-
Notifications
You must be signed in to change notification settings - Fork 394
/
Copy pathusersController.js
130 lines (100 loc) · 3.49 KB
/
usersController.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
const User = require('../models/User')
const Note = require('../models/Note')
const asyncHandler = require('express-async-handler')
const bcrypt = require('bcrypt')
// @desc Get all users
// @route GET /users
// @access Private
const getAllUsers = asyncHandler(async (req, res) => {
// Get all users from MongoDB
const users = await User.find().select('-password').lean()
// If no users
if (!users?.length) {
return res.status(400).json({ message: 'No users found' })
}
res.json(users)
})
// @desc Create new user
// @route POST /users
// @access Private
const createNewUser = asyncHandler(async (req, res) => {
const { username, password, roles } = req.body
// Confirm data
if (!username || !password || !Array.isArray(roles) || !roles.length) {
return res.status(400).json({ message: 'All fields are required' })
}
// Check for duplicate username
const duplicate = await User.findOne({ username }).lean().exec()
if (duplicate) {
return res.status(409).json({ message: 'Duplicate username' })
}
// Hash password
const hashedPwd = await bcrypt.hash(password, 10) // salt rounds
const userObject = { username, "password": hashedPwd, roles }
// Create and store new user
const user = await User.create(userObject)
if (user) { //created
res.status(201).json({ message: `New user ${username} created` })
} else {
res.status(400).json({ message: 'Invalid user data received' })
}
})
// @desc Update a user
// @route PATCH /users
// @access Private
const updateUser = asyncHandler(async (req, res) => {
const { id, username, roles, active, password } = req.body
// Confirm data
if (!id || !username || !Array.isArray(roles) || !roles.length || typeof active !== 'boolean') {
return res.status(400).json({ message: 'All fields except password are required' })
}
// Does the user exist to update?
const user = await User.findById(id).exec()
if (!user) {
return res.status(400).json({ message: 'User not found' })
}
// Check for duplicate
const duplicate = await User.findOne({ username }).lean().exec()
// Allow updates to the original user
if (duplicate && duplicate?._id.toString() !== id) {
return res.status(409).json({ message: 'Duplicate username' })
}
user.username = username
user.roles = roles
user.active = active
if (password) {
// Hash password
user.password = await bcrypt.hash(password, 10) // salt rounds
}
const updatedUser = await user.save()
res.json({ message: `${updatedUser.username} updated` })
})
// @desc Delete a user
// @route DELETE /users
// @access Private
const deleteUser = asyncHandler(async (req, res) => {
const { id } = req.body
// Confirm data
if (!id) {
return res.status(400).json({ message: 'User ID Required' })
}
// Does the user still have assigned notes?
const note = await Note.findOne({ user: id }).lean().exec()
if (note) {
return res.status(400).json({ message: 'User has assigned notes' })
}
// Does the user exist to delete?
const user = await User.findById(id).exec()
if (!user) {
return res.status(400).json({ message: 'User not found' })
}
const result = await user.deleteOne()
const reply = `Username ${user.username} with ID ${user._id} deleted`
res.json(reply)
})
module.exports = {
getAllUsers,
createNewUser,
updateUser,
deleteUser
}