ecoconnect/server/routes/users.js

const express = require("express");
const yup = require("yup");
const { Op } = require("sequelize");
const { User } = require("../models");
const { validateToken } = require("../middlewares/auth");
const argon2 = require("argon2");
const router = express.Router();
const { v4: uuidV4 } = require("uuid");
const { sign } = require("jsonwebtoken");

require("dotenv").config();

let validationSchema = yup.object({
  firstName: yup.string().trim().min(1).max(100).required(),
  lastName: yup.string().trim().min(1).max(100).required(),
  email: yup.string().trim().email().max(69).required(),
  phoneNumber: yup
    .string()
    .trim()
    .matches(/^[0-9]{8}$/, "Must be exactly 8 digits")
    .required(),
  password: yup.string().trim().max(100).required(),
  profilePicture: yup.string().trim().max(255),
});

let optionalValidationSchema = yup.object({
  firstName: yup.string().trim().min(1).max(100),
  lastName: yup.string().trim().min(1).max(100),
  email: yup.string().trim().email().max(69),
  phoneNumber: yup
    .string()
    .trim()
    .matches(/^[0-9]{8}$/, "Must be exactly 8 digits"),
  password: yup.string().trim().max(100),
  profilePicture: yup.string().trim().max(255),
});

router.post("/register", async (req, res) => {
  let data = req.body;

  let userByEmail = await User.findOne({
    where: { email: data.email },
  });
  let userByNumber = await User.findOne({
    where: { phoneNumber: data.phoneNumber },
  });

  if (userByEmail || userByNumber) {
    res.status(400).json({ message: "Email or phone number already exists." });
    return;
  }
  try {
    data.password = await argon2.hash(data.password);

    console.log("Validating schema...");
    data = await validationSchema.validate(data, { abortEarly: false });

    console.log("Creating user...");
    let result = await User.create(data);
    res.json(result);
    console.log("Success!");
  } catch (err) {
    console.log("Error caught! Info: " + err);
    res.status(400).json({ errors: err.errors });
  }
});

router.get("/all", async (req, res) => {
  let condition = {};
  let search = req.query.search;
  if (search) {
    condition[Op.or] = [
      { title: { [Op.like]: `%${search}%` } },
      { description: { [Op.like]: `%${search}%` } },
    ];
  }

  let list = await User.findAll({
    where: condition,
    order: [["createdAt", "DESC"]],
  });
  res.json(list);
});

router.get("/individual/:id", validateToken, async (req, res) => {
  let id = req.params.id;
  let user = await User.findByPk(id);

  if (!user) {
    res.sendStatus(404);
    return;
  }

  if (user.isArchived) {
    res.status(400).json({
      message: `ERR_ACC_IS_ARCHIVED`,
    });
  } else {
    res.json(user);
  }
});

router.put("/individual/:id", validateToken, async (req, res) => {
  let id = req.params.id;
  let user = await User.findByPk(id);

  if (!user) {
    res.sendStatus(404);
    return;
  }

  let data = req.body;

  try {
    data = await optionalValidationSchema.validate(data, { abortEarly: false });

    let num = await User.update(data, {
      where: { id: id },
    });

    if (num == 1) {
      res.json({
        message: "User was updated successfully.",
      });
    } else {
      res.status(400).json({
        message: `Cannot update tutorial with id ${id}.`,
      });
    }
  } catch (err) {
    res.status(400).json({ errors: err.errors });
  }
});

router.delete("/individual/:id", validateToken, async (req, res) => {
  let id = req.params.id;
  let user = await User.findByPk(id);

  if (!user) {
    res.sendStatus(404);
    return;
  }

  let num = await User.destroy({
    where: { id: id },
  });
  if (num == 1) {
    res.json({
      message: "User was deleted successfully.",
    });
  } else {
    res.status(400).json({
      message: `Cannot delete user with id ${id}.`,
    });
  }
});

router.post("/login", async (req, res) => {
  let data = req.body;
  let errorMessage = "Email or password is not correct.";

  let user = await User.findOne({
    where: { email: data.email },
  });

  if (!user) {
    res.status(400).json({ message: errorMessage });
    return;
  }

  let match = await argon2.verify(user.password, data.password);
  if (!match) {
    res.status(400).json({ message: errorMessage });
    return;
  }

  let userInfo = {
    id: user.id,
    email: user.email,
    name: {
      firstName: user.firstName,
      lastName: user.lastName,
    },
  };

  let accessToken = sign(userInfo, process.env.APP_SECRET, {
    expiresIn: process.env.TOKEN_EXPIRES_IN,
  });

  res.json({
    accessToken: accessToken,
  });
});

router.get("/auth", validateToken, (req, res) => {
  res.json({
    id: req.user.id,
  });
});

router.put("/archive/:id", validateToken, async (req, res) => {
  let id = req.params.id;
  let user = await User.findByPk(id);

  if (!user) {
    res.sendStatus(404);
    return;
  }

  try {
    await User.update(
      { isArchived: true },
      {
        where: { id: id },
      }
    );
    res.json({
      message: "User archived successfully.",
    });
  } catch (err) {
    res.status(400).json({ errors: err.errors });
  }
});

module.exports = router;