opt-cc/api/routes/users.js

"use strict";

// modules
const express = require('express');
const fs = require('fs');
const logger = require('debug')('me2u5:users');

// HTTP status codes by name
const codes = require('./http-codes');

const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkHl = require('../middleware/permission-check').checkHl;
const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo');
const filterHandlerCreator = require('../middleware/filter-handler-mongo');
const routerHandling = require('../middleware/router-handling');

// Mongoose Model using mongoDB
const UserModel = require('../models/user');
const SquadModel = require('../models/squad');
const AwardingModel = require('../models/awarding');

const users = express.Router();

users.get('/', filterHandlerCreator(UserModel.schema.paths));
users.get('/', offsetlimitMiddleware);

// routes **********************
users.route('/')
  .get((req, res, next) => {
    const userQuery = () => {
      UserModel.find(dbFilter, res.locals.filter, res.locals.limitskip)
        .populate('squadId')
        .collation({locale: "en", strength: 2}) // case insensitive order
        .sort('username').exec((err, users) => {
          if (err) return next(err);
          if (users.length === 0) {
            res.locals.items = users;
            res.locals.processed = true;
            return next();
          }
          UserModel.count(dbFilter, (err, totalCount) => {
            res.set('x-total-count', totalCount);
            res.locals.items = users;
            res.locals.processed = true;
            return next();
          })
        })
    };

    if (!req.query.q) req.query.q = '';
    const dbFilter = {username: {"$regex": req.query.q, "$options": "i"}};
    if (req.query.squadId) dbFilter["squadId"] = {"$eq": req.query.squadId};
    // squad / fraction filter setup
    if (req.query.fractFilter && req.query.fractFilter !== 'UNASSIGNED' && !req.query.squadId) {
      SquadModel.find({'fraction': req.query.fractFilter}, {_id: 1}, (err, squads) => {
        dbFilter['squadId'] = {$in: squads.map(squad => squad.id)};
        userQuery();
      })
    } else {
      if (req.query.fractFilter === 'UNASSIGNED') {
        dbFilter['squadId'] = {$eq: null};
      }
      userQuery();
    }
  })

  .post(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
    const user = new UserModel(req.body);
    // timestamp and default are set automatically by Mongoose Schema Validation
    user.save((err) => {
      if (err) {
        err.status = codes.wrongrequest;
        return next(err);
      }
      res.status(codes.created);

      UserModel.populate(user, {path: 'squadId'}, (err, extUser) => {
        res.locals.items = extUser;
        res.locals.processed = true;
        return next();
      })
    });
  })

  .all(routerHandling.httpMethodNotAllowed);


users.route('/:id')
  .get((req, res, next) => {
    UserModel.findById(req.params.id).populate('squadId').exec((err, user) => {
      if (err) {
        err.status = codes.servererror;
        return next(err);
      }
      else if (!user) {
        err = new Error("item not found");
        err.status = codes.notfound;
        return next(err);
      }
      res.locals.items = user;
      res.locals.processed = true;
      return next();
    });
  })

  .patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
    if (!req.body || (req.body._id && req.body._id !== req.params.id)) {
      // little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match
      const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
      err.status = codes.notfound;
      next(err);
      return; // prevent node to process this function further after next() has finished.
    }

    // optional task 3: increment version manually as we do not use .save(.)
    req.body.updatedAt = new Date();
    req.body.$inc = {__v: 1};

    // PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.
    UserModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {
      if (err) {
        err.status = codes.wrongrequest;
      }
      else if (!item) {
        err = new Error("item not found");
        err.status = codes.notfound;
      }
      UserModel.populate(item, {path: 'squadId'}, (err, extUser) => {
        if (err) {
          err.status = codes.servererror;
          return next(err);
        }
        if (!user) {
          res.locals.items = {};
          res.locals.processed = true;
          return next();
        }
        res.locals.items = extUser;
        res.locals.processed = true;
        return next();
      })
    })
  })

