astria
/
3RESIT
1
0
Fork 0
Code Issues Pull Requests 1 Projects 1 Releases 6 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
125 Commits
17 Branches
7 Tags
80 MiB
 
 
 
 
Tree: 0153419389
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0153419389'
${ noResults }
3RESIT/backend/app/middlewares/user.middleware.js

135 lines
4.2 KiB
Raw Blame History

import {body, param, query} from "express-validator";
import {getClient} from "../utils/database.js";
import jwt from "jsonwebtoken";
export const User = {
id: param("id").notEmpty().isNumeric().trim(),
email: body("email").notEmpty().isEmail().trim(),
username: body("username").notEmpty().isAlphanumeric("fr-FR", {ignore: " _-"}).trim(),
password: body("password").notEmpty().trim(),
picture: body("picture").notEmpty().isAlphanumeric().trim(),
}
export const UserRegister = {
email: body("email").notEmpty().isEmail().trim(),
username: body("username").notEmpty().isAlphanumeric("fr-FR", {ignore: " _-"}).trim(),
password: body("password").notEmpty().isStrongPassword({
minLength: 8,
maxLength: 32,
minLowercase: 1,
minUppercase: 1,
minSymbols: 1
}).trim()
}
export const UserLogin = {
username: body("username").notEmpty().isAlphanumeric("fr-FR", {ignore: " _-"}).trim(),
password: body("password").notEmpty().isStrongPassword({
minLength: 8,
maxLength: 32,
minLowercase: 1,
minUppercase: 1,
minSymbols: 1
}).trim(),
}
export const UserRequest = {
username: param("username").notEmpty().isAlphanumeric("fr-FR", {ignore: " _-"}).trim(),
}
export const UserSearch = {
username: query("username").notEmpty().isAlphanumeric("fr-FR", {ignore: " _-"}).trim(),
}
export async function doEmailExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
try {
const query = `SELECT * FROM users WHERE email = $1`;
const result = await client.query(query, [req.body.email]);
if (result.rows.length > 0) {
logger.write("failed because email already exists", 400)
res.status(400).send({error: "Email already exists"})
} else {
next()
}
} finally {
client.release();
}
}
export async function doUsernameExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
try {
const query = `SELECT * FROM users WHERE username = $1`;
const result = await client.query(query, [req.body.username]);
if (result.rows.length > 0) {
logger.write("failed because username already exists", 400)
res.status(400).send({error: "Username already exists"})
} else {
next()
}
} finally {
client.release();
}
}
export async function doUserExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
try {
const query = `SELECT id FROM users WHERE id = $1`;
const result = await client.query(query, [req.params.id]);
if (result.rows.length > 0) {
next()
}else{
logger.write("failed because user doesn't exists", 404)
res.status(404).json({error: "Not Found"})
}
} finally {
client.release();
}
}
export async function doUserExistsBody(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
try {
const query = `SELECT id FROM users WHERE id = $1`;
const result = await client.query(query, [req.body.owner]);
if (result.rows.length > 0) {
next()
}else{
logger.write("failed because user doesn't exists", 404)
res.status(404).json({error: "Not Found"})
}
} finally {
client.release();
}
}
export async function isOwner(req, res, next) {
const logger = req.body.logger;
const token = req.headers.authorization.split(' ')[1];
const claims = jwt.decode(token);
if (req.params.id != claims.id) {
logger.write("failed because he wasn't the owner of the user", 403)
res.status(403).send({error: "Not Authorized"})
} else {
next()
}
}
export async function isOwnerBody(req, res, next) {
const logger = req.body.logger;
const token = req.headers.authorization.split(' ')[1];
const claims = jwt.decode(token);
if (req.body.owner != claims.id) {
logger.write("failed because he wasn't the owner of the user", 403)
res.status(403).send({error: "Not Authorized"})
} else {
next()
}
}