const db = require('../surreal'); const router = require('express').Router(); const {auth, publicauth} = require('../auth/middleware'); const passwordauth = require('../auth/password'); router.get('/:username',publicauth, async (req, res) => { try{ const username = req.params.username; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT description, creation, visibility, likedPosts, comments, savedPosts FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const posts = await db.query(`SELECT * FROM posts WHERE author = string::lowercase("${username}")`); if(req.user == username){ const returnData = { description: user[0].description, creation: user[0].creation, posts: posts, likedPosts: user[0].likedPosts, comments: user[0].comments, savedPosts: user[0].savedPosts, visibility: user[0].visibility } res.status(200).json({returnData}); } else { if(user[0].visibility.likes == false){ for(let i = 0; i < posts.length; i++){ posts[i].likes = "Hidden"; } } if(user[0].visibility.savedPosts == false){ for(let i = 0; i < posts.length; i++){ posts[i].savedPosts = "Hidden"; } } const returnData = { description: user[0].description, creation: user[0].creation, posts: posts, likedPosts: user[0].likedPosts, comments: user[0].comments, savedPosts: user[0].savedPosts } res.status(200).json({returnData}); } } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/description', auth, async (req, res) => { try{ const username = req.user; const {description} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!description) return res.status(400).json({error: "Missing description"}); if(description.length > process.env.MAXDESCRIPTIONLENGTH) return res.status(400).json({error: "Description is too long"}); const update = await db.query(`UPDATE users SET description = "${description}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Description updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/password', auth, async (req, res) => { try{ const username = req.user; const {oldpassword, newpassword} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!oldpassword) return res.status(400).json({error: "Missing old password"}); if(!newpassword) return res.status(400).json({error: "Missing new password"}); const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const verify = await passwordauth.verify(oldpassword, user[0].password); if(!verify) return res.status(400).json({error: "Old password is incorrect"}); const hash = await passwordauth.hash(newpassword); const newUserPassword = await db.query(`UPDATE users SET password = "${hash}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Password updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/username', auth, async (req, res) => { try{ const username = req.user; const {newusername} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(!newusername) return res.status(400).json({error: "Missing new username"}); const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); const check = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${newusername}")`); if(check.length > 0) return res.status(400).json({error: "Username already exists"}); const newUser = await db.query(`UPDATE users SET username = string::lowercase("${newusername}") WHERE username = string::lowercase("${username}")`); const newPost = await db.query(`UPDATE posts SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`); const newComment = await db.query(`UPDATE comments SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`); const likedPosts = user[0].likedPosts; for(let i = 0; i < likedPosts.length; i++){ const post = await db.query(`SELECT * FROM posts WHERE id = posts:"${likedPosts[i]}"`); const likes = post[0].likes; for(let j = 0; j < likes.length; j++){ if(likes[j] == username){ likes.splice(j, 1); likes.push(newusername); const updatePost = await db.query(`UPDATE posts SET likes = "${likes}" WHERE id = "${likedPosts[i]}"`); } } } res.status(200).json({message: "Username updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.put('/visibility', auth, async (req, res) => { try{ const username = req.user; const {likes, savedPosts} = req.body; if(!username) return res.status(400).json({error: "Missing username"}); if(likes == undefined) return res.status(400).json({error: "Missing likes"}); if(savedPosts == undefined) return res.status(400).json({error: "Missing savedPosts"}); if(typeof likes != "boolean") return res.status(400).json({error: "Invalid likes"}); if(typeof savedPosts != "boolean") return res.status(400).json({error: "Invalid savedPosts"}); const visibility = { likes: likes, savedPosts: savedPosts } const user = await db.query(`UPDATE users SET visibility = "${visibility}" WHERE username = string::lowercase("${username}")`); res.status(200).json({message: "Visibility updated"}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.get('/description/:username', publicauth, async (req, res) => { try{ const username = req.params.username; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT description FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); res.status(200).json({description: user[0].description}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); router.get('/visibility', auth, async (req, res) => { try{ const username = req.user; if(!username) return res.status(400).json({error: "Missing username"}); const user = await db.query(`SELECT visibility FROM users WHERE username = string::lowercase("${username}")`); if(user.length == 0) return res.status(400).json({error: "User does not exist"}); res.status(200).json({visibility: user[0].visibility}); } catch(err){ console.log(err); res.status(500).json({error: "Internal server error"}); } }); module.exports = router;