server/controllers/api/users.js

   1 'use strict'
   2
   3 const express = require('express')
   4 const waterfall = require('async/waterfall')
   5
   6 const constants = require('../../initializers/constants')
   7 const db = require('../../initializers/database')
   8 const logger = require('../../helpers/logger')
   9 const utils = require('../../helpers/utils')
  10 const middlewares = require('../../middlewares')
  11 const admin = middlewares.admin
  12 const oAuth = middlewares.oauth
  13 const pagination = middlewares.pagination
  14 const sort = middlewares.sort
  15 const validatorsPagination = middlewares.validators.pagination
  16 const validatorsSort = middlewares.validators.sort
  17 const validatorsUsers = middlewares.validators.users
  18
  19 const router = express.Router()
  20
  21 router.get('/me', oAuth.authenticate, getUserInformation)
  22
  23 router.get('/',
  24   validatorsPagination.pagination,
  25   validatorsSort.usersSort,
  26   sort.setUsersSort,
  27   pagination.setPagination,
  28   listUsers
  29 )
  30
  31 router.post('/',
  32   oAuth.authenticate,
  33   admin.ensureIsAdmin,
  34   validatorsUsers.usersAdd,
  35   createUser
  36 )
  37
  38 router.put('/:id',
  39   oAuth.authenticate,
  40   validatorsUsers.usersUpdate,
  41   updateUser
  42 )
  43
  44 router.delete('/:id',
  45   oAuth.authenticate,
  46   admin.ensureIsAdmin,
  47   validatorsUsers.usersRemove,
  48   removeUser
  49 )
  50
  51 router.post('/token', oAuth.token, success)
  52 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
  53
  54 // ---------------------------------------------------------------------------
  55
  56 module.exports = router
  57
  58 // ---------------------------------------------------------------------------
  59
  60 function createUser (req, res, next) {
  61   const user = db.User.build({
  62     username: req.body.username,
  63     password: req.body.password,
  64     email: req.body.email,
  65     role: constants.USER_ROLES.USER
  66   })
  67
  68   user.save().asCallback(function (err, createdUser) {
  69     if (err) return next(err)
  70
  71     return res.type('json').status(204).end()
  72   })
  73 }
  74
  75 function getUserInformation (req, res, next) {
  76   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
  77     if (err) return next(err)
  78
  79     return res.json(user.toFormatedJSON())
  80   })
  81 }
  82
  83 function listUsers (req, res, next) {
  84   db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
  85     if (err) return next(err)
  86
  87     res.json(utils.getFormatedObjects(usersList, usersTotal))
  88   })
  89 }
  90
  91 function removeUser (req, res, next) {
  92   waterfall([
  93     function loadUser (callback) {
  94       db.User.loadById(req.params.id, callback)
  95     },
  96
  97     function deleteUser (user, callback) {
  98       user.destroy().asCallback(callback)
  99     }
 100   ], function andFinally (err) {
 101     if (err) {
 102       logger.error('Errors when removed the user.', { error: err })
 103       return next(err)
 104     }
 105
 106     return res.sendStatus(204)
 107   })
 108 }
 109
 110 function updateUser (req, res, next) {
 111   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 112     if (err) return next(err)
 113
 114     user.password = req.body.password
 115     user.save().asCallback(function (err) {
 116       if (err) return next(err)
 117
 118       return res.sendStatus(204)
 119     })
 120   })
 121 }
 122
 123 function success (req, res, next) {
 124   res.end()
 125 }