slate/pages/api/users/update.js

import * as Environment from "~/node_common/environment";
import * as Data from "~/node_common/data";
import * as Utilities from "~/node_common/utilities";
import * as Validations from "~/common/validations";
import * as Social from "~/node_common/social";
import * as ViewerManager from "~/node_common/managers/viewer";

import BCrypt from "bcrypt";

export default async (req, res) => {
  const id = Utilities.getIdFromCookie(req);
  if (!id) {
    return res.status(500).send({ decorator: "SERVER_USER_UPDATE", error: true });
  }

  const user = await Data.getUserById({
    id,
  });

  if (!user) {
    return res.status(404).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });
  }

  if (user.error) {
    return res.status(500).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });
  }

  let unsafeResponse;

  if (req.body.username) {
    const existing = await Data.getUserByUsername({
      username: req.body.username.toLowerCase(),
    });

    if (existing && existing.id !== id) {
      return res.status(500).send({ decorator: "SERVER_USERNAME_IS_TAKEN", error: true });
    }
  }

  if (req.body.type === "SAVE_DEFAULT_ARCHIVE_CONFIG") {
    let b;
    try {
      b = await Utilities.getBucketAPIFromUserToken({
        user,
        bucketName: "data",
      });
    } catch (e) {
      console.log(e);
      Social.sendTextileSlackMessage({
        file: "/pages/api/users/update.js",
        user,
        message: e.message,
        code: e.code,
        functionName: `Utilities.getBucketAPIFromUserToken`,
      });

      return res.status(500).send({ decorator: "SERVER_FAILED_TO_GET_BUCKET", error: true });
    }

    try {
      const configResponse = await b.buckets.setDefaultArchiveConfig(b.bucketKey, req.body.config);
    } catch (e) {
      console.log(e);
      Social.sendTextileSlackMessage({
        file: "/pages/api/users/update.js",
        user,
        message: e.message,
        code: e.code,
        functionName: `b.buckets.setDefaultArchiveConfig`,
      });

      return res.status(500).send({ decorator: "SERVER_DEFAULT_ARCHIVE_CONFIG", error: true });
    }
  }

  if (req.body.type == "CHANGE_PASSWORD") {
    if (!Validations.password(req.body.password)) {
      return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });
    }

    const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);
    const salt = await BCrypt.genSalt(rounds);
    const hash = await Utilities.encryptPassword(req.body.password, salt);

    unsafeResponse = await Data.updateUserById({
      id: user.id,
      salt,
      password: hash,
    });
  } else {
    unsafeResponse = await Data.updateUserById({
      id: user.id,
      username: req.body.username ? req.body.username.toLowerCase() : user.username,
      data: { ...user.data, ...req.body.data },
    });
  }

  if (unsafeResponse && !unsafeResponse.error) {
    ViewerManager.hydratePartialViewer(unsafeResponse);

    if (
      user.username !== unsafeResponse.username ||
      user.data.name !== unsafeResponse.data.name ||
      user.data.photo !== unsafeResponse.data.photo
    ) {
      SearchManager.updateUser(unsafeResponse, "EDIT");
    }
  }

  return res.status(200).send({ decorator: "SERVER_USER_UPDATE" });
};
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import * as Environment from "~/node_common/environment";`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`import * as Data from "~/node_common/data";`
			`import * as Utilities from "~/node_common/utilities";`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import * as Validations from "~/common/validations";`
guards every single textile call and provides concise reporting at each callsite 2020-09-22 03:36:45 +03:00			`import * as Social from "~/node_common/social";`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`import * as ViewerManager from "~/node_common/managers/viewer";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`import BCrypt from "bcrypt";`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00
			`export default async (req, res) => {`
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`const id = Utilities.getIdFromCookie(req);`
			`if (!id) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_USER_UPDATE", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`const user = await Data.getUserById({`
			`id,`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`});`

			`if (!user) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(404).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

