UNPKG

@hoodie/account-server/routes/account.js

Version:

6.47 kBJavaScriptView Raw

1module.exports = accountRoutes
2module.exports.attributes = {
name: 'account-routes-account'
4}
5
6var Boom = require('boom')
7
8var errors = require('./utils/errors')
9var joiFailAction = require('./utils/joi-fail-action')
10var serialiseAccount = require('./utils/serialise-account')
11var toSessionId = require('./utils/request-to-session-id')
12var validations = require('./utils/validations')
13
14function accountRoutes (server, options, next) {
var serialise = serialiseAccount.bind(null, {
  baseUrl: server.info.uri
})
var admins = options.admins
var sessions = server.plugins.account.api.sessions
var accounts = server.plugins.account.api.accounts
21
var signUpRoute = {
  method: 'PUT',
  path: '/session/account',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeaderForbidden,
      query: validations.accountQuery,
      payload: validations.accountPayload,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var username = request.payload.data.attributes.username
    var password = request.payload.data.attributes.password
    var createdAt = request.payload.data.attributes.createdAt
    var id = request.payload.data.id
    var query = request.query
40
    var currentTime = new Date().toISOString()
42
    accounts.add({
      username: username,
      password: password,
      createdAt: createdAt || currentTime,
      signedUpAt: currentTime,
      include: query.include,
      id: id
    })
51
    .then(serialise)
53
    .then(function (json) {
      reply(json).code(201)
    })
57
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status || 400, error.message))
    })
  }
}
64
var getAccountRoute = {
  method: 'GET',
  path: '/session/account',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeader,
      query: validations.accountQuery,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var sessionId = toSessionId(request)
78
    // check for admin. If not found, check for user
    admins.validateSession(sessionId)
81
    .then(
      // if admin
      function (doc) {
        throw errors.NO_ADMIN_ACCOUNT
      },
87
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.find(sessionId, {
            include: request.query.include === 'profile' ? 'account.profile' : undefined
          }).catch(function (error) {
            if (error.status === 404) {
              throw errors.INVALID_SESSION
            }
          })
        }
99
        throw error
      })
102
    .then(function (session) {
      return session.account
    })
106
    .then(serialise)
108
    .then(reply)
110
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status, error.message))
    })
  }
}
117
var patchAccountRoute = {
  method: 'PATCH',
  path: '/session/account',
  config: {
    auth: false,
    validate: {
      headers: validations.sessionIdHeader,
      payload: validations.accountPayload,
      query: validations.accountQuery,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var sessionId = toSessionId(request)
132
    var newUsername = request.payload.data.attributes.username
    var newPassword = request.payload.data.attributes.password
    var id = request.payload.data.id
136
    admins.validateSession(sessionId)
    .then(
      // if admin
      function (doc) {
        throw errors.FORBIDDEN_ADMIN_ACCOUNT
      },
143
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.find(sessionId)
            .catch(function (error) {
              if (error.status === 404) {
                throw errors.INVALID_SESSION
              }
            })
        }
        throw error
      })
156
    .then(function (session) {
      if (session.account.id !== id) {
        throw errors.accountIdConflict(session.account.id)
      }
      return accounts.update(session.account, {
        username: newUsername,
        password: newPassword
      }, {
        include: request.query.include
      })
    })
168
    .then(function (account) {
      // no auth param, act as 'admin' (we already validated the old session above)
      return sessions.add({
        account: {
          username: account.username
        }
      })
    })
177
    .then(function (session) {
      reply()
        .code(204)
        .header('x-set-session', session.id)
    })
183
    .catch(function (error) {
      error = errors.parse(error)
186
      reply(Boom.create(error.status, error.message))
    })
  }
}
191
var destroyAccountRoute = {
  method: 'DELETE',
  path: '/session/account',
  config: {
    auth: false,
    validate: {
      query: validations.accountQuery,
      failAction: joiFailAction
    }
  },
  handler: function (request, reply) {
    var sessionId = toSessionId(request)
204
    // check for admin. If not found, check for user
    admins.validateSession(sessionId)
207
    .then(
      // if admin
      function (doc) {
        throw errors.FORBIDDEN_ADMIN_ACCOUNT
      },
213
      // if not admin
      function (error) {
        if (error.status === 404) {
          return sessions.find(sessionId, {
            include: request.query.include === 'profile' ? 'account.profile' : undefined
          }).catch(function (error) {
            if (error.status === 404) {
              throw errors.INVALID_SESSION
            }
          })
        }
225
        throw error
      })
228
    .then(function (session) {
      return accounts.remove(session.account, {
        include: request.query.include
      })
    })
234
    .then(function (account) {
      if (request.query.include) {
        return reply(serialise(account)).code(200)
      }
239
      reply().code(204)
    })
242
    .catch(function (error) {
      error = errors.parse(error)
      reply(Boom.create(error.status, error.message))
    })
  }
}
249
server.route([
  getAccountRoute,
  patchAccountRoute,
  signUpRoute,
  destroyAccountRoute
])
256
next()
258}

