push de la fleme

controllers/AuthController.js

@@ -142,7 +142,6 @@ async function loginUser(req, res) {
     .json(LoginServiceResult);
 }
 
-//TODO - To test
 async function getAllUsers(req, res) {
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
@@ -173,17 +172,32 @@ async function getAllUsers(req, res) {
       .json(AllUserResponse);
 }
 
-//TODO - To test
 /**
- * Get user from the database based on the provided user ID and return it as a response.
+ * Retrieves a user from the database based on the user ID.
  *
- * @async
- * @param {object} req - The request object containing the user ID as a parameter.
- * @param {object} res - The response object to be used for sending the user data or error.
- * @return {Promise<void>} - A Promise that resolves when the user data is sent to the client or an error occurred.
+ * @param {object} req - The request object.
+ * @param {object} res - The response object.
+ * @returns {Promise} A promise that resolves to the user object if found, or an error response if not found or unauthorized.
+ * @throws {Error} If an error occurs while retrieving the user or verifying the bearer token.
  */
 async function getUser(req, res) {
-  const userId = req.params.userId;
+  const authHeader = req.headers.authorization;
+  const bearerToken = authHeader.split(' ')[1];
+  const payload = await JwtVerify(bearerToken);
+  const sourceUser = await getUserFromIdService(payload.sub)
+  if (!sourceUser) {
+    return res
+      .type('application/json')
+      .status(404)
+      .json({ error: 'You dont exist anymore' });
+  }
+  if (!sourceUser.isAdmin) {
+    return res
+      .type('application/json')
+      .status(403)
+      .json({ error: 'Unauthorized' });
+  }
+  const userId = req.params.id;
   const dbUser = await getUserFromIdService(userId);
   if (!dbUser) {
     logger.warn(`User not found (${req.ip})`);
@@ -192,13 +206,25 @@ async function getUser(req, res) {
       .status(404)
       .json({ error: 'User not found' });
   }
+  // biome-ignore lint/performance/noDelete: <explanation>
+  delete dbUser.passwordHash
+  // biome-ignore lint/performance/noDelete: <explanation>
+  delete dbUser._id
   return res
     .type('application/json')
     .status(200)
     .json(dbUser);
 }
 
-//TODO - To test
+//TODO - Implement reauth by current password in case of password change
+/**
+ * Edits the user's information.
+ *
+ * @async
+ * @param {Object} req - The request object.
+ * @param {Object} res - The response object.
+ * @return {Object} The modified user's information.
+ */
 async function editUser(req, res) {
   const body = req.body;
   if (!body) {
@@ -215,9 +241,10 @@ async function editUser(req, res) {
   /**
    * Represents the user ID that is the target for a specific operation.
    *
-   * @type {string|number}
+   * @type {string}
    */
-  const targetUserId = body.targetId | payload.sub
+  const targetUserId = req.params.id || payload.sub
+  console.log(targetUserId)
 
   if (!sourceUser) {
     logger.warn(`Unauthorized access attempt (${req.ip})`);
@@ -238,6 +265,7 @@ async function editUser(req, res) {
     if (body.firstName) modifiedData.firstName = `${body.firstName}`;
     if (body.lastName) modifiedData.lastName = `${body.lastName}`;
     if (body.displayName) modifiedData.displayName = `${body.displayName}`;
+    // Case handled with hashing by the service.
     if (body.password) modifiedData.password = `${body.password}`;
 
     //Call service
@@ -271,14 +299,19 @@ async function editUser(req, res) {
 
   }
 
-//TODO - To test
+/**
+ * Deletes a user.
+ *
+ * @param {object} req - The request object.
+ * @param {object} res - The response object.
+ * @return {object} The response object with appropriate status and response body.
+ */
 async function deleteUser(req, res) {
-  const body = req.body;
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
-  const targetUserId = body.targetId | payload.sub
+  const targetUserId = req.params.id
   if (!sourceUser) {
     logger.warn(`Unauthorized access attempt (${req.ip})`);
     return res
@@ -325,10 +358,12 @@ async function getSelf(req, res) {
     .type('application/json')
     .status(200)
     .json({
+      id: dbUser.id,
       username: dbUser.username,
       displayName: dbUser.displayName,
       firstName: dbUser.firstName,
-      lastName: dbUser.lastName
+      lastName: dbUser.lastName,
+      isAdmin: dbUser.isAdmin
     });
 }
 

controllers/EventController.js

@@ -8,9 +8,14 @@ const {
 
 const {
   getAllEventsService,
-  getEventFromIdService, alterUserSubscribedEventStateService, getUserSubscribedEventService
+  getEventFromIdService,
+  alterUserSubscribedEventStateService,
+  getUserSubscribedEventService, createEventService, editEventService, deleteEventService
 } = require("../services/EventService");
 
+const {Logger} = require('tslog')
+const logger = new Logger({ name: "Event Controller" });
+
 //TODO - To test
 /**
  * Retrieves all events.
@@ -54,7 +59,9 @@ async function getEvent(req, res) {
   return res.status(200).json(result);
 }
 
-//TODO Owner user, admin user             ===
+//TODO Get owned event
+
+//TODO - To test
 async function editEvent(req, res) {
   const body = req.body;
   const authHeader = req.headers.authorization;
@@ -69,26 +76,101 @@ async function editEvent(req, res) {
   if (!eventTargetId) {
     res.status(400).json({ message: "Event target ID is missing" });
   }
+  // biome-ignore lint/style/useConst: <explanation>
+  let modifiedData= {}
+  if (body.title) modifiedData.title = `${body.title}`;
+  if (body.subTitle) modifiedData.subTitle = `${body.subTitle}`;
+  if (body.base64Banner) modifiedData.base64Banner = `${body.base64Banner}`;
+  if (body.desc) modifiedData.desc = `${body.desc}`;
+  if (body.date) modifiedData.date = `${body.date}`;
+  if (body.were) modifiedData.were = `${body.were}`;
+  if (body.maxMembers) modifiedData.maxMembers = `${body.maxMembers}`;
 
+  const editEventResult = await editEventService(`${eventTargetId}`, modifiedData);
+
+  if (editEventResult.error === 'eventNotFound') {
+      return res.status(500).json({
+        error: 'editFailed',
+        message: 'Failed to edit event'
+      });
+  }
+  return res.status(200).json({
+      message: "Event edited successfully"
+  });
 }
 
-//TODO Owner user, admin user             ===
+//TODO - To test
 async function deleteEvent(req, res) {
   const authHeader = req.headers.authorization;
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
-}
-
-//TODO Event creation by logged user      ===
-async function createNewEvent(req, res) {
-  const authHeader = req.headers.authorization;
-  const bearerToken = authHeader.split(' ')[1];
-  const payload = await JwtVerify(bearerToken);
-  const sourceUser = await getUserFromIdService(payload.sub)
+  const eventId = req.params.id;
+  if (!eventId) {
+    res.status(400).json({ message: "Event ID is missing" });
+  }
+  const Event = getEventFromIdService(eventId)
+  if (!Event) {
+    return res.status(404).json({ message: "Event not found" });
+  }
+  if (Event.authorId !== sourceUser.id && !sourceUser.isAdmin) {
+    return res.status(403).json({ message: "Unauthorized request" });
+  }
+  const deleteEventResult = await deleteEventService(Event.id)
+  if (!deleteEventResult) {
+      return res.status(500).json({
+          error: 'deleteFailed',
+          message: 'Failed to delete event'
+      });
+  }
+  return res.status(200).json({
+      message: "Event deleted successfully"
+  });
 }
 
 //TODO - To test
+async function createNewEvent(req, res) {
+  const body = req.body;
+  if (!body.title || !body.subTitle || !body.base64Banner || !body.desc || !body.date || !body.were || !body.maxMembers) {
+    logger.warn(`Field(s) missing (${req.ip})`);
+    return res
+      .type('application/json')
+      .status(400)
+      .json({ error: 'Field(s) missing' });
+  }
+  const authHeader = req.headers.authorization;
+  const bearerToken = authHeader.split(' ')[1];
+  const payload = await JwtVerify(bearerToken);
+  const sourceUser = await getUserFromIdService(payload.sub);
+  const targetUserId = body.authorId || sourceUser.id
+  if (targetUserId !== sourceUser.id && !sourceUser.isAdmin) {
+    return res.status(403).json({
+      error: "unauthorized",
+      message: "Unauthorized request"
+    });
+  }
+
+  // biome-ignore lint/style/useConst: <explanation>
+  let sanitizedData= {}
+  if (body.title) sanitizedData.title = `${body.title}`;
+  if (body.subTitle) sanitizedData.subTitle = `${body.subTitle}`;
+  if (body.base64Banner) sanitizedData.base64Banner = `${body.base64Banner}`;
+  if (body.desc) sanitizedData.desc = `${body.desc}`;
+  if (body.date) sanitizedData.date = `${body.date}`;
+  if (body.were) sanitizedData.were = `${body.were}`;
+  if (body.maxMembers) sanitizedData.maxMembers = `${body.maxMembers}`;
+
+  const createdEventResult = await createEventService(targetUserId, sanitizedData)
+
+  if (createdEventResult.error === 'createFailed') {
+    return res.status(500).json({
+      error: 'createFailed',
+      message: 'Failed to create event'
+    });
+  }
+  return res.status(200).json(createdEventResult.eventId);
+}
+
 /**
  * Retrieves the subscribed event for the specified user.
  *
@@ -101,11 +183,7 @@ async function getSubscribedEvent(req, res) {
   const bearerToken = authHeader.split(' ')[1];
   const payload = await JwtVerify(bearerToken);
   const sourceUser = await getUserFromIdService(payload.sub)
-  const targetId = body.targetId || sourceUser.id;
-  if (targetId !== sourceUser.id && !sourceUser.isAdmin) {
-    res.status(403).json({ message: "Unauthorized request" });
-  }
-  const subscribedEventResult = await getUserSubscribedEventService(targetId);
+  const subscribedEventResult = await getUserSubscribedEventService(sourceUser.id);
   if (subscribedEventResult.error === 'noSubscribedEventFound') {
     return res
       .type('application/json')

controllers/routes/auth/index.js

@@ -7,7 +7,8 @@ const {
   registerUser,
   getUser,
   editUser,
-  deleteUser
+  deleteUser,
+  getAllUsers
 } = require("../../AuthController");
 const {validateJWT} = require("../../../middlewares/AuthorizationMiddleware");
 
@@ -15,6 +16,7 @@ router.route("/login").post(loginUser)
 router.route("/register").post(registerUser)
 
 router.route("/me").get(validateJWT, getSelf)
+router.route("/all").get(validateJWT, getAllUsers)
 
 router.route("/:id").get(validateJWT, getUser)
 router.route("/:id").patch(validateJWT, editUser)

controllers/routes/event/index.js

@@ -13,6 +13,7 @@ const {
 const {validateJWT} = require("../../../middlewares/AuthorizationMiddleware");
 
 router.route("/all").get(getAllEvent)
+//TODO Get owned event
 router.route("/subscribed").get(validateJWT, getSubscribedEvent)
 router.route("/subscribed").post(validateJWT, alterSubscribedEventState)
 router.route("/new").post(validateJWT, createNewEvent)