a_adli/colouring-montreal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c63f42f921
colouring-montreal/app/src/api/services/user.ts

200 lines
4.6 KiB
TypeScript
Raw Normal View History

Update user db access
2018-09-30 14:49:07 -04:00
/**
* User data access
*
*/
Prevent logging passwords in failed login attempts
2019-09-10 10:38:01 -04:00
import { errors } from 'pg-promise';
Move JSON API into its own directory
2019-08-14 05:54:13 -04:00
import db from '../../db';
Add username and password validation
2019-09-11 11:28:05 -04:00
import { validateUsername, ValidationError, validatePassword } from '../validation';
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
import { promisify } from 'util';
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function createUser(user) {
Add username and password validation
2019-09-11 11:28:05 -04:00
try {
validateUsername(user.username);
validatePassword(user.password);
} catch(err) {
if (err instanceof ValidationError) {
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
throw { error: err.message };
Add username and password validation
2019-09-11 11:28:05 -04:00
} else throw err;
Handle and show login/signup errors
2018-09-13 11:58:05 -04:00
}
Add username and password validation
2019-09-11 11:28:05 -04:00
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
try {
return await db.one(
`INSERT
INTO users (
user_id,
username,
email,
pass
) VALUES (
gen_random_uuid(),
$1,
$2,
crypt($3, gen_salt('bf'))
) RETURNING user_id
`, [
user.username,
user.email,
user.password
]
);
} catch(error) {
console.error('Error:', error);
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
if (error.detail.includes('already exists')) {
if (error.detail.includes('username')) {
Lint spacing
2019-02-24 14:28:11 -05:00
return { error: 'Username already registered' };
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
} else if (error.detail.includes('email')) {
Lint spacing
2019-02-24 14:28:11 -05:00
return { error: 'Email already registered' };
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
}
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
return { error: 'Database error' };
}
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function authUser(username: string, password: string) {
try {
const user = await db.one(
`SELECT
user_id,
(
pass = crypt($2, pass)
) AS auth_ok
FROM users
WHERE
username = $1
`, [
username,
password
]
);
Handle and show login/signup errors
2018-09-13 11:58:05 -04:00
if (user && user.auth_ok) {
Lint spacing
2019-02-24 14:28:11 -05:00
return { user_id: user.user_id }
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
} else {
Lint spacing
2019-02-24 14:28:11 -05:00
return { error: 'Username or password not recognised' }
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
} catch(err) {
Prevent logging passwords in failed login attempts
2019-09-10 10:38:01 -04:00
if (err instanceof errors.QueryResultError) {
console.error(`Authentication failed for user ${username}`);
return { error: 'Username or password not recognised' };
}
console.error('Error:', err);
return { error: 'Database error' };
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function getUserById(id: string) {
try {
return await db.one(
`SELECT
username, email, registered, api_key
FROM
users
WHERE
user_id = $1
`, [
id
]
);
} catch(error) {
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
console.error('Error:', error)
return undefined;
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Merge frontend/api into universal react app
2018-09-09 17:22:44 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function getUserByEmail(email: string) {
try {
return db.one(
`SELECT
user_id, username, email
FROM
users
WHERE
email = $1
`, [email]
);
} catch(error) {
Add backend services for password reset
2019-08-21 09:46:14 -04:00
console.error('Error:', error);
return undefined;
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Add backend services for password reset
2019-08-21 09:46:14 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function getNewUserAPIKey(id: string) {
try{
return db.one(
`UPDATE
users
SET
api_key = gen_random_uuid()
WHERE
user_id = $1
RETURNING
api_key
`, [
id
]
);
} catch(error) {
Allow requesting user API key
2018-10-20 07:20:10 -04:00
console.error('Error:', error)
Lint spacing
2019-02-24 14:28:11 -05:00
return { error: 'Failed to generate new API key.' };
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Allow requesting user API key
2018-10-20 07:20:10 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function authAPIUser(key: string) {
try {
return await db.one(
`SELECT
user_id
FROM
users
WHERE
api_key = $1
`, [
key
]
);
} catch(error) {
Allow POST to edit building with ?api_key=...
2018-10-20 07:59:17 -04:00
console.error('Error:', error)
return undefined;
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Allow POST to edit building with ?api_key=...
2018-10-20 07:59:17 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
async function deleteUser(id: string) {
try {
return await db.none(
`UPDATE users
SET
email = null,
pass = null,
api_key = null,
username = concat('deleted_', cast(user_id as char(13))),
is_deleted = true,
deleted_on = now() at time zone 'utc'
WHERE user_id = $1
`, [id]
);
} catch(error) {
Add user delete API endpoint The deleted user username will be changed to 'deleted_' plus the 13 initial characters of the standard format user_id. Email, hashed password and API key are all cleared for the user. The endpoint is currently only available through /api/users/me and only allows a logged-in user to delete their own account.
2019-08-15 11:12:01 -04:00
console.error('Error:', error);
return {error: 'Database error'};
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
}
Add user delete API endpoint The deleted user username will be changed to 'deleted_' plus the 13 initial characters of the standard format user_id. Email, hashed password and API key are all cleared for the user. The endpoint is currently only available through /api/users/me and only allows a logged-in user to delete their own account.
2019-08-15 11:12:01 -04:00
}
Refactor types and await for user/building backend (#476) * Refactor buildings API for async/await, types * Return building data after update * Refactor users API for await, TS types * Refactor building service to remove repetition As part of this refactor, these changes in functionality were made: - tx isolation lvl for save/like/unlike building is always serializable - both reverse and forward patch updated for like/unlike - comparing old and new data uses == instead of === (this is because the new data even for numbers comes in as string) - the checking of no data change in case of building unlike was fixed (didn't work because it re-used code for like which is different) * Improve param order, docs for updateBuildingData
2019-10-21 10:19:35 -04:00
function logout(session: Express.Session): Promise<void> {
session.user_id = undefined;
return promisify(session.destroy.bind(session))();
Split /users into routes/controller/service
2019-08-19 09:31:35 -04:00
}
export {
getUserById,
Add backend services for password reset
2019-08-21 09:46:14 -04:00
getUserByEmail,
Split /users into routes/controller/service
2019-08-19 09:31:35 -04:00
createUser,
authUser,
getNewUserAPIKey,
authAPIUser,
deleteUser,
logout
};
Reference in New Issue Copy Permalink