1	`module.exports = accountRoutes`
2	`module.exports.attributes = {`
3	`name: 'account-routes-account'`
4	`}`
5
6	`var Boom = require('boom')`
7
8	`var errors = require('./utils/errors')`
9	`var joiFailAction = require('./utils/joi-fail-action')`
10	`var serialiseAccount = require('./utils/serialise-account')`
11	`var toSessionId = require('./utils/request-to-session-id')`
12	`var validations = require('./utils/validations')`
13
14	`function accountRoutes (server, options, next) {`
15	`var serialise = serialiseAccount.bind(null, {`
16	`baseUrl: server.info.uri`
17	`})`
18	`var admins = options.admins`
19	`var sessions = server.plugins.account.api.sessions`
20	`var accounts = server.plugins.account.api.accounts`
21
22	`var signUpRoute = {`
23	`method: 'PUT',`
24	`path: '/session/account',`
25	`config: {`
26	`auth: false,`
27	`validate: {`
28	`headers: validations.sessionIdHeaderForbidden,`
29	`query: validations.accountQuery,`
30	`payload: validations.accountPayload,`
31	`failAction: joiFailAction`
32	`}`
33	`},`
34	`handler: function (request, reply) {`
35	`var username = request.payload.data.attributes.username`
36	`var password = request.payload.data.attributes.password`
37	`var createdAt = request.payload.data.attributes.createdAt`
38	`var id = request.payload.data.id`
39	`var query = request.query`
40
41	`var currentTime = new Date().toISOString()`
42
43	`accounts.add({`
44	`username: username,`
45	`password: password,`
46	`createdAt: createdAt \|\| currentTime,`
47	`signedUpAt: currentTime,`
48	`include: query.include,`
49	`id: id`
50	`})`
51
52	`.then(serialise)`
53
54	`.then(function (json) {`
55	`reply(json).code(201)`
56	`})`
57
58	`.catch(function (error) {`
59	`error = errors.parse(error)`
60	`reply(Boom.create(error.status \|\| 400, error.message))`
61	`})`
62	`}`
63	`}`
64
65	`var getAccountRoute = {`
66	`method: 'GET',`
67	`path: '/session/account',`
68	`config: {`
69	`auth: false,`
70	`validate: {`
71	`headers: validations.sessionIdHeader,`
72	`query: validations.accountQuery,`
73	`failAction: joiFailAction`
74	`}`
75	`},`
76	`handler: function (request, reply) {`
77	`var sessionId = toSessionId(request)`
78
79	`// check for admin. If not found, check for user`
80	`admins.validateSession(sessionId)`
81
82	`.then(`
83	`// if admin`
84	`function (doc) {`
85	`throw errors.NO_ADMIN_ACCOUNT`
86	`},`
87
88	`// if not admin`
89	`function (error) {`
90	`if (error.status === 404) {`
91	`return sessions.find(sessionId, {`
92	`include: request.query.include === 'profile' ? 'account.profile' : undefined`
93	`}).catch(function (error) {`
94	`if (error.status === 404) {`
95	`throw errors.INVALID_SESSION`
96	`}`
97	`})`
98	`}`
99
100	`throw error`
101	`})`
102
103	`.then(function (session) {`
104	`return session.account`
105	`})`
106
107	`.then(serialise)`
108
109	`.then(reply)`
110
111	`.catch(function (error) {`
112	`error = errors.parse(error)`
113	`reply(Boom.create(error.status, error.message))`
114	`})`
115	`}`
116	`}`
117
118	`var patchAccountRoute = {`
119	`method: 'PATCH',`
120	`path: '/session/account',`
121	`config: {`
122	`auth: false,`
123	`validate: {`
124	`headers: validations.sessionIdHeader,`
125	`payload: validations.accountPayload,`
126	`query: validations.accountQuery,`
127	`failAction: joiFailAction`
128	`}`
129	`},`
130	`handler: function (request, reply) {`
131	`var sessionId = toSessionId(request)`
132
133	`var newUsername = request.payload.data.attributes.username`
134	`var newPassword = request.payload.data.attributes.password`
135	`var id = request.payload.data.id`
136
137	`admins.validateSession(sessionId)`
138	`.then(`
139	`// if admin`
140	`function (doc) {`
141	`throw errors.FORBIDDEN_ADMIN_ACCOUNT`
142	`},`
143
144	`// if not admin`
145	`function (error) {`
146	`if (error.status === 404) {`
147	`return sessions.find(sessionId)`
148	`.catch(function (error) {`
149	`if (error.status === 404) {`
150	`throw errors.INVALID_SESSION`
151	`}`
152	`})`
153	`}`
154	`throw error`
155	`})`
156
157	`.then(function (session) {`
158	`if (session.account.id !== id) {`
159	`throw errors.accountIdConflict(session.account.id)`
160	`}`
161	`return accounts.update(session.account, {`
162	`username: newUsername,`
163	`password: newPassword`
164	`}, {`
165	`include: request.query.include`
166	`})`
167	`})`
168
169	`.then(function (account) {`
170	`// no auth param, act as 'admin' (we already validated the old session above)`
171	`return sessions.add({`
172	`account: {`
173	`username: account.username`
174	`}`
175	`})`
176	`})`
177
178	`.then(function (session) {`
179	`reply()`
180	`.code(204)`
181	`.header('x-set-session', session.id)`
182	`})`
183
184	`.catch(function (error) {`
185	`error = errors.parse(error)`
186
187	`reply(Boom.create(error.status, error.message))`
188	`})`
189	`}`
190	`}`
191
192	`var destroyAccountRoute = {`
193	`method: 'DELETE',`
194	`path: '/session/account',`
195	`config: {`
196	`auth: false,`
197	`validate: {`
198	`query: validations.accountQuery,`
199	`failAction: joiFailAction`
200	`}`
201	`},`
202	`handler: function (request, reply) {`
203	`var sessionId = toSessionId(request)`
204
205	`// check for admin. If not found, check for user`
206	`admins.validateSession(sessionId)`
207
208	`.then(`
209	`// if admin`
210	`function (doc) {`
211	`throw errors.FORBIDDEN_ADMIN_ACCOUNT`
212	`},`
213
214	`// if not admin`
215	`function (error) {`
216	`if (error.status === 404) {`
217	`return sessions.find(sessionId, {`
218	`include: request.query.include === 'profile' ? 'account.profile' : undefined`
219	`}).catch(function (error) {`
220	`if (error.status === 404) {`
221	`throw errors.INVALID_SESSION`
222	`}`
223	`})`
224	`}`
225
226	`throw error`
227	`})`
228
229	`.then(function (session) {`
230	`return accounts.remove(session.account, {`
231	`include: request.query.include`
232	`})`
233	`})`
234
235	`.then(function (account) {`
236	`if (request.query.include) {`
237	`return reply(serialise(account)).code(200)`
238	`}`
239
240	`reply().code(204)`
241	`})`
242
243	`.catch(function (error) {`
244	`error = errors.parse(error)`
245	`reply(Boom.create(error.status, error.message))`
246	`})`
247	`}`
248	`}`
249
250	`server.route([`
251	`getAccountRoute,`
252	`patchAccountRoute,`
253	`signUpRoute,`
254	`destroyAccountRoute`
255	`])`
256
257	`next()`
258	`}`