UNPKG

6.22 kBJavaScriptView Raw
1module.exports = accountRoutes
2module.exports.attributes = {
3 name: 'account-routes-accounts'
4}
5
6var Boom = require('boom')
7
8var errors = require('./utils/errors')
9var joiFailAction = require('./utils/joi-fail-action')
10var serialise = require('./utils/serialise-account')
11var toSessionId = require('./utils/request-to-session-id')
12var validations = require('./utils/validations')
13
14function accountRoutes (server, options, next) {
15 var accounts = server.plugins.account.api.accounts
16 var admins = options.admins
17
18 var postAccountsRoute = {
19 method: 'POST',
20 path: '/accounts',
21 config: {
22 auth: false,
23 validate: {
24 headers: validations.sessionIdHeader,
25 query: validations.accountQuery,
26 payload: validations.accountPayload,
27 failAction: joiFailAction
28 }
29 },
30 handler: function (request, reply) {
31 var username = request.payload.data.attributes.username
32 var password = request.payload.data.attributes.password
33 var query = request.query
34
35 var sessionId = toSessionId(request)
36
37 // check for admin. If not found, check for user
38 admins.validateSession(sessionId)
39
40 .then(function (doc) {
41 return accounts.add({
42 username: username,
43 password: password,
44 include: query.include
45 })
46 })
47
48 .then(function (account) {
49 return serialise({
50 baseUrl: server.info.uri,
51 include: request.query.include
52 }, account)
53 })
54
55 .then(function (json) {
56 reply(json).code(201)
57 })
58
59 .catch(function (error) {
60 if (error.status === 401) {
61 error.message = 'Session invalid'
62 }
63 if (error.message === 'missing') {
64 error = errors.INVALID_SESSION
65 }
66 error = errors.parse(error)
67
68 reply(Boom.wrap(error, error.status, error.message))
69 })
70 }
71 }
72
73 var getAccountsRoute = {
74 method: 'GET',
75 path: '/accounts',
76 config: {
77 auth: false,
78 validate: {
79 headers: validations.sessionIdHeader,
80 query: validations.accountQuery,
81 failAction: joiFailAction
82 }
83 },
84 handler: function (request, reply) {
85 var sessionId = toSessionId(request)
86
87 admins.validateSession(sessionId)
88
89 .catch(function (error) {
90 // pouchdb-admins throws MISSING_DOC with status 404 if the admin doc is not found
91 if (error.status === 404) {
92 throw errors.INVALID_SESSION
93 }
94
95 throw error
96 })
97
98 .then(function () {
99 return accounts.findAll({
100 db: options.db,
101 sessionId: sessionId,
102 include: request.query.include
103 })
104 })
105
106 .then(function (accounts) {
107 return serialise({
108 baseUrl: server.info.uri,
109 include: request.query.include
110 }, accounts)
111 })
112
113 .then(reply)
114
115 .catch(function (error) {
116 error = errors.parse(error)
117 reply(Boom.create(error.status, error.message))
118 })
119 }
120 }
121
122 var getAccountRoute = {
123 method: 'GET',
124 path: '/accounts/{id}',
125 config: {
126 auth: false,
127 validate: {
128 headers: validations.sessionIdHeader,
129 failAction: joiFailAction
130 }
131 },
132 handler: function (request, reply) {
133 var sessionId = toSessionId(request)
134
135 admins.validateSession(sessionId)
136
137 .catch(function (error) {
138 // pouchdb-admins throws MISSING_DOC with status 404 if the admin doc is not found
139 if (error.status === 404) {
140 throw errors.INVALID_SESSION
141 }
142
143 throw error
144 })
145
146 .then(function () {
147 return accounts.find(request.params.id, {
148 sessionId: sessionId,
149 include: request.query.include
150 })
151 })
152
153 .then(function (account) {
154 return serialise({
155 baseUrl: server.info.uri,
156 include: request.query.include,
157 admin: true
158 }, account)
159 })
160
161 .then(reply)
162
163 .catch(function (error) {
164 reply(Boom.wrap(error, error.status))
165 })
166 }
167 }
168
169 var patchAccountRoute = {
170 method: 'PATCH',
171 path: '/accounts/{id}',
172 config: {
173 auth: false,
174 validate: {
175 headers: validations.sessionIdHeader,
176 query: validations.accountQuery,
177 payload: validations.accountPayload,
178 failAction: joiFailAction
179 }
180 },
181 handler: function (request, reply) {
182 var sessionId = toSessionId(request)
183 var username = request.payload.data.attributes.username
184 var password = request.payload.data.attributes.password
185 var profile = request.payload.data.attributes.profile
186
187 return accounts.update(request.params.id, {
188 username: username,
189 password: password,
190 profile: profile
191 }, {
192 sessionId: sessionId,
193 include: request.query.include
194 })
195
196 .then(function (account) {
197 return serialise({
198 baseUrl: server.info.uri,
199 include: request.query.include,
200 admin: true
201 }, account)
202 },
203 function (error) {
204 if (error.status === 404) {
205 throw errors.ACCOUNT_ID_NOT_FOUND
206 }
207
208 throw error
209 })
210
211 .then(function (json) {
212 reply(json).code(201)
213 })
214
215 .catch(function (error) {
216 error = errors.parse(error)
217 reply(Boom.create(error.status, error.message))
218 })
219 }
220 }
221
222 var deleteAccountRoute = {
223 method: 'DELETE',
224 path: '/accounts/{id}',
225 config: {
226 auth: false,
227 validate: {
228 headers: validations.sessionIdHeader,
229 failAction: joiFailAction
230 }
231 },
232 handler: function (request, reply) {
233 var sessionId = toSessionId(request)
234
235 return accounts.remove(request.params.id, {
236 sessionId: sessionId
237 })
238
239 .then(function (/* json */) {
240 reply().code(204)
241 })
242
243 .catch(function (error) {
244 error = errors.parse(error)
245 reply(Boom.create(error.status, error.message))
246 })
247 }
248 }
249
250 server.route([
251 postAccountsRoute,
252 getAccountsRoute,
253 getAccountRoute,
254 patchAccountRoute,
255 deleteAccountRoute
256 ])
257
258 next()
259}