1 | module.exports = accountRoutes
|
2 | module.exports.attributes = {
|
3 | name: 'account-routes-account'
|
4 | }
|
5 |
|
6 | var Boom = require('boom')
|
7 |
|
8 | var errors = require('./utils/errors')
|
9 | var joiFailAction = require('./utils/joi-fail-action')
|
10 | var serialiseAccount = require('./utils/serialise-account')
|
11 | var toSessionId = require('./utils/request-to-session-id')
|
12 | var validations = require('./utils/validations')
|
13 |
|
14 | function accountRoutes (server, options, next) {
|
15 | var serialise = serialiseAccount.bind(null, {
|
16 | baseUrl: server.info.uri
|
17 | })
|
18 | var admins = options.admins
|
19 | var sessions = server.plugins.account.api.sessions
|
20 | var accounts = server.plugins.account.api.accounts
|
21 |
|
22 | var signUpRoute = {
|
23 | method: 'PUT',
|
24 | path: '/session/account',
|
25 | config: {
|
26 | auth: false,
|
27 | validate: {
|
28 | headers: validations.sessionIdHeaderForbidden,
|
29 | query: validations.accountQuery,
|
30 | payload: validations.accountPayload,
|
31 | failAction: joiFailAction
|
32 | }
|
33 | },
|
34 | handler: function (request, reply) {
|
35 | var username = request.payload.data.attributes.username
|
36 | var password = request.payload.data.attributes.password
|
37 | var createdAt = request.payload.data.attributes.createdAt
|
38 | var id = request.payload.data.id
|
39 | var query = request.query
|
40 |
|
41 | var currentTime = new Date().toISOString()
|
42 |
|
43 | accounts.add({
|
44 | username: username,
|
45 | password: password,
|
46 | createdAt: createdAt || currentTime,
|
47 | signedUpAt: currentTime,
|
48 | include: query.include,
|
49 | id: id
|
50 | })
|
51 |
|
52 | .then(serialise)
|
53 |
|
54 | .then(function (json) {
|
55 | reply(json).code(201)
|
56 | })
|
57 |
|
58 | .catch(function (error) {
|
59 | error = errors.parse(error)
|
60 | reply(Boom.create(error.status || 400, error.message))
|
61 | })
|
62 | }
|
63 | }
|
64 |
|
65 | var getAccountRoute = {
|
66 | method: 'GET',
|
67 | path: '/session/account',
|
68 | config: {
|
69 | auth: false,
|
70 | validate: {
|
71 | headers: validations.sessionIdHeader,
|
72 | query: validations.accountQuery,
|
73 | failAction: joiFailAction
|
74 | }
|
75 | },
|
76 | handler: function (request, reply) {
|
77 | var sessionId = toSessionId(request)
|
78 |
|
79 |
|
80 | admins.validateSession(sessionId)
|
81 |
|
82 | .then(
|
83 |
|
84 | function (doc) {
|
85 | throw errors.NO_ADMIN_ACCOUNT
|
86 | },
|
87 |
|
88 |
|
89 | function (error) {
|
90 | if (error.status === 404) {
|
91 | return sessions.find(sessionId, {
|
92 | include: request.query.include === 'profile' ? 'account.profile' : undefined
|
93 | }).catch(function (error) {
|
94 | if (error.status === 404) {
|
95 | throw errors.INVALID_SESSION
|
96 | }
|
97 | })
|
98 | }
|
99 |
|
100 | throw error
|
101 | })
|
102 |
|
103 | .then(function (session) {
|
104 | return session.account
|
105 | })
|
106 |
|
107 | .then(serialise)
|
108 |
|
109 | .then(reply)
|
110 |
|
111 | .catch(function (error) {
|
112 | error = errors.parse(error)
|
113 | reply(Boom.create(error.status, error.message))
|
114 | })
|
115 | }
|
116 | }
|
117 |
|
118 | var patchAccountRoute = {
|
119 | method: 'PATCH',
|
120 | path: '/session/account',
|
121 | config: {
|
122 | auth: false,
|