  .put(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
    // first check that the given element id is the same as the URL id
    if (!req.body || req.body._id !== req.params.id) {
      // the URL does not fit the given element
      var err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);
      err.status = codes.notfound;
      next(err);
      return; // prevent node to process this function further after next() has finished.
    }
    // main difference of PUT and PATCH is that PUT expects all data in request: checked by using the schema
    const user = new UserModel(req.body);
    UserModel.findById(req.params.id, req.body, {new: true}, function (err, item) {
      // with parameter {new: true} the TweetNModel will return the new and changed object from the DB and not the old one.
      if (err) {
        err.status = codes.wrongrequest;
        return next(err);
      }
      else if (!item) {
        err = new Error("item not found");
        err.status = codes.notfound;
        return next(err);
      }
      //  check that version is still accurate
      else if (user.__v !== item.__v) {
        err = new Error("version outdated. Meanwhile update on item happened. Please GET resource again")
        err.status = codes.conflict;
        return next(err);
      }
      // now update all fields in DB item with body data in variable video
      for (var field in UserModel.schema.paths) {
        if ((field !== '_id') && (field !== '__v')) {
          // this includes undefined. is important to reset attributes that are missing in req.body
          item.set(field, user[field]);
        }
      }

      // update updatedAt and increase version
      item.updatedAt = new Date();
      item.increment(); // this sets __v++
      item.save(function (err) {
        if (!err) {
          res.locals.items = item;
        } else {
          err.status = codes.wrongrequest;
          err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
        }

        UserModel.populate(item, {path: 'squadId'}, (err, extUser) => {
          res.locals.items = extUser;
          res.locals.processed = true;
          return next();
        })
      });
    })
  })

  .delete(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
    UserModel.findByIdAndRemove(req.params.id, (err, item) => {
      if (err) {
        err.status = codes.wrongrequest;
      }
      else if (!item) {
        err = new Error("item not found");
        err.status = codes.notfound;
      }

      // deleted all awardings linked to this user
      AwardingModel.find({userId: req.params.id}).remove().exec();

      // check if signature exists and delete compressed and uncompressed file
      const fileMinified = __dirname + '/../resource/signature/' + req.params.id + '.png';
      if (fs.existsSync(fileMinified)) {
        fs.unlink(fileMinified, (err) => {
        });
      }
      const file = __dirname + '/../resource/signature/big/' + req.params.id + '.png';
      if (fs.existsSync(file)) {
        fs.unlink(file, (err) => {
        });
      }

      // we don't set res.locals.items  and thus it will send a 204 (no content) at the end. see last handler user.use(..)
      res.locals.processed = true;
      next(err); // this works because err is in normal case undefined and that is the same as no parameter
    });
  })

  .all(
    routerHandling.httpMethodNotAllowed
  );


// this middleware function can be used, if you like or remove it
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
users.use(routerHandling.emptyResponse);

module.exports = users;
first commit 2017-05-10 11:04:06 +02:00			`"use strict";`

			`// modules`
			`const express = require('express');`
			`const fs = require('fs');`
			`const logger = require('debug')('me2u5:users');`

			`// HTTP status codes by name`
			`const codes = require('./http-codes');`

			`const apiAuthenticationMiddleware = require('../middleware/auth-middleware');`
Add permission level checks 2017-06-08 13:14:53 +02:00			`const checkHl = require('../middleware/permission-check').checkHl;`
add limit offset middleware for users 2017-10-10 19:03:52 +02:00			`const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo');`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`const filterHandlerCreator = require('../middleware/filter-handler-mongo');`
first commit 2017-05-10 11:04:06 +02:00			`const routerHandling = require('../middleware/router-handling');`

			`// Mongoose Model using mongoDB`
			`const UserModel = require('../models/user');`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`const SquadModel = require('../models/squad');`
first commit 2017-05-10 11:04:06 +02:00			`const AwardingModel = require('../models/awarding');`

			`const users = express.Router();`

Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`users.get('/', filterHandlerCreator(UserModel.schema.paths));`
add limit offset middleware for users 2017-10-10 19:03:52 +02:00			`users.get('/', offsetlimitMiddleware);`

first commit 2017-05-10 11:04:06 +02:00			`// routes **********************`
			`users.route('/')`
			`.get((req, res, next) => {`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`const userQuery = () => {`
			`UserModel.find(dbFilter, res.locals.filter, res.locals.limitskip)`
			`.populate('squadId')`
Fix army member detail & user list sort 2017-10-14 19:58:34 +02:00			`.collation({locale: "en", strength: 2}) // case insensitive order`
			`.sort('username').exec((err, users) => {`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`if (err) return next(err);`
			`if (users.length === 0) {`
			`res.locals.items = users;`
			`res.locals.processed = true;`
			`return next();`
first commit 2017-05-10 11:04:06 +02:00			`}`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`UserModel.count(dbFilter, (err, totalCount) => {`
			`res.set('x-total-count', totalCount);`
			`res.locals.items = users;`
			`res.locals.processed = true;`
			`return next();`
			`})`
first commit 2017-05-10 11:04:06 +02:00			`})`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`};`