			`if (user.error) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_USER_UPDATE_USER_NOT_FOUND", error: true });`
sign-in: end to end allowing creation of any account 2020-07-22 08:53:29 +03:00			`}`

websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`let unsafeResponse;`
user profiels: lands user profile function and fixes settings, user modeling 2020-07-22 10:41:29 +03:00
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`if (req.body.username) {`
			`const existing = await Data.getUserByUsername({`
many misc improvements and fixes 2020-11-13 01:36:20 +03:00			`username: req.body.username.toLowerCase(),`
models: moves from username checks to id checks because users change usernames 2020-07-22 13:51:40 +03:00			`});`

many misc improvements and fixes 2020-11-13 01:36:20 +03:00			`if (existing && existing.id !== id) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_USERNAME_IS_TAKEN", error: true });`
staging: all textile staging changes 2020-09-09 20:56:35 +03:00			`}`
			`}`

finally lands default storage config for root bucket 2020-11-12 13:51:23 +03:00			`if (req.body.type === "SAVE_DEFAULT_ARCHIVE_CONFIG") {`
			`let b;`
			`try {`
			`b = await Utilities.getBucketAPIFromUserToken({`
			`user,`
			`bucketName: "data",`
			`});`
			`} catch (e) {`
			`console.log(e);`
			`Social.sendTextileSlackMessage({`
			`file: "/pages/api/users/update.js",`
			`user,`
			`message: e.message,`
			`code: e.code,`
			functionName: `Utilities.getBucketAPIFromUserToken`,
			`});`

			`return res.status(500).send({ decorator: "SERVER_FAILED_TO_GET_BUCKET", error: true });`
			`}`

			`try {`
			`const configResponse = await b.buckets.setDefaultArchiveConfig(b.bucketKey, req.body.config);`
			`} catch (e) {`
			`console.log(e);`
			`Social.sendTextileSlackMessage({`
			`file: "/pages/api/users/update.js",`
			`user,`
			`message: e.message,`
			`code: e.code,`
			functionName: `b.buckets.setDefaultArchiveConfig`,
			`});`

			`return res.status(500).send({ decorator: "SERVER_DEFAULT_ARCHIVE_CONFIG", error: true });`
			`}`
			`}`

reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`if (req.body.type == "CHANGE_PASSWORD") {`
			`if (!Validations.password(req.body.password)) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`return res.status(500).send({ decorator: "SERVER_INVALID_PASSWORD", error: true });`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`}`

authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);`
			`const salt = await BCrypt.genSalt(rounds);`
			`const hash = await Utilities.encryptPassword(req.body.password, salt);`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`unsafeResponse = await Data.updateUserById({`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`id: user.id,`
			`salt,`
authentication: adds new secrets 2020-08-11 08:15:39 +03:00			`password: hash,`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`});`
many misc improvements and fixes 2020-11-13 01:36:20 +03:00			`} else {`
			`unsafeResponse = await Data.updateUserById({`
			`id: user.id,`
			`username: req.body.username ? req.body.username.toLowerCase() : user.username,`
			`data: { ...user.data, ...req.body.data },`
			`});`
reset password: loading states for edit account and sign in, adds reset password, adds validations to protect against light malice 2020-07-23 11:57:44 +03:00			`}`

many misc improvements and fixes 2020-11-13 01:36:20 +03:00			`if (unsafeResponse && !unsafeResponse.error) {`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`ViewerManager.hydratePartialViewer(unsafeResponse);`
many misc improvements and fixes 2020-11-13 01:36:20 +03:00
			`if (`
			`user.username !== unsafeResponse.username \|\|`
			`user.data.name !== unsafeResponse.data.name \|\|`
			`user.data.photo !== unsafeResponse.data.photo`
			`) {`
			`SearchManager.updateUser(unsafeResponse, "EDIT");`
			`}`
websockets: partial viewer updates are now supported 2020-10-27 07:41:42 +03:00			`}`

endpints: strips header conflicts and removes all middleware 2020-09-03 03:21:29 +03:00			`return res.status(200).send({ decorator: "SERVER_USER_UPDATE" });`
postgres: user accounts, migration scripts, api route rewrite, stopping point 2020-07-17 13:24:20 +03:00			`};`