Enhance session and profile handling with validation and error handling improvements
This commit is contained in:
Adolfo Reyna
@@ -4,26 +4,18 @@ var router = express.Router()
|
||||
const DB = require("../mongoDB.js");
|
||||
const Profile = require("../def/profile.js");
|
||||
const Notifications = require("./../notifications.js");
|
||||
const { getSessionId, getUserId, getProfileId } = require("./../utils/sessionUtils.js");
|
||||
|
||||
DB.getDB.then((DB)=>{
|
||||
|
||||
const getUserId = function(req){
|
||||
const user_sid = req.cookies.user_sid || req.query.user_sid || req.body.user_sid;
|
||||
return DB.ObjectID(user_sid);
|
||||
}
|
||||
|
||||
const getProfileId = (req)=>{
|
||||
return DB.ObjectID(req.cookies.profile_id || req.query.profile_id || req.body.profile_id);
|
||||
}
|
||||
DB.getDB.then((DB) => {
|
||||
|
||||
const profileBelongsToUser = async (profileid, userid) => {
|
||||
const profile = await DB.getProfileCache(profileid);
|
||||
if(!profile) return false;
|
||||
return profile.userid == (userid + '');
|
||||
if (!profile) return false;
|
||||
return profile.userid === String(userid);
|
||||
}
|
||||
|
||||
router.get("/mine", async (req, res) => {
|
||||
let userid = req.cookies.user_sid;
|
||||
let userid = getUserId(req);
|
||||
let profiles = await DB.getUserProfiles(userid);
|
||||
return res.json({
|
||||
status: "ok",
|
||||
@@ -34,59 +26,84 @@ DB.getDB.then((DB)=>{
|
||||
router.get("/new", async (req, res) => { //Deprecated please use route post("/")
|
||||
let profile = {
|
||||
userid: getUserId(req),
|
||||
... req.query.content
|
||||
...req.query.content
|
||||
};
|
||||
let profileObj = new Profile(profile);
|
||||
let r = await DB.newProfile(profileObj);
|
||||
return res.json({
|
||||
status: "ok",
|
||||
... profileObj.toObj()
|
||||
...profileObj.toObj()
|
||||
});
|
||||
});
|
||||
|
||||
router.post("/", async (req, res) => {
|
||||
let profile = {
|
||||
userid: getUserId(req),
|
||||
... req.body.content
|
||||
...req.body.content
|
||||
};
|
||||
let profileObj = new Profile(profile);
|
||||
let r = await DB.newProfile(profileObj);
|
||||
return res.json({
|
||||
status: "ok",
|
||||
... profileObj.toObj()
|
||||
});
|
||||
try {
|
||||
let profileObj = new Profile(profile);
|
||||
let r = await DB.newProfile(profileObj);
|
||||
return res.json({
|
||||
status: "ok",
|
||||
...profileObj.toObj()
|
||||
});
|
||||
} catch (error) {
|
||||
console.error("Error creating profile", error);
|
||||
return res.json({
|
||||
status: error,
|
||||
});
|
||||
}
|
||||
|
||||
});
|
||||
|
||||
router.post("/invite", async (req, res) => {
|
||||
const userid = getUserId(req);
|
||||
const name = req.body.name;
|
||||
const email = req.body.email;
|
||||
//validate email?
|
||||
if(!name || !email) return res.json({status: "incomplete request"});
|
||||
let r = await DB.newInvitation(userid, name, email);
|
||||
if(!r.toLowerCase){
|
||||
//send email invitation
|
||||
try {
|
||||
const userid = getUserId(req);
|
||||
let { name, email } = req.body; // Destructuring for clarity
|
||||
// Validate required fields
|
||||
if (!name || !email) {
|
||||
return res.status(400).json({ status: "Name and email are required" });
|
||||
}
|
||||
// Validate email format
|
||||
email = email.trim().toLowerCase()
|
||||
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
||||
if (!emailRegex.test(email)) {
|
||||
return res.status(400).json({ status: "Invalid email format" });
|
||||
}
|
||||
// Create new invitation, this returns a string if failed
|
||||
let r = await DB.newInvitation(userid, name, email);
|
||||
if (r instanceof String) {
|
||||
// Handle failure response from DB.newInvitation
|
||||
return res.status(400).json({
|
||||
status: r,
|
||||
message: `Failed to send invitation: ${r}`
|
||||
});
|
||||
}
|
||||
// Handle response from DB.newInvitation
|
||||
// Send email invitation
|
||||
let senderProfile = await DB.getProfile(getProfileId(req));
|
||||
Notifications.youHaveAnInvitation(name, email, senderProfile);
|
||||
return res.json({
|
||||
status: "ok"
|
||||
return res.status(200).json({
|
||||
status: "ok",
|
||||
message: `Invitation sent to ${name} (${email})`
|
||||
});
|
||||
} catch (error) {
|
||||
console.error("Error during invitation process:", error);
|
||||
return res.status(500).json({ status: "error", message: "Something went wrong, please try again later" });
|
||||
}
|
||||
return res.json({
|
||||
status: r
|
||||
});
|
||||
});
|
||||
|
||||
router.get("/invite/:email", async (req, res) => {
|
||||
const userid = getUserId(req);
|
||||
const email = req.params.email;
|
||||
//validate email?
