slate/pages/api/users/update.js

129 lines
3.8 KiB
JavaScript
Raw Normal View History

import * as Environment from "~/node_common/environment";
import * as Data from "~/node_common/data";
import * as Utilities from "~/node_common/utilities";
import * as Serializers from "~/node_common/serializers";
import * as Validations from "~/common/validations";
import * as Social from "~/node_common/social";
import * as ViewerManager from "~/node_common/managers/viewer";
import * as SearchManager from "~/node_common/managers/search";
import * as Logging from "~/common/logging";
import * as RequestUtilities from "~/node_common/request-utilities";
import BCrypt from "bcrypt";
export default async (req, res) => {
const userInfo = await RequestUtilities.checkAuthorizationInternal(req, res);
if (!userInfo) return;
const { id, user } = userInfo;
let updates = req.body.data;
if (updates.username && updates.username !== user.username) {
if (!Validations.username(req.body.data.username)) {
return res.status(400).send({
decorator: "SERVER_USER_UPDATE_INVALID_USERNAME",
error: true,
});
}
const existing = await Data.getUserByUsername({
username: req.body.data.username.toLowerCase(),
});
2020-11-13 01:36:20 +03:00
if (existing && existing.id !== id) {
return res
.status(500)
.send({ decorator: "SERVER_USER_UPDATE_USERNAME_IS_TAKEN", error: true });
2020-09-09 20:56:35 +03:00
}
}
2021-06-09 01:53:30 +03:00
if (updates.email && updates.email !== user.email) {
if (!Validations.email(req.body.data.email)) {
return res.status(400).send({
decorator: "SERVER_USER_UPDATE_INVALID_EMAIL",
error: true,
});
}
const existing = await Data.getUserByEmail({
email: req.body.data.email.toLowerCase(),
});
if (existing && existing.id !== id) {
return res.status(500).send({ decorator: "SERVER_USER_UPDATE_EMAIL", error: true });
}
}
if (req.body.data.type === "SAVE_DEFAULT_ARCHIVE_CONFIG") {
let b;
try {
b = await Utilities.getBucketAPIFromUserToken({
user,
bucketName: "data",
});
} catch (e) {
Logging.error(e);
Social.sendTextileSlackMessage({
file: "/pages/api/users/update.js",
user,
message: e.message,
code: e.code,
functionName: `Utilities.getBucketAPIFromUserToken`,
});
return res.status(500).send({ decorator: "SERVER_NO_BUCKET_DATA", error: true });
}
try {
const configResponse = await b.buckets.setDefaultArchiveConfig(
b.bucketKey,
req.body.data.config
);
} catch (e) {
Logging.error(e);
Social.sendTextileSlackMessage({
file: "/pages/api/users/update.js",
user,
message: e.message,
code: e.code,
functionName: `b.buckets.setDefaultArchiveConfig`,
});
return res
.status(500)
.send({ decorator: "SERVER_USER_UPDATE_DEFAULT_ARCHIVE_CONFIG", error: true });
}
}
if (req.body.data.type === "CHANGE_PASSWORD" && req.body.data.password) {
if (!Validations.password(req.body.data.password)) {
return res
.status(500)
.send({ decorator: "SERVER_USER_UPDATE_INVALID_PASSWORD", error: true });
}
2020-08-11 08:15:39 +03:00
const rounds = Number(Environment.LOCAL_PASSWORD_ROUNDS);
const salt = await BCrypt.genSalt(rounds);
const hash = await Utilities.encryptPassword(req.body.data.password, salt);
updates.salt = salt;
updates.password = hash;
}
let unsafeResponse = await Data.updateUserById({ id, ...updates });
2020-11-13 01:36:20 +03:00
if (unsafeResponse && !unsafeResponse.error) {
2020-11-13 01:36:20 +03:00
if (
user.username !== unsafeResponse.username ||
user.data.name !== unsafeResponse.data.name ||
user.data.photo !== unsafeResponse.data.photo
) {
SearchManager.updateUser(unsafeResponse, "EDIT");
}
}
ViewerManager.hydratePartial(id, { viewer: true });
return res.status(200).send({ decorator: "SERVER_USER_UPDATE" });
};