"use strict";const server = require("./main.js");const db = require("./datab

1. "use strict";
2. const server = require("./main.js");
3. const db = require("./databaseFunctions.js");
4. const sha512 = require('sha512');
5. const validate = require('./validation.js');
6. const url = require('url');
7.  
8. server.on("getAll", obj => { // GET /api/users - ADMIN: get data of all users
9. db.isAdmin(obj.req.headers["access-token"],
10. () => {
11. // is admin
12. db.con.query(
13. "SELECT username, publicID, email, lastLogin, created, role FROM users;",
14. (err, res) => {
15. if (err) {
16. console.log("Error while selecting all users: " + err);
17. db.internalError(err, obj.res);
18. return;
19. }
20. for (let i = 0; i < res.length; i++) {
21. db.con.query(
22. "SELECT name, description FROM roles WHERE id=?;", res[i].role,
23. (error, result) => {
24. if (err) {
25. console.log("Error while selecting role of user " + res[i].username + ": " + error);
26. db.internalError(error, obj.res);
27. return;
28. }
29. res[i].role = result[0];
30. if (i === res.length - 1) {
31. obj.res.end(JSON.stringify(res));
32. }
33. }
34. );
35. }
36. }
37. );
38. },
39. (code, message) => {
40. //is not admin
41. obj.res.statusCode = code;
42. obj.res.statusCode = message;
43. res.end();
44. },
45. obj.res
46. );
47. });
48.  
49. server.on("register", obj => { // register a new user
50. try {
51. var data = JSON.parse(obj.data);
52. } catch (err) {
53. // no JSON object
54. obj.res.statusCode = 400;
55. obj.res.statusMessage = "Bad Request!";
56. }
57.  
58. if (!validate.checkUsername(data.username)) {
59. // username length not ok
60. db.unprocessable("Username not long enough!", obj.res);
61. return;
62. }
63.  
64. if (!validate.checkEmail(data.email)) {
65. // email length not ok
66. db.unprocessable("Email not specified!", obj.res);
67. return;
68. }
69.  
70. if (!validate.checkEmailFormat(data.email)) {
71. // email format not ok
72. db.unprocessable("Invalid email!", obj.res);
73. return;
74. }
75.  
76. if (!validate.checkPassword(data.password)) {
77. //password not long enough
78. db.unprocessable("The password has to be at least 8 characters long!", obj.res);
79. return;
80. }
81.  
82. db.usernameInUse(
83. data.username.trim(),
84. () => {
85. //username not used
86. db.emailInUse(
87. data.email.trim(),
88. () => {
89. //create Account
90. var insertionData = {
91. publicID: generateUUID4(),
92. username: data.username.trim().toLowerCase(),
93. email: data.email.trim().toLowerCase(),
94. password: sha512(data.password).toString('hex')
95. };
96. db.con.query(
97. "INSERT INTO users SET ?", insertionData,
98. (err, res) => {
99. if (err) {
100. console.log("Error while creating account " + data.username);
101. db.internalError(err, obj.res);
102. return;
103. }
104. console.log(
105. "User " + data.username.trim() + " created successfully!"
106. );
107. obj.res.end();
108. // Todo: call GET Methode!
109. }
110. );
111. },
112. done => {
113. // email in use
114. if (!done) {
115. db.unprocessable("Email already in use!", obj.res);
116. }
117. },
118. obj.res
119. );
120. },
121. done => {
122. //username in use
123. if (!done) {
124. db.unprocessable("The username is already in use!", obj.res);
125. }
126. },
127. obj.res
128. );
129. });
130.  
131. function generateUUID4() {
132. return new Date().getTime();
133. }
134.  
135.  
136.  
137. server.on("getUserByUUID", obj => { // ADMIN: get data of user by UUID
138. if (db.isAdmin(obj.req.headers['access-token'], () => {
139. // user is admin
140. var publicId = url.parse(obj.req.url).pathname.substr(12);
141. db.con.query("SELECT publicID, username, email, lastLogin, created, role FROM users WHERE publicId=?;", publicId, (err, res) => {
142. if (err) {
143. console.log("Error while requesting entity with the public id " + publicId);
144. db.internalError(err, obj.res);
145. return;
146. }
147. db.con.query("SELECT name, description FROM roles WHERE id=?;", res.role, (err, result) => {
148. if (err) {
149. console.log("Error while mapping role for requested entity with the public id " + publicId);
150. db.internalError(err, obj.res);
151. return;
152. }
153. res[0].role = result[0];
154. });
155. });
156. }, (code, message) => {
157. obj.res.statusCode = code;
158. obj.res.statusMessage = message;
159. obj.res.end();
160. }, obj.res));
161. });
162.  
