const asyncHandler = require("express-async-handler"); const moment = require('moment-timezone'); const { ObjectId } = require('mongodb'); const { UserDb } = require("../services/userDb"); const crypto = require('crypto'); const { error } = require("console"); function ClearUserData(user){ delete user.salt; delete user.hashed_password; delete user.salt; delete user.isAgent; return user; } function ClearUserDataForAdmin(user){ delete user.salt; delete user.hashed_password; delete user.salt; return user; } // DB exports.get = asyncHandler(async (req, res, next) => { try{ const userDb = await UserDb.init(); const id = req.params.id; let result = await userDb.get(id); if (req.user.isAdmin){ res.status(200).json(ClearUserDataForAdmin(result)); }else{ res.status(200).json(ClearUserData(result)); } }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); exports.post = asyncHandler(async (req, res, next) => { try{ const userDb = await UserDb.init(); // check if double let User = await userDb.getByEmail(req.body.email); if(User){ return res.status(500).json({error: "User already exists"}); } // check password if(!req.body.password){ return res.status(500).json({error: "Password not set"}); } if(req.body.password != req.body.confirmPassword){ return res.status(500).json({error: "Passwords do not match"}); } if(req.body.password.length < 8){ return res.status(500).json({error: "Password too short"}); } if(req.body.isAdmin){ if(req.user){ if(!req.user.isAdmin){ return res.status(500).json({error: "You are not allowed to create an admin user"}); } }else{ req.body.isAdmin = false } } if(req.body.isAgent){ if(req.user){ if(!req.user.isAgent){ return res.status(500).json({error: "You are not allowed to create an agent user"}); } }else{ req.body.isAgent = false } } let salt = crypto.randomBytes(16).toString('hex'); let user = { username: req.body.username, hashed_password: crypto.pbkdf2Sync(req.body.password, salt, 310000, 32, 'sha256').toString('hex'), salt: salt, email: req.body.email, isAdmin: req.body.isAdmin, isAgent: req.body.isAgent, } let createData = await userDb.post(user); res.status(204).json({message: "User created"}); }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); exports.put = asyncHandler(async (req, res, next) => { try{ const userDb = await UserDb.init(); const id = req.params.id; const User = await userDb.get(id); if(!User){ return res.status(500).json({error:"User not found"}); } // check password let hashed_password = ""; let salt = ""; if(req.body.password){ if(req.body.password != req.body.confirmPassword){ return res.status(500).json({error:"Passwords do not match"}); } if(req.body.password.length < 8){ return res.status(500).json({error:"Password too short"}); } salt = crypto.randomBytes(16).toString('hex'); hashed_password = crypto.pbkdf2Sync(req.body.password, salt, 310000, 32, 'sha256').toString('hex'); }else{ salt = User.salt; hashed_password = User.hashed_password; } if(req.body.isAdmin){ if(!req.user.isAdmin){ return res.status(500).json({error:"You are not allowed to create an admin user"}); } } if(req.body.isAgent){ if(!req.user.isAdmin){ return res.status(500).json({error:"You are not allowed to create an agent user"}); } } let user = { username: req.body.username, hashed_password: hashed_password, salt: salt, email: req.body.email, isAdmin: req.body.isAdmin, isAgent: req.body.isAgent, } let result = await userDb.put(id, user); console.log(result); res.status(200).json(result); }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); exports.delete = asyncHandler(async (req, res, next) => { try{ const userDb = await UserDb.init(); const id = req.params.id; // Remove the sale await userDb.remove(id); res.status(200).json({"message": "User deleted"}); }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); // Functions exports.current = asyncHandler(async (req, res, next) => { try{ const user = ClearUserData(req.user); res.status(200).json(user); }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); exports.agentConnected = asyncHandler(async (req, res, next) => { try{ res.status(200).json({message: "Agent connected"}); }catch(err){ console.log(err); return res.status(500).json({error: err}); } }); exports.getAllUsers = asyncHandler(async (req, res, next) => { try{ const userDb = await UserDb.init(); let result = await userDb.getAll(); result = result.map(user => ClearUserDataForAdmin(user)); res.status(200).json(result); }catch(err){ console.log(err); return res.status(500).json({error: err}); } });