'use strict'; // modules const express = require('express'); const fs = require('fs'); // HTTP status codes by name const codes = require('./http-codes'); const apiAuthenticationMiddleware = require('../middleware/auth-middleware'); const checkHl = require('../middleware/permission-check').checkHl; const checkMT = require('../middleware/permission-check').checkMT; const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo'); const filterHandlerCreator = require('../middleware/filter-handler-mongo'); const routerHandling = require('../middleware/router-handling'); const idValidator = require('../middleware/validators').idValidator; const resourceLocation = require('../middleware/resource-location').resourceLocation().concat('/signature/'); // Mongoose Model using mongoDB const UserModel = require('../models/user'); const SquadModel = require('../models/squad'); const AwardingModel = require('../models/awarding'); const users = new express.Router(); users.get('/', filterHandlerCreator(UserModel.schema.paths)); users.get('/', offsetlimitMiddleware); // routes ********************** users.route('/') .get((req, res, next) => { const finishFiltersAndExecute = () => { // squad / fraction filter setup if (req.query.fractFilter && req.query.fractFilter !== 'UNASSIGNED' && !req.query.squadId) { SquadModel.find({'fraction': req.query.fractFilter}, {_id: 1}, (err, squads) => { dbFilter['squadId'] = {$in: squads.map((squad) => squad.id)}; userQuery(); }); } else { if (req.query.fractFilter === 'UNASSIGNED') { dbFilter['squadId'] = {$eq: null}; } userQuery(); } }; const userQuery = () => { UserModel.find(dbFilter, res.locals.filter, res.locals.limitskip) .populate('squadId') .collation({locale: 'en', strength: 2}) // case insensitive order .sort('username') .exec((err, users) => { if (err) return next(err); if (users.length === 0) { res.locals.items = users; res.locals.processed = true; return next(); } UserModel.countDocuments(dbFilter, (err, totalCount) => { res.set('x-total-count', totalCount); res.locals.items = users; res.locals.processed = true; return next(); }); }); }; const nameQuery = (!req.query.q) ? '' : req.query.q; const dbFilter = {username: {'$regex': nameQuery, '$options': 'i'}}; if (req.query.squadId) dbFilter['squadId'] = {'$eq': req.query.squadId}; // decoration filter const queryDecoId = req.query.decorationId; if (queryDecoId) { AwardingModel.find({decorationId: queryDecoId}, (err, awards) => { const userIds = [...new Set(awards.map((award) => award.userId))]; dbFilter._id = {'$in': userIds}; finishFiltersAndExecute(); }); } else { finishFiltersAndExecute(); } }) .post(apiAuthenticationMiddleware, checkHl, (req, res, next) => { const user = new UserModel(req.body); // timestamp and default are set automatically by Mongoose Schema Validation user.save((err) => { if (err) { err.status = codes.wrongrequest; return next(err); } res.status(codes.created); UserModel.populate(user, {path: 'squadId'}, (err, extUser) => { res.locals.items = extUser; res.locals.processed = true; return next(); }); }); }) .all(routerHandling.httpMethodNotAllowed); users.route('/:id') .get(idValidator, (req, res, next) => { UserModel.findById(req.params.id).populate('squadId').exec((err, user) => { if (err) { err.status = codes.servererror; return next(err); } else if (!user) { err = new Error('item not found'); err.status = codes.notfound; return next(err); } res.locals.items = user; res.locals.processed = true; return next(); }); }) .put(apiAuthenticationMiddleware, checkHl, (req, res, next) => { // first check that the given element id is the same as the URL id if (!req.body || req.body._id !== req.params.id) { // the URL does not fit the given element let err = new Error('id of PUT resource and send JSON body are not equal ' + req.params.id + ' ' + req.body._id); err.status = codes.notfound; next(err); return; // prevent node to process this function further after next() has finished. } // main difference of PUT and PATCH is that PUT expects all data in request: checked by using the schema const user = new UserModel(req.body); UserModel.findById(req.params.id, req.body, {new: true}, (err, item) => { // with parameter {new: true} the TweetNModel will return the new and changed object // from the DB and not the old one. if (err) { err.status = codes.wrongrequest; return next(err); } else if (!item) { err = new Error('item not found'); err.status = codes.notfound; return next(err); } else if (user.__v !== item.__v) { // checked that version is still accurate err = new Error('version outdated. Meanwhile update on item happened. Please GET resource again'); err.status = codes.conflict; return next(err); } // now update all fields in DB item with body data in variable video for (let field in UserModel.schema.paths) { if ((field !== '_id') && (field !== '__v')) { // this includes undefined. is important to reset attributes that are missing in req.body item.set(field, user[field]); } } // update updatedAt and increase version item.updatedAt = new Date(); item.increment(); // this sets __v++ item.save((err) => { if (!err) { res.locals.items = item; } else { err.status = codes.wrongrequest; err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors); } UserModel.populate(item, {path: 'squadId'}, (err, extUser) => { res.locals.items = extUser; res.locals.processed = true; return next(); }); }); }); }) .delete(apiAuthenticationMiddleware, checkMT, (req, res, next) => { UserModel.findByIdAndRemove(req.params.id, (err, item) => { if (err) { err.status = codes.wrongrequest; } else if (!item) { err = new Error('item not found'); err.status = codes.notfound; } // deleted all awardings linked to this user AwardingModel.find({userId: req.params.id}).deleteOne(); // check if signature exists and delete compressed and uncompressed file const fileMinified = resourceLocation + req.params.id + '.png'; if (fs.existsSync(fileMinified)) { fs.unlink(fileMinified, (err) => { }); } const file = resourceLocation + 'big/' + req.params.id + '.png'; if (fs.existsSync(file)) { fs.unlink(file, (err) => { }); } // we don't set res.locals.items and thus it will send a 204 (no content) at the end. see last handler // user.use(..) res.locals.processed = true; next(err); // this works because err is in normal case undefined and that is the same as no parameter }); }) .all( routerHandling.httpMethodNotAllowed ); // this middleware function can be used, if you like or remove it // it looks for object(s) in res.locals.items and if they exist, they are send to the client as json users.use(routerHandling.emptyResponse); module.exports = users;