colouring-montreal/app/src/api/services/user.ts

/**
 * User data access
 *
 */
import db from '../../db';

function createUser(user) {
    if (!user.password || user.password.length < 8) {
        return Promise.reject({ error: 'Password must be at least 8 characters' })
    }
    if (user.password.length > 70) {
        return Promise.reject({ error: 'Password must be at most 70 characters' })
    }
    return db.one(
        `INSERT
        INTO users (
            user_id,
            username,
            email,
            pass
        ) VALUES (
            gen_random_uuid(),
            $1,
            $2,
            crypt($3, gen_salt('bf'))
        ) RETURNING user_id
        `, [
            user.username,
            user.email,
            user.password
        ]
    ).catch(function (error) {
        console.error('Error:', error)

        if (error.detail.indexOf('already exists') !== -1) {
            if (error.detail.indexOf('username') !== -1) {
                return { error: 'Username already registered' };
            } else if (error.detail.indexOf('email') !== -1) {
                return { error: 'Email already registered' };
            }
        }
        return { error: 'Database error' }
    });
}

function authUser(username, password) {
    return db.one(
        `SELECT
            user_id,
            (
                pass = crypt($2, pass)
            ) AS auth_ok
        FROM users
        WHERE
        username = $1
        `, [
            username,
            password
        ]
    ).then(function (user) {
        if (user && user.auth_ok) {
            return { user_id: user.user_id }
        } else {
            return { error: 'Username or password not recognised' }
        }
    }).catch(function (err) {
        console.error(err);
        return { error: 'Username or password not recognised' };
    })
}

function getUserById(id) {
    return db.one(
        `SELECT
            username, email, registered, api_key
        FROM
            users
        WHERE
            user_id = $1
        `, [
            id
        ]
    ).catch(function (error) {
        console.error('Error:', error)
        return undefined;
    });
}

function getNewUserAPIKey(id) {
    return db.one(
        `UPDATE
            users
        SET
            api_key = gen_random_uuid()
        WHERE
            user_id = $1
        RETURNING
            api_key
        `, [
            id
        ]
    ).catch(function (error) {
        console.error('Error:', error)
        return { error: 'Failed to generate new API key.' };
    });
}

function authAPIUser(key) {
    return db.one(
        `SELECT
            user_id
        FROM
            users
        WHERE
            api_key = $1
        `, [
            key
        ]
    ).catch(function (error) {
        console.error('Error:', error)
        return undefined;
    });
}

function deleteUser(id) {
    return db.none(
        `UPDATE users
        SET
            email = null,
            pass = null,
            api_key = null,
            username = concat('deleted_', cast(user_id as char(13))),
            is_deleted = true,
            deleted_on = now() at time zone 'utc'
        WHERE user_id = $1
        `, [id]
    ).catch((error) => {
        console.error('Error:', error);
        return {error: 'Database error'};
    });
}

export { getUserById, createUser, authUser, getNewUserAPIKey, authAPIUser, deleteUser }
Update user db access 2018-09-30 14:49:07 -04:00			`/**`
			`* User data access`
			`*`
			`*/`
Move JSON API into its own directory 2019-08-14 05:54:13 -04:00			`import db from '../../db';`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00
			`function createUser(user) {`
Handle and show login/signup errors 2018-09-13 11:58:05 -04:00			`if (!user.password \|\| user.password.length < 8) {`
Lint spacing 2019-02-24 14:28:11 -05:00			`return Promise.reject({ error: 'Password must be at least 8 characters' })`
Handle and show login/signup errors 2018-09-13 11:58:05 -04:00			`}`
			`if (user.password.length > 70) {`
Lint spacing 2019-02-24 14:28:11 -05:00			`return Promise.reject({ error: 'Password must be at most 70 characters' })`
Handle and show login/signup errors 2018-09-13 11:58:05 -04:00			`}`
Update user db access 2018-09-30 14:49:07 -04:00			`return db.one(`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`INSERT
			`INTO users (`
			`user_id,`
			`username,`
			`email,`
			`pass`
			`) VALUES (`
			`gen_random_uuid(),`
			`$1,`
			`$2,`
			`crypt($3, gen_salt('bf'))`
			`) RETURNING user_id`
			`, [
Lint spacing 2019-02-24 14:28:11 -05:00			`user.username,`
			`user.email,`
			`user.password`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`]`
Lint spacing 2019-02-24 14:28:11 -05:00			`).catch(function (error) {`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`console.error('Error:', error)`

