astria
/
3RESIT
1
0
Fork 0
Code Issues Pull Requests 1 Projects 1 Releases 6 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 Commits
17 Branches
7 Tags
80 MiB
 
 
 
 
Tree: 975a523ff6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '975a523ff6'
${ noResults }
3RESIT/backend/app/middlewares/user.middleware.js

117 lines
3.7 KiB
Raw Blame History

import {body, param} from "express-validator";
import {getClient} from "../utils/database.js";
import jwt from "jsonwebtoken";
export const User = {
id: param("id").notEmpty().isNumeric().trim(),
email: body("email").notEmpty().isEmail().trim(),
username: body("username").notEmpty().isAlphanumeric().trim(),
password: body("password").notEmpty().isAlphanumeric().trim(),
picture: body("picture").notEmpty().isAlphanumeric().trim(),
}
export const UserRegister = {
email: body("email").notEmpty().isEmail().trim(),
username: body("username").notEmpty().isAlphanumeric().trim(),
password: body("password").notEmpty().isStrongPassword({
minLength: 8,
maxLength: 32,
minLowercase: 1,
minUppercase: 1,
minSymbols: 1
}).trim()
}
export const UserLogin = {
username: body("username").notEmpty().isAlphanumeric().trim(),
password: body("password").notEmpty().isStrongPassword({
minLength: 8,
maxLength: 32,
minLowercase: 1,
minUppercase: 1,
minSymbols: 1
}).trim(),
}
export const UserRequest = {
username: param("username").notEmpty().isAlphanumeric().trim(),
}
export async function doEmailExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
const query = `SELECT * FROM users WHERE email = '${req.body.email}'`;
const result = await client.query(query);
if (result.rows.length > 0) {
logger.write("failed because email already exists", 400)
res.status(400).send({error: "Email already exists"})
} else {
next()
}
}
export async function doUsernameExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
const query = `SELECT * FROM users WHERE username = '${req.body.username}'`;
const result = await client.query(query);
if (result.rows.length > 0) {
logger.write("failed because username already exists", 400)
res.status(400).send({error: "Username already exists"})
} else {
next()
}
}
export async function doUserExists(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
const query = `SELECT id FROM users WHERE id = ${req.params.id}`;
const result = await client.query(query);
if (result.rows.length > 0) {
next()
}else{
logger.write("failed because user doesn't exists", 404)
res.status(404).json({error: "Not Found"})
}
}
export async function doUserExistsBody(req, res, next) {
const client = await getClient();
const logger = req.body.logger;
const query = `SELECT id FROM users WHERE id = ${req.body.owner}`;
const result = await client.query(query);
if (result.rows.length > 0) {
next()
}else{
logger.write("failed because user doesn't exists", 404)
res.status(404).json({error: "Not Found"})
}
}
export async function isOwner(req, res, next) {
const logger = req.body.logger;
const token = req.headers.authorization.split(' ')[1];
const claims = jwt.decode(token);
if (req.params.id != claims.id) {
logger.write("failed because he wasn't the owner of the user", 403)
res.status(403).send({error: "Not Authorized"})
} else {
next()
}
}
export async function isOwnerBody(req, res, next) {
const logger = req.body.logger;
const token = req.headers.authorization.split(' ')[1];
const claims = jwt.decode(token);
if (req.body.owner != claims.id) {
logger.write("failed because he wasn't the owner of the user", 403)
res.status(403).send({error: "Not Authorized"})
} else {
next()
}
}