toking
/
swd-be
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
swd-be/routes/users.js

200 lines
5.6 KiB
JavaScript
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

const express = require('express');
const router = express.Router();
const DEBUG = false;
router.param('userId', function(req, res, next, id) {
req.userId = id;
let query = "Select id, name, email, kennwort, beschreibung FROM nutzer WHERE id ="+req.userId;
if(isNaN(req.userId)) query = "Select id, name, email, kennwort, beschreibung FROM nutzer WHERE email ilike '"+req.userId+"'";
if(DEBUG) console.log(query);
req.db.query(query, (err, rs) => {
if (err) {
return next(err)
}
req.user = rs.rows[0];
next();
})
});
/* GET users listing. */
router.get('/', function(req, res, next) {
let query = "Select id, name, email, beschreibung FROM nutzer ";
if(DEBUG) console.log(query);
req.db.query(query, (err, rs) => {
if (err){
next(err);
} else {
let result = {};
result['users'] = rs.rows;
if (DEBUG) console.log(result);
res.status(200).json(result);
}
});
});
// router.post('/', function(req, res, next) {
// let user = req.body.users[0];
// bcrypt.hash(user.kennwort, 10, function(err, hash) {
// let query = "INSERT INTO nutzer ( name, email, kennwort, beschreibung) "+
// " VALUES ('"+user.name+"','"+user.email+"','"+hash+"','"+user.beschreibung+"')" +
// " returning *";
// if(DEBUG) console.log(query);
//
// req.db.query(query, (err, rs) => {
// if(err && err.constraint && err.constraint ==='idx_nutzer_email') {
// return res.status(409).send("Email-adress already in use");
// } else if (err){
// next(err);
// } else {
// let result = {};
// let user = {};
// user['name'] = rs.rows[0].name;
// user['email'] = rs.rows[0].email;
// user['id'] = rs.rows[0].id;
// user['beschreibung'] = rs.rows[0].beschreibung;
// result['users'] = user;
// res.status(200).json(result);
// }
// });
// });
// });
router.put('/login', function(req, res, next) {
let username = req.body.username;
let password = req.body.password;
console.log(username);
let query = "Select id, name, email, kennwort, beschreibung FROM nutzer WHERE email ilike $1";
if(DEBUG) console.log(query);
req.db.query(query, [username], (err, rs) => {
if (err) {
return next(err)
}
req.user = rs.rows[0];
console.log(req.user);
if(!req.user) return next(new Error);
console.log(req.user.kennwort);
bcrypt.compare(password, req.user.kennwort, function(err, checkResult) {
console.log(checkResult);
if(checkResult) {
console.log("Login erfolgreich")
req.login = true;
} else {
req.login = false;
console.log(err);
res.status(409).send("Passwd didn't match");
}
});
next();
})
});
/* Methods with id */
router.get('/:userId', function(req, res, next) {
let user = {};
let result = {};
user['name'] = req.user.name;
user['email'] = req.user.email;
user['id'] = req.user.id;
user['beschreibung'] = req.user.beschreibung;
result['users'] = user;
res.status(200).json(result);
});
router.put('/:userId', function(req, res, next) {
let user = req.body.users[0];
let query = "UPDATE nutzer set name = '"+user.name+"', email='"+user.email+"', beschreibung = '"+user.beschreibung+"' "+
" WHERE id = "+req.userId +
" returning *";
if(DEBUG) console.log(query);
req.db.query(query, (err, rs) => {
if(err && err.constraint && err.constraint ==='idx_nutzer_email') {
return res.status(409).send("Email-adress already in use");
} else if (err){
next(err);
} else {
let result = {};
let user = {};
user['name'] = rs.rows[0].name;
user['email'] = rs.rows[0].email;
user['id'] = rs.rows[0].id;
user['beschreibung'] = rs.rows[0].beschreibung;
result['users'] = user;
res.status(200).json(result);
}
});
});
router.put('/:userId/changepasswd', function(req, res, next) {
let user = req.body.users[0];
let oldPasswd = req.body.users[0]['oldPasswd'];
let newPasswd = req.body.users[0]['newPasswd'];
if(!oldPasswd || !newPasswd) {
return res.status(400).send("Wrong Params");
}
bcrypt.compare(oldPasswd, req.user.kennwort, function(err, checkResult) {
console.log("Compare: "+oldPasswd+" WITH "+req.user.kennwort+" Result:");
console.log(checkResult);
if(checkResult) {
bcrypt.hash(newPasswd, 10, function(err, hash) {
let query = "UPDATE nutzer set kennwort = '"+hash+"'"+
" WHERE id = "+req.userId +
" returning *";
req.db.query(query, (err, rs) => {
if (err){
next(err);
} else {
let result = {};
let user = {};
user['name'] = rs.rows[0].name;
user['email'] = rs.rows[0].email;
user['id'] = rs.rows[0].id;
user['beschreibung'] = rs.rows[0].beschreibung;
result['users'] = user;
console.log(result);
res.status(200).json(result);
}
});
});
} else {
console.log(err);
res.status(409).send("Old Passwd didn't match");
}
});
});
router.delete('/:userId', function(req, res, next) {
let query = [
"DELETE FROM nutzer_favorit where nutzer = $1;",
"DELETE FROM nutzer_kommentar where nutzer = $1;",
"DELETE FROM nutzer_rolle where nutzer = $1;",
"DELETE FROM nutzer where id = $1;"
];
for(let i = 0; i< query.length; i++) {
req.db.query(query[i], [req.userId], (err, rs) => {
if (err) next(err)
});
}
res.status(204).send();
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink