feat: user operation apis added

2026-01-08 07:00:04 +00:00 · 2021-11-04 05:51:29 +05:00
parent 9f17b17e31
commit 728f277f5c
11 changed files with 190 additions and 26 deletions
--- a/src/routes/api/user.ts
+++ b/src/routes/api/user.ts
@@ -1,25 +1,99 @@
 import express from 'express'
 import { createUser } from '../../controllers/createUser'
-import { registerUserValidation } from '../../utils'
+import { updateUser } from '../../controllers/updateUser'
+import { deleteUser } from '../../controllers/deleteUser'
+import { authenticateAccessToken, verifyAdmin } from '../../middlewares'
+import User from '../../model/User'
+import {
+  deleteUserValidation,
+  registerUserValidation,
+  updateUserValidation
+} from '../../utils'

 const userRouter = express.Router()

-userRouter.post('/', async (req, res) => {
+userRouter.post('/', authenticateAccessToken, verifyAdmin, async (req, res) => {
  const { error, value: data } = registerUserValidation(req.body)
  if (error) return res.status(400).send(error.details[0].message)

  try {
    const savedUser = await createUser(data)
-    res.send({
-      displayName: savedUser.displayName,
-      username: savedUser.username,
-      isAdmin: savedUser.isAdmin,
-      isActive: savedUser.isActive,
-      tokens: []
-    })
+    res.send(savedUser)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
 })

+userRouter.get('/', authenticateAccessToken, async (req, res) => {
+  try {
+    const users = await User.find({})
+      .select({ _id: 0, username: 1, displayName: 1, isAdmin: 1, isActive: 1 })
+      .exec()
+    res.send(users)
+  } catch (err: any) {
+    res.status(403).send(err.toString())
+  }
+})
+
+userRouter.get('/:username', authenticateAccessToken, async (req: any, res) => {
+  const { username } = req.params
+  try {
+    const user = await User.findOne({ username })
+      .select({ _id: 0, username: 1, displayName: 1, isAdmin: 1, isActive: 1 })
+      .exec()
+    res.send(user)
+  } catch (err: any) {
+    res.status(403).send(err.toString())
+  }
+})
+
+userRouter.patch(
+  '/:username',
+  authenticateAccessToken,
+  async (req: any, res) => {
+    const { user } = req
+    const { username } = req.params
+
+    // only an admin can update other users
+    if (!user.isAdmin && user.username !== username) {
+      return res.status(401).send('Admin account required')
+    }
+
+    // only an admin can update `isActive` and `isAdmin` fields
+    const { error, value: data } = updateUserValidation(req.body, user.isAdmin)
+    if (error) return res.status(400).send(error.details[0].message)
+
+    try {
+      const user = await updateUser(username, data)
+      res.send(user)
+    } catch (err: any) {
+      res.status(403).send(err.toString())
+    }
+  }
+)
+
+userRouter.delete(
+  '/:username',
+  authenticateAccessToken,
+  async (req: any, res) => {
+    const { user } = req
+    const { username } = req.params
+
+    // only an admin can delete other users
+    if (!user.isAdmin && user.username !== username) {
+      return res.status(401).send('Admin account required')
+    }
+
+    const { error, value: data } = deleteUserValidation(req.body, user.isAdmin)
+    if (error) return res.status(400).send(error.details[0].message)
+
+    try {
+      await deleteUser(username, user.isAdmin, data)
+      res.status(200).send('Account Deleted!')
+    } catch (err: any) {
+      res.status(403).send(err.toString())
+    }
+  }
+)
+
 export default userRouter