2022-09-23 23:10:13 +03:00
const { UserModel , BanModel } = require ( "../../../models" ) ;
2022-09-01 15:19:12 +03:00
const { Router } = require ( "express" ) ;
2022-09-09 16:29:36 +03:00
const multer = require ( "multer" ) ;
2023-05-09 13:28:45 +03:00
const { themes } = require ( "../../../lib" )
2022-04-03 22:03:47 +03:00
const app = Router ( ) ;
2022-08-31 14:44:28 +03:00
app . param ( "id" , async ( req , res , next , id ) => {
2022-09-23 23:10:13 +03:00
req . member = await UserModel . get ( id , req . user . admin ? "+lastSeen +ips" : "" ) ;
2022-04-03 22:03:47 +03:00
2022-08-31 14:44:28 +03:00
if ( ! req . member ) return res . error ( 404 , ` We don't have any user with id ${ id } . ` ) ;
2022-09-17 00:27:38 +03:00
2022-08-31 14:44:28 +03:00
if ( req . member . deleted && ! req . user ? . admin )
return res . error ( 404 , ` You do not have permissions to view this user with id ${ id } . ` ) ;
2022-04-03 22:03:47 +03:00
2022-08-31 14:44:28 +03:00
next ( ) ;
} ) ;
2022-09-01 14:02:47 +03:00
app . get ( "/:id" , async ( req , res ) => res . complate ( req . member ) ) ;
2022-04-03 22:03:47 +03:00
2022-09-23 23:10:13 +03:00
app . delete ( "/:id" , async ( req , res ) => {
2022-08-31 14:44:28 +03:00
const { user , member } = req ;
2022-08-11 03:03:26 +03:00
if ( ! user . admin )
return res . error ( 403 , "You have not got permission for this." ) ;
2022-09-23 23:10:13 +03:00
if ( member . deleted ) return res . error ( 404 , ` This user is with id ${ member . id } already deleted. ` ) ;
2022-08-11 03:03:26 +03:00
member . deleted = true ;
await member . save ( ) ;
res . complate ( member ) ;
} ) ;
2022-08-29 19:31:59 +03:00
2022-09-23 23:10:13 +03:00
app . patch ( "/:id" , async ( req , res ) => {
2022-08-31 14:44:28 +03:00
const { user , member } = req ;
2022-08-29 19:31:59 +03:00
2022-09-01 14:02:47 +03:00
if ( req . user . id !== member . id && ! user . admin ) return res . error ( 403 , "You have not got permission for this." ) ;
2022-09-27 21:34:13 +03:00
if ( ! Object . keys ( req . body ) . some ( Boolean ) ) return res . error ( 400 , "Missing member informations in request body." ) ;
2022-09-01 14:02:47 +03:00
2023-05-08 18:17:46 +03:00
const { name , about , admin , deleted , hideLastSeen , theme } = req . body ;
2022-09-01 14:02:47 +03:00
2022-09-09 15:10:44 +03:00
if ( ( admin ? . length || "deleted" in req . body ) && ! req . user . admin ) return res . error ( 403 , "You have not got permission for edit 'admin' and 'deleted' information, or bad request." ) ;
2022-09-17 16:27:01 +03:00
const { names , desp } = req . app . get ( "limits" ) ;
2022-09-17 00:27:38 +03:00
2022-08-31 14:44:28 +03:00
if ( name ) {
2022-09-21 23:54:48 +03:00
if ( name . length < 3 || names > 25 ) return res . error ( 400 , ` Username must be between 3 - ${ names } characters ` ) ;
2022-08-31 14:44:28 +03:00
member . name = name ;
}
2022-08-29 19:31:59 +03:00
2022-09-17 00:27:38 +03:00
if ( about ) {
2022-09-21 23:54:48 +03:00
if ( about . length > desp ) return res . error ( 400 , ` About must be under ${ desp } characters ` ) ;
2022-09-17 00:27:38 +03:00
member . about = about ;
}
2023-05-09 13:28:45 +03:00
if ( theme && themes . some ( t => t . codename === theme . codename ) )
2023-05-08 18:17:46 +03:00
member . theme = theme ;
2022-09-01 15:19:12 +03:00
if ( typeof admin === "boolean" || [ "false" , "true" ] . includes ( admin ) ) member . admin = admin ;
2022-09-09 15:10:44 +03:00
if ( deleted === false ) member . deleted = false ;
2022-10-09 22:25:03 +03:00
if ( typeof hideLastSeen === "boolean" ) member . hideLastSeen = hideLastSeen ;
2022-08-29 19:31:59 +03:00
member . edited = true ;
2022-09-09 17:13:37 +03:00
res . complate ( await member . save ( ) ) ;
2022-08-29 19:31:59 +03:00
} )
2022-09-23 23:10:13 +03:00
app . post ( "/:id/ban" , async ( req , res ) => {
if ( ! req . user . admin ) return res . error ( 403 , "You have not got permission for this." ) ;
const { member } = req ;
for ( const ip of member . ips )
try {
2022-10-09 22:25:03 +03:00
await BanModel . create ( { ip , reason : ` Ban for ${ member . name } ` , authorID : req . user . id } ) ;
req . app . ips . push ( ip ) ;
2022-09-23 23:10:13 +03:00
} catch {
continue ;
}
res . complate ( member ) ;
} ) ;
2022-09-09 16:29:36 +03:00
const storage = multer . diskStorage ( {
2023-05-24 15:40:09 +03:00
destination : './public/images/avatars' ,
2022-09-09 16:29:36 +03:00
filename : function ( req , _file , cb ) {
cb ( null , req . member . id + ".jpg" )
}
} )
const upload = multer ( { storage } )
2023-05-08 18:17:46 +03:00
app . post ( "/:id/avatar" , upload . single ( 'avatar' ) , async ( req , res ) => {
2023-05-23 19:53:56 +03:00
2022-09-09 16:29:36 +03:00
const { member } = req ;
if ( req . user . id !== member . id && ! req . user . admin ) return res . error ( 403 , "You have not got permission for this." ) ;
if ( ! req . file ) return res . error ( 400 , "Missing avatar in request body." ) ;
member . avatar = req . file . destination . slice ( "./public" . length ) + "/" + req . file . filename ;
res . complate ( await member . save ( ) ) ;
} ) ;
2022-08-29 19:31:59 +03:00
2022-04-03 22:03:47 +03:00
module . exports = app ;