163. server.on("updateUserByUUID", obj => { // ADMIN: update user by UUID
164. // update user data by UUID if the requesting user is admin
165. if (obj.req.headers['access-token'] === undefined) {
166. obj.res.statusCode = 400;
167. obj.res.statusMessage = "Bad Request!";
168. obj.res.end();
169. return;
170. }
171. var uuid = url.parse(obj.req).pathname.substr(12);
172.  
173. try {
174. var data = JSON.parse(obj.data);
175. } catch (err) {
176. // no JSON object
177. obj.res.statusCode = 400;
178. obj.res.statusMessage = "Bad Request!";
179. }
180.  
181. var username = data.username.trim().toLowerCase();
182. var password = data.password;
183. var email = data.email.trim().toLowerCase();
184.  
185. if (username != undefined && !validate.checkUsername(username = username.trim().toLowerCase())) {
186. db.unprocessable("Username not long enough!", obj.res);
187. return;
188. }
189.  
190. if (email != undefined && !validate.checkEmail(email = email.trim().toLowerCase())) {
191. db.unprocessable("Email not specified!", obj.res);
192. return;
193. }
194.  
195. if (email != undefined && !validate.checkEmailFormat(email)) {
196. db.unprocessable("Invalid email!", obj.res);
197. return;
198. }
199.  
200. if (password != undefined && !validate.checkPassword(password)) {
201. db.unprocessable("The password has to be at least 8 characters long!");
202. return;
203. }
204.  
205. db.isAdmin(obj.req.headers['access-token'], () => {
206. db.con.query("SELECT id FROM users WHERE publicId=?", uuid, (err, res) => {
207. if (err) {
208. console.log("Error while selecting publicId!");
209. db.internalError(err, obj.res);
210. return;
211. }
212. if (res.length === 1) {
213. var errorMessage = [];
214. if (password != undefined) {
215. db.con.query("UPDATE users SET password=? WHERE publicId=?;", [sha512(password).toString('hex'), publicId], (err, res) => {
216. if (err) {
217. console.log("Error while updating password!");
218. errorMessage.push("An error occured while updating the password!");
219. }
220. });
221. }
222. if (username != undefined) {
223. db.usernameInUse(username, () => {
224. db.query("UPDATE users SET username=? WHERE publicId=?", [username, publicID], (err, res) => {
225. if (err) {
226. console.log("Error while updating username!");
227. errorMessage.push("An error occured while updating the username!");
228. }
229. });
230. }, (done) => {
231. if (!done) {
232. errorMessage.push("Username already in use!");
233. }
234. }, obj.res);
235. }
236. if (email != undefined) {
237. db.emailInUse(email, () => {
238. db.query("UPDATE users SET email=? WHERE publicId=?", [email, publicID], (err, res) => {
239. if (err) {
240. console.log(err);
241. errorMessage.push("An error occured while updating the email!");
242. }
243. });
244. }, (done) => {
245. if (!done) {
246. errorMessage.push("Email already in use!");
247. }
248. }, obj.res);
249. }
250. obj.res.end(JSON.stringify(errorMessage));
251. } else {
252. // this publicId is not in use
253. obj.res.statusCode = 404;
254. obj.res.statusMessage = "Not found!";
255. obj.res.end("The publicId is not in use!");
256. }
257. });
258. }, (status, message) => {
259. obj.res.statusCode = status;
260. obj.res.statusMessage = message;
261. obj.res.end();
262. }, obj.res);
263. });
264.  
265. server.on("deleteUserByUUID", obj => {
266. // ADMIN: delete user by UUIDs
267. // delete user by UUID if the requesting user is admin
268. });
269.  
270. server.on("update", obj => {
271. // updates the user account of the requesting user
272. // update the user account of the requesting user
273. });
274.  
275. server.on("delete", obj => {
276. // deletes the user account of the requesting user
277. // delete the user account of the requesting user
278. });