Fix army member detail & user list sort 2017-10-14 19:58:34 +02:00			`if (!req.query.q) req.query.q = '';`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`const dbFilter = {username: {"$regex": req.query.q, "$options": "i"}};`
			`if (req.query.squadId) dbFilter["squadId"] = {"$eq": req.query.squadId};`
Fix army member detail & user list sort 2017-10-14 19:58:34 +02:00			`// squad / fraction filter setup`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`if (req.query.fractFilter && req.query.fractFilter !== 'UNASSIGNED' && !req.query.squadId) {`
			`SquadModel.find({'fraction': req.query.fractFilter}, {_id: 1}, (err, squads) => {`
			`dbFilter['squadId'] = {$in: squads.map(squad => squad.id)};`
			`userQuery();`
first commit 2017-05-10 11:04:06 +02:00			`})`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`} else {`
			`if (req.query.fractFilter === 'UNASSIGNED') {`
			`dbFilter['squadId'] = {$eq: null};`
			`}`
			`userQuery();`
first commit 2017-05-10 11:04:06 +02:00			`}`
			`})`

Add permission level checks 2017-06-08 13:14:53 +02:00			`.post(apiAuthenticationMiddleware, checkHl, (req, res, next) => {`
first commit 2017-05-10 11:04:06 +02:00			`const user = new UserModel(req.body);`
			`// timestamp and default are set automatically by Mongoose Schema Validation`
			`user.save((err) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`return next(err);`
			`}`
			`res.status(codes.created);`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00
			`UserModel.populate(user, {path: 'squadId'}, (err, extUser) => {`
Combine user add- and edit-form 2017-05-14 16:35:44 +02:00			`res.locals.items = extUser;`
			`res.locals.processed = true;`
			`return next();`
			`})`
first commit 2017-05-10 11:04:06 +02:00			`});`
			`})`

			`.all(routerHandling.httpMethodNotAllowed);`


			`users.route('/:id')`
			`.get((req, res, next) => {`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`UserModel.findById(req.params.id).populate('squadId').exec((err, user) => {`
first commit 2017-05-10 11:04:06 +02:00			`if (err) {`
			`err.status = codes.servererror;`
			`return next(err);`
			`}`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`else if (!user) {`
first commit 2017-05-10 11:04:06 +02:00			`err = new Error("item not found");`
			`err.status = codes.notfound;`
			`return next(err);`
			`}`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`res.locals.items = user;`
			`res.locals.processed = true;`
			`return next();`
first commit 2017-05-10 11:04:06 +02:00			`});`
			`})`

Add permission level checks 2017-06-08 13:14:53 +02:00			`.patch(apiAuthenticationMiddleware, checkHl, (req, res, next) => {`
first commit 2017-05-10 11:04:06 +02:00			`if (!req.body \|\| (req.body._id && req.body._id !== req.params.id)) {`
			`// little bit different as in PUT. :id does not need to be in data, but if the _id and url id must match`
			`const err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);`
			`err.status = codes.notfound;`
			`next(err);`
			`return; // prevent node to process this function further after next() has finished.`
			`}`

			`// optional task 3: increment version manually as we do not use .save(.)`
			`req.body.updatedAt = new Date();`
			`req.body.$inc = {__v: 1};`

			`// PATCH is easier with mongoose than PUT. You simply update by all data that comes from outside. no need to reset attributes that are missing.`
			`UserModel.findByIdAndUpdate(req.params.id, req.body, {new: true}, (err, item) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`}`
			`else if (!item) {`
			`err = new Error("item not found");`
			`err.status = codes.notfound;`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`}`
			`UserModel.populate(item, {path: 'squadId'}, (err, extUser) => {`
			`if (err) {`
			`err.status = codes.servererror;`
			`return next(err);`
			`}`
			`if (!user) {`
			`res.locals.items = {};`
			`res.locals.processed = true;`
			`return next();`
			`}`
			`res.locals.items = extUser;`
first commit 2017-05-10 11:04:06 +02:00			`res.locals.processed = true;`
			`return next();`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`})`
first commit 2017-05-10 11:04:06 +02:00			`})`
			`})`

