const db = require('../surreal'); const router = require('express').Router(); const {auth, publicauth} = require('../auth/middleware'); const passwordauth = require('../auth/password'); router.get('/:username',publicauth, async (req, res) => { try{ const username = req.params.username; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT description, creation, visibility, likedPosts, comments, savedPosts FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const posts = await db.query(`SELECT * FROM posts WHERE author = string::lowercase("${username}")`); if(req.user == username){ const returnData = { description: user[0].description, creation: user[0].creation, posts: posts, likedPosts: user[0].likedPosts, comments: user[0].comments, savedPosts: user[0].savedPosts, visibility: user[0].visibility, activity: user[0].activity } res.status(200).json({returnData}); } else { if(user[0].visibility.likes == false){ for(let i = 0; i < posts.length; i++){ posts[i].likes = "Hidden"; } } if(user[0].visibility.savedPosts == false){ for(let i = 0; i < posts.length; i++){ posts[i].savedPosts = "Hidden"; } } const returnData = { description: user[0].description, creation: user[0].creation, posts: posts, likedPosts: user[0].likedPosts, comments: user[0].comments, savedPosts: user[0].savedPosts } res.status(200).json({returnData}); } } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/description', auth, async (req, res) => { try{ const username = req.user; const {description} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!description) return res.status(400).json({error: "Missing description"}); if(description.length > process.env.MAXDESCRIPTIONLENGTH) return res.status(400).json({error: "Description is too long"}); const update = await db.query(`UPDATE users SET description = "${description}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Description updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/password', auth, async (req, res) => { try{ const username = req.user; const {oldpassword, newpassword} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!oldpassword) return res.status(400).json({error: "Missing old password"}); if(!newpassword) return res.status(400).json({error: "Missing new password"}); const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const verify = await passwordauth.verify(oldpassword, user[0].password); if(!verify) return res.status(400).json({error: "Old password is incorrect"}); const hash = await passwordauth.hash(newpassword); const newUserPassword = await db.query(`UPDATE users SET password = "${hash}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Password updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/username', auth, async (req, res) => { try{ const username = req.user; const {newusername} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!newusername) return res.status(400).json({error: "Missing new username"}); const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const check = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${newusername}")`); if(check.length > 0) return res.status(400).json({error: "Username already exists"}); const newUser = await db.query(`UPDATE users SET username = string::lowercase("${newusername}") WHERE username = string::lowercase("${username}")`); const newPost = await db.query(`UPDATE posts SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`); const newComment = await db.query(`UPDATE comments SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`); const likedPosts = user[0].likedPosts; for(let i = 0; i < likedPosts.length; i++){ const post = await db.query(`SELECT * FROM posts WHERE id = posts:"${likedPosts[i]}"`); const likes = post[0].likes; for(let j = 0; j < likes.length; j++){ if(likes[j] == username){ likes.splice(j, 1); likes.push(newusername); const updatePost = await db.query(`UPDATE posts SET likes = "${likes}" WHERE id = "${likedPosts[i]}"`); } } } res.status(200).json({message: "Username updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/visibility', auth, async (req, res) => { try{ const username = req.user; const {likes, savedPosts} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(likes == undefined) return res.status(400).json({error: "Missing likes"}); if(savedPosts == undefined) return res.status(400).json({error: "Missing savedPosts"}); if(typeof likes != "boolean") return res.status(400).json({error: "Invalid likes"}); if(typeof savedPosts != "boolean") return res.status(400).json({error: "Invalid savedPosts"}); const visibility = { likes: likes, savedPosts: savedPosts } const user = await db.query(`UPDATE users SET visibility = "${visibility}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Visibility updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.get('/description/:username', publicauth, async (req, res) => { try{ const username = req.params.username; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT description FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); res.status(200).json({description: user[0].description}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.get('/visibility', auth, async (req, res) => { try{ const username = req.user; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT visibility FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); res.status(200).json({visibility: user[0].visibility}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.get('/activity/:type', auth, async (req, res) => { try{ const type = req.params.type; const username = req.user; if(!type) return res.status(400).json({error: "Missing type"}); if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT activity FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const activity = user[0].activity; if(activity.length > 100){ //remove oldest activity until length is 100 while(activity.length > 100 - 1){ activity.shift(); } } const currentDate = new Date(); const formattedDateAndTime = currentDate.toLocaleTimeString('en-gb', { timeStyle: 'short' }); const formattedDate = currentDate.toLocaleDateString('en-gb'); const date = formattedDateAndTime + " " + formattedDate; const newActivity = { type: type, date: date } activity.push(newActivity); const newActivityDB = await db.query(`UPDATE users SET activity = "${activity}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Activity updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.delete('/delete', auth, async (req, res) => { try{ const username = req.user; const {password} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!password) return res.status(400).json({error: "Missing password"}); const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const verify = await passwordauth.verify(password, user[0].password); if(!verify) return res.status(400).json({error: "Password is incorrect"}); const deletePosts = await db.query(`DELETE FROM posts WHERE author = string::lowercase("${username}")`); const deleteComments = await db.query(`DELETE FROM comments WHERE author = string::lowercase("${username}")`); const deleteLikedPosts = await db.query(`DELETE FROM posts WHERE likes = "${username}"`); const deleteLikedComments = await db.query(`DELETE FROM comments WHERE likes = "${username}"`); const deleteSavedPosts = await db.query(`DELETE FROM posts WHERE savedPosts = "${username}"`); const deleteSavedComments = await db.query(`DELETE FROM comments WHERE savedComments = "${username}"`); const deleteUser = await db.query(`DELETE FROM users WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "User deleted"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); module.exports = router;