server/controllers/api/users.js

   1 'use strict'
   2
   3 const express = require('express')
   4 const waterfall = require('async/waterfall')
   5
   6 const constants = require('../../initializers/constants')
   7 const db = require('../../initializers/database')
   8 const logger = require('../../helpers/logger')
   9 const middlewares = require('../../middlewares')
  10 const admin = middlewares.admin
  11 const oAuth = middlewares.oauth
  12 const pagination = middlewares.pagination
  13 const sort = middlewares.sort
  14 const validatorsPagination = middlewares.validators.pagination
  15 const validatorsSort = middlewares.validators.sort
  16 const validatorsUsers = middlewares.validators.users
  17
  18 const router = express.Router()
  19
  20 router.get('/me', oAuth.authenticate, getUserInformation)
  21
  22 router.get('/',
  23   validatorsPagination.pagination,
  24   validatorsSort.usersSort,
  25   sort.setUsersSort,
  26   pagination.setPagination,
  27   listUsers
  28 )
  29
  30 router.post('/',
  31   oAuth.authenticate,
  32   admin.ensureIsAdmin,
  33   validatorsUsers.usersAdd,
  34   createUser
  35 )
  36
  37 router.put('/:id',
  38   oAuth.authenticate,
  39   validatorsUsers.usersUpdate,
  40   updateUser
  41 )
  42
  43 router.delete('/:id',
  44   oAuth.authenticate,
  45   admin.ensureIsAdmin,
  46   validatorsUsers.usersRemove,
  47   removeUser
  48 )
  49
  50 router.post('/token', oAuth.token, success)
  51 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
  52
  53 // ---------------------------------------------------------------------------
  54
  55 module.exports = router
  56
  57 // ---------------------------------------------------------------------------
  58
  59 function createUser (req, res, next) {
  60   const user = db.User.build({
  61     username: req.body.username,
  62     password: req.body.password,
  63     role: constants.USER_ROLES.USER
  64   })
  65
  66   user.save().asCallback(function (err, createdUser) {
  67     if (err) return next(err)
  68
  69     return res.type('json').status(204).end()
  70   })
  71 }
  72
  73 function getUserInformation (req, res, next) {
  74   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
  75     if (err) return next(err)
  76
  77     return res.json(user.toFormatedJSON())
  78   })
  79 }
  80
  81 function listUsers (req, res, next) {
  82   db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
  83     if (err) return next(err)
  84
  85     res.json(getFormatedUsers(usersList, usersTotal))
  86   })
  87 }
  88
  89 function removeUser (req, res, next) {
  90   waterfall([
  91     function loadUser (callback) {
  92       db.User.loadById(req.params.id, callback)
  93     },
  94
  95     function deleteUser (user, callback) {
  96       user.destroy().asCallback(callback)
  97     }
  98   ], function andFinally (err) {
  99     if (err) {
 100       logger.error('Errors when removed the user.', { error: err })
 101       return next(err)
 102     }
 103
 104     return res.sendStatus(204)
 105   })
 106 }
 107
 108 function updateUser (req, res, next) {
 109   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 110     if (err) return next(err)
 111
 112     user.password = req.body.password
 113     user.save().asCallback(function (err) {
 114       if (err) return next(err)
 115
 116       return res.sendStatus(204)
 117     })
 118   })
 119 }
 120
 121 function success (req, res, next) {
 122   res.end()
 123 }
 124
 125 // ---------------------------------------------------------------------------
 126
 127 function getFormatedUsers (users, usersTotal) {
 128   const formatedUsers = []
 129
 130   users.forEach(function (user) {
 131     formatedUsers.push(user.toFormatedJSON())
 132   })
 133
 134   return {
 135     total: usersTotal,
 136     data: formatedUsers
 137   }
 138 }