Lint spacing 2019-02-24 14:28:11 -05:00			`if (error.detail.indexOf('already exists') !== -1) {`
			`if (error.detail.indexOf('username') !== -1) {`
			`return { error: 'Username already registered' };`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`} else if (error.detail.indexOf('email') !== -1) {`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { error: 'Email already registered' };`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`}`
			`}`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { error: 'Database error' }`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`});`
			`}`

			`function authUser(username, password) {`
Update user db access 2018-09-30 14:49:07 -04:00			`return db.one(`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`SELECT
			`user_id,`
			`(`
			`pass = crypt($2, pass)`
			`) AS auth_ok`
			`FROM users`
			`WHERE`
			`username = $1`
			`, [
Lint spacing 2019-02-24 14:28:11 -05:00			`username,`
			`password`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`]`
Lint spacing 2019-02-24 14:28:11 -05:00			`).then(function (user) {`
Handle and show login/signup errors 2018-09-13 11:58:05 -04:00			`if (user && user.auth_ok) {`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { user_id: user.user_id }`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`} else {`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { error: 'Username or password not recognised' }`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`}`
Lint spacing 2019-02-24 14:28:11 -05:00			`}).catch(function (err) {`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`console.error(err);`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { error: 'Username or password not recognised' };`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`})`
			`}`

Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`function getUserById(id) {`
Update user db access 2018-09-30 14:49:07 -04:00			`return db.one(`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`SELECT
Allow requesting user API key 2018-10-20 07:20:10 -04:00			`username, email, registered, api_key`
Allow POST to edit building with ?api_key=... 2018-10-20 07:59:17 -04:00			`FROM`
			`users`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`WHERE`
Allow POST to edit building with ?api_key=... 2018-10-20 07:59:17 -04:00			`user_id = $1`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`, [
Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`id`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`]`
Lint spacing 2019-02-24 14:28:11 -05:00			`).catch(function (error) {`
Merge frontend/api into universal react app 2018-09-09 17:22:44 -04:00			`console.error('Error:', error)`
			`return undefined;`
			`});`
			`}`

Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`function getNewUserAPIKey(id) {`
Allow requesting user API key 2018-10-20 07:20:10 -04:00			`return db.one(`
			`UPDATE
			`users`
			`SET`
			`api_key = gen_random_uuid()`
			`WHERE`
			`user_id = $1`
			`RETURNING`
			`api_key`
			`, [
Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`id`
Allow requesting user API key 2018-10-20 07:20:10 -04:00			`]`
Lint spacing 2019-02-24 14:28:11 -05:00			`).catch(function (error) {`
Allow requesting user API key 2018-10-20 07:20:10 -04:00			`console.error('Error:', error)`
Lint spacing 2019-02-24 14:28:11 -05:00			`return { error: 'Failed to generate new API key.' };`
Allow requesting user API key 2018-10-20 07:20:10 -04:00			`});`
			`}`

Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`function authAPIUser(key) {`
Allow POST to edit building with ?api_key=... 2018-10-20 07:59:17 -04:00			`return db.one(`
			`SELECT
			`user_id`
			`FROM`
			`users`
			`WHERE`
			`api_key = $1`
			`, [
Lint prop-types, camelCase 2019-05-27 13:26:29 -04:00			`key`
Allow POST to edit building with ?api_key=... 2018-10-20 07:59:17 -04:00			`]`
Lint spacing 2019-02-24 14:28:11 -05:00			`).catch(function (error) {`
Allow POST to edit building with ?api_key=... 2018-10-20 07:59:17 -04:00			`console.error('Error:', error)`
			`return undefined;`
			`});`
			`}`

Add user delete API endpoint The deleted user username will be changed to 'deleted_' plus the 13 initial characters of the standard format user_id. Email, hashed password and API key are all cleared for the user. The endpoint is currently only available through /api/users/me and only allows a logged-in user to delete their own account. 2019-08-15 11:12:01 -04:00			`function deleteUser(id) {`
			`return db.none(`
			`UPDATE users
			`SET`
			`email = null,`
			`pass = null,`
			`api_key = null,`
			`username = concat('deleted_', cast(user_id as char(13))),`
			`is_deleted = true,`
			`deleted_on = now() at time zone 'utc'`
			`WHERE user_id = $1`
			`, [id]
			`).catch((error) => {`
			`console.error('Error:', error);`
			`return {error: 'Database error'};`
			`});`
			`}`

			`export { getUserById, createUser, authUser, getNewUserAPIKey, authAPIUser, deleteUser }`