mustachebash
diff --git a/‎.eslintrc.js
+1-5 b/‎.eslintrc.js
+1-5
diff --git a/‎Dockerfile
+1-1 b/‎Dockerfile
+1-1
diff --git a/‎lib/config.js
+3 b/‎lib/config.js
+3
diff --git a/‎lib/middleware/auth.js
+1 b/‎lib/middleware/auth.js
+1
diff --git a/‎lib/routes/events.js
+3-3 b/‎lib/routes/events.js
+3-3
diff --git a/‎lib/routes/index.js
+16-3 b/‎lib/routes/index.js
+16-3
diff --git a/‎lib/routes/products.js
+1-1 b/‎lib/routes/products.js
+1-1
diff --git a/‎lib/routes/promos.js
+2-2 b/‎lib/routes/promos.js
+2-2
diff --git a/‎lib/routes/users.js
+3-27 b/‎lib/routes/users.js
+3-27
@@ -1,10 +1,6 @@
 module.exports = {
 	"parserOptions": {
-		"ecmaVersion": 9,
-		"ecmaFeatures": {
-			"impliedStrict": true,
-			experimentalObjectRestSpread: true
-		}
+		"ecmaVersion": 2022
 	},
 	"globals": {
 		"describe": false,
 
@@ -1,4 +1,4 @@
-FROM node:16.11-alpine
+FROM node:20.10-alpine3.19
 RUN mkdir -p /mustachebash
 WORKDIR /mustachebash
 COPY package.json package-lock.json ticket-logo.png ./
 
@@ -13,6 +13,9 @@ module.exports = {
 		transactionSecret: process.env.JWT_TRANSACTION_SECRET,
 		ticketSecret: process.env.JWT_TICKET_SECRET
 	},
+	google: {
+		identityClientId: process.env.GOOGLE_IDENTITY_CLIENT_ID
+	},
 	mailgun: {
 		domain: process.env.MAILGUN_DOMAIN,
 		apiKey: process.env.MAILGUN_API_KEY
 
@@ -14,6 +14,7 @@ module.exports = {
 			const { role, sub } = validateAccessToken(accessToken);
 
 			ctx.user = {
+				id: sub,
 				username: sub,
 				role
 			};
 
@@ -24,16 +24,16 @@ eventsRouter
 		try {
 			const event = await getEvent(ctx.params.id);
 
-			if(!event) ctx.throw(404);
-
 			return ctx.body = event;
 		} catch(e) {
+			if(e.code === 'NOT_FOUND') ctx.throw(404);
+
 			ctx.throw(e);
 		}
 	})
 	.patch('/:id', requiresPermission('admin'), async ctx => {
 		try {
-			const event = await updateEvent(ctx.params.id, {updatedBy: ctx.user.username, ...ctx.request.body});
+			const event = await updateEvent(ctx.params.id, {...ctx.request.body, updatedBy: ctx.user.id});
 
 			return ctx.body = event;
 		} catch(e) {
 
@@ -4,7 +4,7 @@
  */
 const Router = require('@koa/router'),
 	{ authorizeUser, requiresPermission } = require('../middleware/auth'),
-	{ authenticateUser, refreshAccessToken } = require('../services/auth'),
+	{ authenticateUser, authenticateGoogleUser, refreshAccessToken } = require('../services/auth'),
 	{ validateTransactionToken } = require('../services/transactions'),
 	{ generateTicketsPDF } = require('../services/pdf'),
 	{ getTransactionTickets, checkInWithTicket } = require('../services/guests'),
@@ -114,10 +114,23 @@ apiRouter
 
 apiRouter
 	.post('/authenticate', async ctx => {
-		if(!ctx.request.body.username || !ctx.request.body.password) ctx.throw(400);
+		if(
+			(!ctx.request.body.username || !ctx.request.body.password) &&
+			!ctx.request.body.token
+		) ctx.throw(400);
 
 		try {
-			const user = await authenticateUser(ctx.request.body.username, ctx.request.body.password);
+			let user;
+			switch(ctx.request.body.authority) {
+				case 'google':
+					user = await authenticateGoogleUser(ctx.request.body.token);
+					break;
+
+				case 'email':
+				default:
+					user = await authenticateUser(ctx.request.body.username, ctx.request.body.password);
+					break;
+			}
 
 			return ctx.body = user;
 		} catch(e) {
 
@@ -46,7 +46,7 @@ productsRouter
 	})
 	.patch('/:id', async ctx => {
 		try {
-			const product = await updateProduct(ctx.params.id, ctx.request.body);
+			const product = await updateProduct(ctx.params.id, {...ctx.request.body, updatedBy: ctx.user.id});
 
 			return ctx.body = product;
 		} catch(e) {
 
@@ -19,7 +19,7 @@ promosRouter
 	})
 	.post('/', authorizeUser, requiresPermission('admin'), async ctx => {
 		try {
-			const promo = await createPromo({createdBy: ctx.user.username, ...ctx.request.body});
+			const promo = await createPromo({...ctx.request.body, createdBy: ctx.user.id});
 
 			ctx.set('Location', `https://${ctx.host}${ctx.path}/${promo.id}`);
 			ctx.status= 201;
@@ -61,7 +61,7 @@ promosRouter
 	})
 	.delete('/:id', authorizeUser, requiresPermission('admin'), async ctx => {
 		try {
-			const promo = await updatePromo(ctx.params.id, {updatedBy: ctx.user.username, status: 'disabled'});
+			const promo = await updatePromo(ctx.params.id, {updatedBy: ctx.user.id, status: 'disabled'});
 
 			return ctx.body = promo;
 		} catch(e) {
 
@@ -1,6 +1,6 @@
 const Router = require('@koa/router'),
-	{ authorizeUser, requiresPermission } = require('../middleware/auth'),
-	{ createUser, getUsers, getUser, updateUser } = require('../services/auth');
+	{ authorizeUser } = require('../middleware/auth'),
+	{ getUsers, getUser } = require('../services/auth');
 
 const usersRouter = new Router({
 	prefix: '/users'
@@ -17,39 +17,15 @@ usersRouter
 		} catch(e) {
 			ctx.throw(e);
 		}
-	})
-	.post('/', requiresPermission('god'), async ctx => {
-		if(!ctx.request.body.username || !ctx.request.body.password) ctx.throw(400);
-
-		try {
-			const user = await createUser(ctx.request.body);
-
-			delete user.password;
-			ctx.set('Location', `https://${ctx.host}${ctx.path}/${user.id}`);
-			ctx.status = 201;
-			return ctx.body = user;
-		} catch(e) {
-			ctx.throw(e);
-		}
 	});
 
 usersRouter
-	.get('/:username', async ctx => {
+	.get('/:id', async ctx => {
 		try {
 			const user = await getUser(ctx.params.username);
 
 			if(!user) ctx.throw(404);
 
-			delete user.password;
-			return ctx.body = user;
-		} catch(e) {
-			ctx.throw(e);
-		}
-	})
-	.patch('/:username', requiresPermission('god'), async ctx => {
-		try {
-			const user = await updateUser(ctx.params.username, ctx.request.body);
-
 			delete user.password;
 			return ctx.body = user;
 		} catch(e) {
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM node:16.11-alpine`
	`1`	`+FROM node:20.10-alpine3.19`
`2`	`2`	`RUN mkdir -p /mustachebash`
`3`	`3`	`WORKDIR /mustachebash`
`4`	`4`	`COPY package.json package-lock.json ticket-logo.png ./`