123 | validate: {
|
124 | headers: validations.sessionIdHeader,
|
125 | payload: validations.accountPayload,
|
126 | query: validations.accountQuery,
|
127 | failAction: joiFailAction
|
128 | }
|
129 | },
|
130 | handler: function (request, reply) {
|
131 | var sessionId = toSessionId(request)
|
132 |
|
133 | var newUsername = request.payload.data.attributes.username
|
134 | var newPassword = request.payload.data.attributes.password
|
135 | var id = request.payload.data.id
|
136 |
|
137 | admins.validateSession(sessionId)
|
138 | .then(
|
139 |
|
140 | function (doc) {
|
141 | throw errors.FORBIDDEN_ADMIN_ACCOUNT
|
142 | },
|
143 |
|
144 |
|
145 | function (error) {
|
146 | if (error.status === 404) {
|
147 | return sessions.find(sessionId)
|
148 | .catch(function (error) {
|
149 | if (error.status === 404) {
|
150 | throw errors.INVALID_SESSION
|
151 | }
|
152 | })
|
153 | }
|
154 | throw error
|
155 | })
|
156 |
|
157 | .then(function (session) {
|
158 | if (session.account.id !== id) {
|
159 | throw errors.accountIdConflict(session.account.id)
|
160 | }
|
161 | return accounts.update(session.account, {
|
162 | username: newUsername,
|
163 | password: newPassword
|
164 | }, {
|
165 | include: request.query.include
|
166 | })
|
167 | })
|
168 |
|
169 | .then(function (account) {
|
170 |
|
171 | return sessions.add({
|
172 | account: {
|
173 | username: account.username
|
174 | }
|
175 | })
|
176 | })
|
177 |
|
178 | .then(function (session) {
|
179 | reply()
|
180 | .code(204)
|
181 | .header('x-set-session', session.id)
|
182 | })
|
183 |
|
184 | .catch(function (error) {
|
185 | error = errors.parse(error)
|
186 |
|
187 | reply(Boom.create(error.status, error.message))
|
188 | })
|
189 | }
|
190 | }
|
191 |
|
192 | var destroyAccountRoute = {
|
193 | method: 'DELETE',
|
194 | path: '/session/account',
|
195 | config: {
|
196 | auth: false,
|
197 | validate: {
|
198 | query: validations.accountQuery,
|
199 | failAction: joiFailAction
|
200 | }
|
201 | },
|
202 | handler: function (request, reply) {
|
203 | var sessionId = toSessionId(request)
|
204 |
|
205 |
|
206 | admins.validateSession(sessionId)
|
207 |
|
208 | .then(
|
209 |
|
210 | function (doc) {
|
211 | throw errors.FORBIDDEN_ADMIN_ACCOUNT
|
212 | },
|
213 |
|
214 |
|
215 | function (error) {
|
216 | if (error.status === 404) {
|
217 | return sessions.find(sessionId, {
|
218 | include: request.query.include === 'profile' ? 'account.profile' : undefined
|
219 | }).catch(function (error) {
|
220 | if (error.status === 404) {
|
221 | throw errors.INVALID_SESSION
|
222 | }
|
223 | })
|
224 | }
|
225 |
|
226 | throw error
|
227 | })
|
228 |
|
229 | .then(function (session) {
|
230 | return accounts.remove(session.account, {
|
231 | include: request.query.include
|
232 | })
|
233 | })
|
234 |
|
235 | .then(function (account) {
|
236 | if (request.query.include) {
|
237 | return reply(serialise(account)).code(200)
|
238 | }
|
239 |
|
240 | reply().code(204)
|
241 | })
|
242 |
|
243 | .catch(function (error) {
|
244 | error = errors.parse(error)
|
245 | reply(Boom.create(error.status, error.message))
|
246 | })
|
247 | }
|
248 | }
|
249 |
|
250 | server.route([
|
251 | getAccountRoute,
|
252 | patchAccountRoute,
|
253 | signUpRoute,
|
254 | destroyAccountRoute
|
255 | ])
|
256 |
|
257 | next()
|
258 | }
|