Add permission level checks 2017-06-08 13:14:53 +02:00			`.put(apiAuthenticationMiddleware, checkHl, (req, res, next) => {`
Redesign user editing 2017-05-13 14:57:40 +02:00			`// first check that the given element id is the same as the URL id`
			`if (!req.body \|\| req.body._id !== req.params.id) {`
			`// the URL does not fit the given element`
			`var err = new Error('id of PATCH resource and send JSON body are not equal ' + req.params.id + " " + req.body._id);`
			`err.status = codes.notfound;`
			`next(err);`
			`return; // prevent node to process this function further after next() has finished.`
			`}`
			`// main difference of PUT and PATCH is that PUT expects all data in request: checked by using the schema`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`const user = new UserModel(req.body);`
Redesign user editing 2017-05-13 14:57:40 +02:00			`UserModel.findById(req.params.id, req.body, {new: true}, function (err, item) {`
			`// with parameter {new: true} the TweetNModel will return the new and changed object from the DB and not the old one.`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`return next(err);`
			`}`
			`else if (!item) {`
			`err = new Error("item not found");`
			`err.status = codes.notfound;`
			`return next(err);`
			`}`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`// check that version is still accurate`
Add admin panel and app-user route 2017-06-08 19:46:36 +02:00			`else if (user.__v !== item.__v) {`
Redesign user editing 2017-05-13 14:57:40 +02:00			`err = new Error("version outdated. Meanwhile update on item happened. Please GET resource again")`
			`err.status = codes.conflict;`
			`return next(err);`
			`}`
			`// now update all fields in DB item with body data in variable video`
			`for (var field in UserModel.schema.paths) {`
			`if ((field !== '_id') && (field !== '__v')) {`
			`// this includes undefined. is important to reset attributes that are missing in req.body`
Add admin panel and app-user route 2017-06-08 19:46:36 +02:00			`item.set(field, user[field]);`
Redesign user editing 2017-05-13 14:57:40 +02:00			`}`
			`}`

Add server paging scroll for users 2017-10-14 15:26:05 +02:00			`// update updatedAt and increase version`
Redesign user editing 2017-05-13 14:57:40 +02:00			`item.updatedAt = new Date();`
			`item.increment(); // this sets __v++`
			`item.save(function (err) {`
			`if (!err) {`
			`res.locals.items = item;`
			`} else {`
			`err.status = codes.wrongrequest;`
			`err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);`
			`}`
Add server paging scroll for users 2017-10-14 15:26:05 +02:00
			`UserModel.populate(item, {path: 'squadId'}, (err, extUser) => {`
Redesign user editing 2017-05-13 14:57:40 +02:00			`res.locals.items = extUser;`
			`res.locals.processed = true;`
			`return next();`
			`})`
			`});`
			`})`
			`})`

Add permission level checks 2017-06-08 13:14:53 +02:00			`.delete(apiAuthenticationMiddleware, checkHl, (req, res, next) => {`
first commit 2017-05-10 11:04:06 +02:00			`UserModel.findByIdAndRemove(req.params.id, (err, item) => {`
			`if (err) {`
			`err.status = codes.wrongrequest;`
			`}`
			`else if (!item) {`
			`err = new Error("item not found");`
			`err.status = codes.notfound;`
			`}`

			`// deleted all awardings linked to this user`
			`AwardingModel.find({userId: req.params.id}).remove().exec();`

			`// check if signature exists and delete compressed and uncompressed file`
			`const fileMinified = __dirname + '/../resource/signature/' + req.params.id + '.png';`
			`if (fs.existsSync(fileMinified)) {`
Add war-log removal on delete; Fix deprecation warning on user delete 2017-07-15 10:54:35 +02:00			`fs.unlink(fileMinified, (err) => {`
			`});`
first commit 2017-05-10 11:04:06 +02:00			`}`
			`const file = __dirname + '/../resource/signature/big/' + req.params.id + '.png';`
			`if (fs.existsSync(file)) {`
Add war-log removal on delete; Fix deprecation warning on user delete 2017-07-15 10:54:35 +02:00			`fs.unlink(file, (err) => {`
			`});`
first commit 2017-05-10 11:04:06 +02:00			`}`

			`// we don't set res.locals.items and thus it will send a 204 (no content) at the end. see last handler user.use(..)`
			`res.locals.processed = true;`
			`next(err); // this works because err is in normal case undefined and that is the same as no parameter`
			`});`
			`})`

			`.all(`
			`routerHandling.httpMethodNotAllowed`
			`);`


			`// this middleware function can be used, if you like or remove it`
			`// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json`
			`users.use(routerHandling.emptyResponse);`

			`module.exports = users;`