opt-cc/server/routes/users.js

223 lines
8.2 KiB
JavaScript

'use strict';
// modules
const express = require('express');
const fs = require('fs');
// HTTP status codes by name
const codes = require('./http-codes');
const apiAuthenticationMiddleware = require('../middleware/auth-middleware');
const checkHl = require('../middleware/permission-check').checkHl;
const checkMT = require('../middleware/permission-check').checkMT;
const offsetlimitMiddleware = require('../middleware/limitoffset-middleware-mongo');
const filterHandlerCreator = require('../middleware/filter-handler-mongo');
const routerHandling = require('../middleware/router-handling');
const idValidator = require('../middleware/validators').idValidator;
const resourceLocation = require('../middleware/resource-location').resourceLocation().concat('/signature/');
// Mongoose Model using mongoDB
const UserModel = require('../models/user');
const SquadModel = require('../models/squad');
const AwardingModel = require('../models/awarding');
const users = new express.Router();
users.get('/', filterHandlerCreator(UserModel.schema.paths));
users.get('/', offsetlimitMiddleware);
// routes **********************
users.route('/')
.get((req, res, next) => {
const finishFiltersAndExecute = () => {
// squad / fraction filter setup
if (req.query.fractFilter && req.query.fractFilter !== 'UNASSIGNED' && !req.query.squadId) {
SquadModel.find({'fraction': req.query.fractFilter}, {_id: 1}, (err, squads) => {
dbFilter['squadId'] = {$in: squads.map((squad) => squad.id)};
userQuery();
});
} else {
if (req.query.fractFilter === 'UNASSIGNED') {
dbFilter['squadId'] = {$eq: null};
}
userQuery();
}
};
const userQuery = () => {
UserModel.find(dbFilter, res.locals.filter, res.locals.limitskip)
.populate('squadId')
.collation({locale: 'en', strength: 2}) // case insensitive order
.sort('username')
.exec((err, users) => {
if (err) return next(err);
if (users.length === 0) {
res.locals.items = users;
res.locals.processed = true;
return next();
}
UserModel.countDocuments(dbFilter, (err, totalCount) => {
res.set('x-total-count', totalCount);
res.locals.items = users;
res.locals.processed = true;
return next();
});
});
};
const nameQuery = (!req.query.q) ? '' : req.query.q;
const dbFilter = {username: {'$regex': nameQuery, '$options': 'i'}};
if (req.query.squadId) dbFilter['squadId'] = {'$eq': req.query.squadId};
// decoration filter
const queryDecoId = req.query.decorationId;
if (queryDecoId) {
AwardingModel.find({decorationId: queryDecoId}, (err, awards) => {
const userIds = [...new Set(awards.map((award) => award.userId))];
dbFilter._id = {'$in': userIds};
finishFiltersAndExecute();
});
} else {
finishFiltersAndExecute();
}
})
.post(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
const user = new UserModel(req.body);
// timestamp and default are set automatically by Mongoose Schema Validation
user.save((err) => {
if (err) {
err.status = codes.wrongrequest;
return next(err);
}
res.status(codes.created);
UserModel.populate(user, {path: 'squadId'}, (err, extUser) => {
res.locals.items = extUser;
res.locals.processed = true;
return next();
});
});
})
.all(routerHandling.httpMethodNotAllowed);
users.route('/:id')
.get(idValidator, (req, res, next) => {
UserModel.findById(req.params.id).populate('squadId').exec((err, user) => {
if (err) {
err.status = codes.servererror;
return next(err);
} else if (!user) {
err = new Error('item not found');
err.status = codes.notfound;
return next(err);
}
res.locals.items = user;
res.locals.processed = true;
return next();
});
})
.put(apiAuthenticationMiddleware, checkHl, (req, res, next) => {
// first check that the given element id is the same as the URL id
if (!req.body || req.body._id !== req.params.id) {
// the URL does not fit the given element
let err =
new Error('id of PUT resource and send JSON body are not equal ' + req.params.id + ' ' + req.body._id);
err.status = codes.notfound;
next(err);
return; // prevent node to process this function further after next() has finished.
}
// main difference of PUT and PATCH is that PUT expects all data in request: checked by using the schema
const user = new UserModel(req.body);
UserModel.findById(req.params.id, req.body, {new: true}, (err, item) => {
// with parameter {new: true} the TweetNModel will return the new and changed object
// from the DB and not the old one.
if (err) {
err.status = codes.wrongrequest;
return next(err);
} else if (!item) {
err = new Error('item not found');
err.status = codes.notfound;
return next(err);
} else if (user.__v !== item.__v) {
// checked that version is still accurate
err = new Error('version outdated. Meanwhile update on item happened. Please GET resource again');
err.status = codes.conflict;
return next(err);
}
// now update all fields in DB item with body data in variable video
for (let field in UserModel.schema.paths) {
if ((field !== '_id') && (field !== '__v')) {
// this includes undefined. is important to reset attributes that are missing in req.body
item.set(field, user[field]);
}
}
// update updatedAt and increase version
item.updatedAt = new Date();
item.increment(); // this sets __v++
item.save((err) => {
if (!err) {
res.locals.items = item;
} else {
err.status = codes.wrongrequest;
err.message += ' in fields: ' + Object.getOwnPropertyNames(err.errors);
}
UserModel.populate(item, {path: 'squadId'}, (err, extUser) => {
res.locals.items = extUser;
res.locals.processed = true;
return next();
});
});
});
})
.delete(apiAuthenticationMiddleware, checkMT, (req, res, next) => {
UserModel.findByIdAndRemove(req.params.id, (err, item) => {
if (err) {
err.status = codes.wrongrequest;
} else if (!item) {
err = new Error('item not found');
err.status = codes.notfound;
}
// deleted all awardings linked to this user
AwardingModel.find({userId: req.params.id}).deleteOne();
// check if signature exists and delete compressed and uncompressed file
const fileMinified = resourceLocation + req.params.id + '.png';
if (fs.existsSync(fileMinified)) {
fs.unlink(fileMinified, (err) => {
});
}
const file = resourceLocation + 'big/' + req.params.id + '.png';
if (fs.existsSync(file)) {
fs.unlink(file, (err) => {
});
}
// we don't set res.locals.items and thus it will send a 204 (no content) at the end. see last handler
// user.use(..)
res.locals.processed = true;
next(err); // this works because err is in normal case undefined and that is the same as no parameter
});
})
.all(
routerHandling.httpMethodNotAllowed
);
// this middleware function can be used, if you like or remove it
// it looks for object(s) in res.locals.items and if they exist, they are send to the client as json
users.use(routerHandling.emptyResponse);
module.exports = users;