server/controllers/api/users.js

   1 'use strict'
   2
   3 const express = require('express')
   4 const waterfall = require('async/waterfall')
   5
   6 const constants = require('../../initializers/constants')
   7 const db = require('../../initializers/database')
   8 const logger = require('../../helpers/logger')
   9 const utils = require('../../helpers/utils')
  10 const middlewares = require('../../middlewares')
  11 const admin = middlewares.admin
  12 const oAuth = middlewares.oauth
  13 const pagination = middlewares.pagination
  14 const sort = middlewares.sort
  15 const validatorsPagination = middlewares.validators.pagination
  16 const validatorsSort = middlewares.validators.sort
  17 const validatorsUsers = middlewares.validators.users
  18
  19 const router = express.Router()
  20
  21 router.get('/me', oAuth.authenticate, getUserInformation)
  22
  23 router.get('/',
  24   validatorsPagination.pagination,
  25   validatorsSort.usersSort,
  26   sort.setUsersSort,
  27   pagination.setPagination,
  28   listUsers
  29 )
  30
  31 router.post('/',
  32   oAuth.authenticate,
  33   admin.ensureIsAdmin,
  34   validatorsUsers.usersAdd,
  35   createUser
  36 )
  37
  38 router.put('/:id',
  39   oAuth.authenticate,
  40   validatorsUsers.usersUpdate,
  41   updateUser
  42 )
  43
  44 router.delete('/:id',
  45   oAuth.authenticate,
  46   admin.ensureIsAdmin,
  47   validatorsUsers.usersRemove,
  48   removeUser
  49 )
  50
  51 router.post('/token', oAuth.token, success)
  52 // TODO: Once https://github.com/oauthjs/node-oauth2-server/pull/289 is merged, implement revoke token route
  53
  54 // ---------------------------------------------------------------------------
  55
  56 module.exports = router
  57
  58 // ---------------------------------------------------------------------------
  59
  60 function createUser (req, res, next) {
  61   const user = db.User.build({
  62     username: req.body.username,
  63     password: req.body.password,
  64     role: constants.USER_ROLES.USER
  65   })
  66
  67   user.save().asCallback(function (err, createdUser) {
  68     if (err) return next(err)
  69
  70     return res.type('json').status(204).end()
  71   })
  72 }
  73
  74 function getUserInformation (req, res, next) {
  75   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
  76     if (err) return next(err)
  77
  78     return res.json(user.toFormatedJSON())
  79   })
  80 }
  81
  82 function listUsers (req, res, next) {
  83   db.User.listForApi(req.query.start, req.query.count, req.query.sort, function (err, usersList, usersTotal) {
  84     if (err) return next(err)
  85
  86     res.json(utils.getFormatedObjects(usersList, usersTotal))
  87   })
  88 }
  89
  90 function removeUser (req, res, next) {
  91   waterfall([
  92     function loadUser (callback) {
  93       db.User.loadById(req.params.id, callback)
  94     },
  95
  96     function deleteUser (user, callback) {
  97       user.destroy().asCallback(callback)
  98     }
  99   ], function andFinally (err) {
 100     if (err) {
 101       logger.error('Errors when removed the user.', { error: err })
 102       return next(err)
 103     }
 104
 105     return res.sendStatus(204)
 106   })
 107 }
 108
 109 function updateUser (req, res, next) {
 110   db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) {
 111     if (err) return next(err)
 112
 113     user.password = req.body.password
 114     user.save().asCallback(function (err) {
 115       if (err) return next(err)
 116
 117       return res.sendStatus(204)
 118     })
 119   })
 120 }
 121
 122 function success (req, res, next) {
 123   res.end()
 124 }