).catch((err) => {`
			`res.json({`
			`msg: "internal",`
			`error: true`
			`});`
			`});`

			`});`

			`router.get("/retrieve-avatar", (req, res) => {`
			`User.findOne({username: req.query.username}).then((data) => {`
			`res.json({ status: "ok", image: data.image });`
			`}).catch((err) => {`
			`res.json({ status: "error" })`
			`});`
			`});`

Prepared for pushing 2024-09-21 17:08:36 +00:00			`router.get("/has-admin", (req, res) => {`
			`User.findOne({admin: true}).then((data) => {`
			`if(data) res.json({status: "ok"});`
			`else res.json({status: "init"});`
			`}).catch((err) => {`
			`res.json({ status: "error" });`
			`});`
			`});`

AQ 2024-09-22 15:51:04 +00:00			`router.post("/update-settings", passport.authenticate('jwt', {session: false}), (req, res) => {`
			`User.updateOne(req.user, {settings: req.body.settings}).then(() => {`
			`res.json({`
			`status: "ok",`
			`settings: req.body.settings`
			`})`
			`}).catch((err) => {`
			`res.json({status: "error", msg: "internal"})`
			`});`
			`});`

			`router.get('/get-settings', passport.authenticate('jwt', {session: false}), (req, res) => {`
			`User.findOne(req.user).then((data) => {`
			`res.json({`
			`status: "ok",`
			`settings: data.settings`
			`});`
			`}).catch((err) => res.json({status: "error", msg: "internal"}));`
			`})`

First commir!!! 2024-08-01 21:26:01 +00:00			`module.exports = router;`