kajvans/forum-backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity
Files
1273706b8c9528d0211824a0da2f96795e25af83
forum-backend/routes/user.js
T
kajvans 1273706b8c some tweaks and readme
2024-01-25 16:47:06 +01:00

287 lines
11 KiB
JavaScript
Raw Blame History

const db = require('../surreal');
const router = require('express').Router();
const {auth, publicauth} = require('../auth/middleware');
const passwordauth = require('../auth/password');
router.get('/:username',publicauth, async (req, res) => {
try{
const username = req.params.username;
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT description, creation, visibility, likedPosts, comments, savedPosts FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const posts = await db.query(`SELECT * FROM posts WHERE author = string::lowercase("${username}")`);
if(req.user == username){
const returnData = {
description: user[0].description,
creation: user[0].creation,
posts: posts,
likedPosts: user[0].likedPosts,
comments: user[0].comments,
savedPosts: user[0].savedPosts,
visibility: user[0].visibility,
activity: user[0].activity
}
res.status(200).json({returnData});
}
else {
if(user[0].visibility.likes == false){
for(let i = 0; i < posts.length; i++){
posts[i].likes = "Hidden";
}
}
if(user[0].visibility.savedPosts == false){
for(let i = 0; i < posts.length; i++){
posts[i].savedPosts = "Hidden";
}
}
const returnData = {
description: user[0].description,
creation: user[0].creation,
posts: posts,
likedPosts: user[0].likedPosts,
comments: user[0].comments,
savedPosts: user[0].savedPosts
}
res.status(200).json({returnData});
}
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/description', auth, async (req, res) => {
try{
const username = req.user;
const {description} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!description) return res.status(400).json({error: "Missing description"});
if(description.length > process.env.MAXDESCRIPTIONLENGTH) return res.status(400).json({error: "Description is too long"});
const update = await db.query(`UPDATE users SET description = "${description}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Description updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/password', auth, async (req, res) => {
try{
const username = req.user;
const {oldpassword, newpassword} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!oldpassword) return res.status(400).json({error: "Missing old password"});
if(!newpassword) return res.status(400).json({error: "Missing new password"});
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const verify = await passwordauth.verify(oldpassword, user[0].password);
if(!verify) return res.status(400).json({error: "Old password is incorrect"});
const hash = await passwordauth.hash(newpassword);
const newUserPassword = await db.query(`UPDATE users SET password = "${hash}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Password updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/username', auth, async (req, res) => {
try{
const username = req.user;
const {newusername} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!newusername) return res.status(400).json({error: "Missing new username"});
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const check = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${newusername}")`);
if(check.length > 0) return res.status(400).json({error: "Username already exists"});
const newUser = await db.query(`UPDATE users SET username = string::lowercase("${newusername}") WHERE username = string::lowercase("${username}")`);
const newPost = await db.query(`UPDATE posts SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`);
const newComment = await db.query(`UPDATE comments SET author = string::lowercase("${newusername}") WHERE author = string::lowercase("${username}")`);
const likedPosts = user[0].likedPosts;
for(let i = 0; i < likedPosts.length; i++){
const post = await db.query(`SELECT * FROM posts WHERE id = posts:"${likedPosts[i]}"`);
const likes = post[0].likes;
for(let j = 0; j < likes.length; j++){
if(likes[j] == username){
likes.splice(j, 1);
likes.push(newusername);
const updatePost = await db.query(`UPDATE posts SET likes = "${likes}" WHERE id = "${likedPosts[i]}"`);
}
}
}
res.status(200).json({message: "Username updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/visibility', auth, async (req, res) => {
try{
const username = req.user;
const {likes, savedPosts} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(likes == undefined) return res.status(400).json({error: "Missing likes"});
if(savedPosts == undefined) return res.status(400).json({error: "Missing savedPosts"});
if(typeof likes != "boolean") return res.status(400).json({error: "Invalid likes"});
if(typeof savedPosts != "boolean") return res.status(400).json({error: "Invalid savedPosts"});
const visibility = {
likes: likes,
savedPosts: savedPosts
}
const user = await db.query(`UPDATE users SET visibility = "${visibility}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Visibility updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.get('/description/:username', publicauth, async (req, res) => {
try{
const username = req.params.username;
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT description FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
res.status(200).json({description: user[0].description});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.get('/visibility', auth, async (req, res) => {
try{
const username = req.user;
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT visibility FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
res.status(200).json({visibility: user[0].visibility});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.get('/activity/:type', auth, async (req, res) => {
try{
const type = req.params.type;
const username = req.user;
if(!type) return res.status(400).json({error: "Missing type"});
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT activity FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const activity = user[0].activity;
if(activity.length > 100){
//remove oldest activity until length is 100
while(activity.length > 100 - 1){
activity.shift();
}
}
const currentDate = new Date();
const formattedDateAndTime = currentDate.toLocaleTimeString('en-gb', { timeStyle: 'short' });
const formattedDate = currentDate.toLocaleDateString('en-gb');
const date = formattedDateAndTime + " " + formattedDate;
const newActivity = {
type: type,
date: date
}
activity.push(newActivity);
const newActivityDB = await db.query(`UPDATE users SET activity = "${activity}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Activity updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.delete('/delete', auth, async (req, res) => {
try{
const username = req.user;
const {password} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!password) return res.status(400).json({error: "Missing password"});
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const verify = await passwordauth.verify(password, user[0].password);
if(!verify) return res.status(400).json({error: "Password is incorrect"});
const deletePosts = await db.query(`DELETE FROM posts WHERE author = string::lowercase("${username}")`);
const deleteComments = await db.query(`DELETE FROM comments WHERE author = string::lowercase("${username}")`);
const deleteLikedPosts = await db.query(`DELETE FROM posts WHERE likes = "${username}"`);
const deleteLikedComments = await db.query(`DELETE FROM comments WHERE likes = "${username}"`);
const deleteSavedPosts = await db.query(`DELETE FROM posts WHERE savedPosts = "${username}"`);
const deleteSavedComments = await db.query(`DELETE FROM comments WHERE savedComments = "${username}"`);
const deleteUser = await db.query(`DELETE FROM users WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "User deleted"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
module.exports = router;
Reference in New Issue View Git Blame Copy Permalink