|
||||
if(!email) return res.json({status: "provide valid email"});
|
||||
if (!email) return res.json({ status: "provide valid email" });
|
||||
let r = await DB.getInvitation(email);
|
||||
if(!r) return res.json({status: "no invitation found with that email"});
|
||||
if (!r) return res.json({ status: "no invitation found with that email" });
|
||||
let isUserAlreadyRegistered = await DB.getUser(email);
|
||||
if(isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({status: "This user is already registered"});
|
||||
return res.json({status: "ok", ... r});
|
||||
if (isUserAlreadyRegistered && isUserAlreadyRegistered._id) return res.json({ status: "This user is already registered" });
|
||||
return res.json({ status: "ok", ...r });
|
||||
});
|
||||
|
||||
router.get("/groups", async (req, res) => {
|
||||
@@ -110,13 +127,13 @@ DB.getDB.then((DB)=>{
|
||||
let profile = {
|
||||
userid: getUserId(req),
|
||||
isGroup: true,
|
||||
... req.body
|
||||
...req.body
|
||||
};
|
||||
let profileObj = new Profile(profile);
|
||||
DB.newProfile(profileObj)
|
||||
return res.json({
|
||||
status: "ok",
|
||||
... profileObj.toObj()
|
||||
...profileObj.toObj()
|
||||
});
|
||||
});
|
||||
|
||||
@@ -133,7 +150,7 @@ DB.getDB.then((DB)=>{
|
||||
//of an user that attempt to join a private group.
|
||||
const groupid = getProfileId(req); //It needs to have this profile context
|
||||
const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined;
|
||||
if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){
|
||||
if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) {
|
||||
return res.json({
|
||||
status: "Only group owner can accept new subscribers"
|
||||
});
|
||||
@@ -152,7 +169,7 @@ DB.getDB.then((DB)=>{
|
||||
//of an user that attempt to join a private group.
|
||||
const groupid = getProfileId(req); //It needs to have this profile context
|
||||
const groupidBody = req.body.groupid ? DB.ObjectID(req.body.groupid) : undefined;
|
||||
if(groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)){
|
||||
if (groupidBody && groupid != groupidBody && !DB.isOwnerOfGroup(groupid, groupidBody)) {
|
||||
return res.json({
|
||||
status: "Only group owner can reject new subscribers"
|
||||
});
|
||||
@@ -191,7 +208,7 @@ DB.getDB.then((DB)=>{
|
||||
const isPrivate = await DB.isGroupPrivate(groupid);
|
||||
DB.subscribeToGroup(profileid, groupid, isPrivate);
|
||||
//Add notification to group owner
|
||||
if(isPrivate) Notifications.yourGroupHasARequest(profileid, groupid)
|
||||
if (isPrivate) Notifications.yourGroupHasARequest(profileid, groupid)
|
||||
return res.json({
|
||||
status: "ok"
|
||||
});
|
||||
@@ -244,14 +261,14 @@ DB.getDB.then((DB)=>{
|
||||
let profile = await DB.getProfile(profileId);
|
||||
return res.json({
|
||||
status: "ok",
|
||||
... profile
|
||||
...profile
|
||||
});
|
||||
});
|
||||
|
||||
router.delete("/:id", async (req, res) => {
|
||||
const profileId = req.params.id;
|
||||
const userid = getUserId(req);
|
||||
if(!await profileBelongsToUser(profileId, userid))
|
||||
if (!await profileBelongsToUser(profileId, userid))
|
||||
return res.json({
|
||||
status: "This profile is not yours."
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user