slate/pages/api/users/update.js

import * as Environment from "~/node_common/environment";
import * as Data from "~/node_common/data";
import * as Utilities from "~/node_common/utilities";
import * as Validations from "~/common/validations";
import * as Social from "~/node_common/social";
import * as ViewerManager from "~/node_common/managers/viewer";

import BCrypt from "bcrypt";

export default async (req, res) => {
  const id = Utilities.getIdFromCookie(req);
  if (!id) {
    return res.status(500).send({ decorator: "SERVER_USER_UPDATE", error: true });
  }

  const user = await Data.getUserById({
    id,
  });

  if (!user) {
    return res.status(404).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });
  }

  if (user.error) {
    return res.status(500).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });
  }

  let unsafeResponse;
  if (req.body.data) {
    unsafeResponse = await Data.updateUserById({
      id: user.id,
      data: { ...user.data, ...req.body.data },
    });
  }

  if (req.body.username) {
    const existing = await Data.getUserByUsername({
      username: req.body.username,
    });

    if (!existing) {
      unsafeResponse = await Data.updateUserById({
        id: user.id,
        username: req.body.username,
      });
    } else {
      return res.status(500).send({ decorator: "SERVER_USERNAME_IS_TAKEN", error: true });
    }
  }

  if (req.body.type == "CHANGE_PASSWORD") {
    if (!Validations.password(req.body.password)) {
      return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });
    }

    const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);
    const salt = await BCrypt.genSalt(rounds);
    const hash = await Utilities.encryptPassword(req.body.password, salt);

    unsafeResponse = await Data.updateUserById({
      id: user.id,
      salt,
      password: hash,
    });
  }

  if (unsafeResponse) {
    ViewerManager.hydratePartialViewer(unsafeResponse);
  }

  return res.status(200).send({ decorator: "SERVER_USER_UPDATE" });
};
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import * as Environment from "~/node_common/environment";`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`import * as Data from "~/node_common/data";`
			`import * as Utilities from "~/node_common/utilities";`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import * as Validations from "~/common/validations";`
guards every single textile call and provides concise reporting at each callsite 2020-09-22 03:36:45 +03:00			`import * as Social from "~/node_common/social";`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`import * as ViewerManager from "~/node_common/managers/viewer";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import BCrypt from "bcrypt";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
			`export default async (req, res) => {`
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`const id = Utilities.getIdFromCookie(req);`
			`if (!id) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_USER_UPDATE", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`const user = await Data.getUserById({`
			`id,`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`});`

			`if (!user) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(404).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

			`if (user.error) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`let unsafeResponse;`
user profiels: lands user profile function and fixes settings, user modeling 2020-07-22 10:41:29 +03:00			`if (req.body.data) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`unsafeResponse = await Data.updateUserById({`
user profiels: lands user profile function and fixes settings, user modeling 2020-07-22 10:41:29 +03:00			`id: user.id,`
			`data: { ...user.data, ...req.body.data },`
			`});`
			`}`

models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`if (req.body.username) {`
			`const existing = await Data.getUserByUsername({`
			`username: req.body.username,`
			`});`

			`if (!existing) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`unsafeResponse = await Data.updateUserById({`
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`id: user.id,`
			`username: req.body.username,`
			`});`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`} else {`
			`return res.status(500).send({ decorator: "SERVER_USERNAME_IS_TAKEN", error: true });`
staging: all textile staging changes 2020-09-09 20:56:35 +03:00			`}`
			`}`

reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`if (req.body.type == "CHANGE_PASSWORD") {`
			`if (!Validations.password(req.body.password)) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`}`

authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);`
			`const salt = await BCrypt.genSalt(rounds);`
			`const hash = await Utilities.encryptPassword(req.body.password, salt);`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`unsafeResponse = await Data.updateUserById({`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`id: user.id,`
			`salt,`
authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`password: hash,`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`});`
			`}`

websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`if (unsafeResponse) {`
			`ViewerManager.hydratePartialViewer(unsafeResponse);`
			`}`

endpints: strips header conflicts and removes all middleware 2020-09-03 03:21:29 +03:00			`return res.status(200).send({ decorator: "SERVER_USER_UPDATE" });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`};`