#89 reloading users from db
This commit is contained in:
Avris
parent
c41af07fee
commit
bee74735a2
|
|
@ -62,11 +62,9 @@ router.post('/profile/save/:locale', async (req, res) => {
|
|||
return res.status(401).json({error: 'Unauthorised'});
|
||||
}
|
||||
|
||||
const userId = (await req.db.get(SQL`SELECT id FROM users WHERE username = ${req.user.username}`)).id;
|
||||
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${userId} AND locale = ${req.params.locale}`);
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`);
|
||||
await req.db.get(SQL`INSERT INTO profiles (id, userId, locale, names, pronouns, description, birthday, links, flags, words, active)
|
||||
VALUES (${ulid()}, ${userId}, ${req.params.locale}, ${JSON.stringify(req.body.names)}, ${JSON.stringify(req.body.pronouns)},
|
||||
VALUES (${ulid()}, ${req.user.id}, ${req.params.locale}, ${JSON.stringify(req.body.names)}, ${JSON.stringify(req.body.pronouns)},
|
||||
${req.body.description}, ${req.body.birthday || null}, ${JSON.stringify(req.body.links.filter(x => !!x))}, ${JSON.stringify(req.body.flags)},
|
||||
${JSON.stringify(req.body.words)}, 1
|
||||
)`);
|
||||
|
|
@ -75,9 +73,7 @@ router.post('/profile/save/:locale', async (req, res) => {
|
|||
});
|
||||
|
||||
router.post('/profile/delete/:locale', async (req, res) => {
|
||||
const userId = (await req.db.get(SQL`SELECT id FROM users WHERE username = ${req.user.username}`)).id;
|
||||
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${userId} AND locale = ${req.params.locale}`);
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id} AND locale = ${req.params.locale}`);
|
||||
|
||||
return res.json(await fetchProfiles(req.db, req.user.username, true));
|
||||
});
|
||||
|
|
|
|||
|
|
@ -96,8 +96,41 @@ const validateEmail = (email) => {
|
|||
return re.test(String(email).toLowerCase());
|
||||
}
|
||||
|
||||
const reloadUser = async (req, res, next) => {
|
||||
if (!req.user) {
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
const dbUser = await req.db.get(SQL`SELECT * FROM users WHERE id = ${req.user.id}`);
|
||||
|
||||
if (!dbUser) {
|
||||
res.clearCookie('token');
|
||||
next();
|
||||
return;
|
||||
}
|
||||
|
||||
if (req.user.username !== dbUser.username
|
||||
|| req.user.email !== dbUser.email
|
||||
|| req.user.roles !== dbUser.roles
|
||||
|| req.user.avatarSource !== dbUser.avatarSource
|
||||
) {
|
||||
const newUser = {
|
||||
...dbUser,
|
||||
authenticated: true,
|
||||
avatar: await avatar(req.db, dbUser),
|
||||
};
|
||||
const token = jwt.sign(newUser);
|
||||
res.cookie('token', token);
|
||||
req.user = {...req.user, ...newUser};
|
||||
}
|
||||
next();
|
||||
}
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.use(reloadUser);
|
||||
|
||||
router.post('/user/init', async (req, res) => {
|
||||
let user = undefined;
|
||||
let usernameOrEmail = req.body.usernameOrEmail;
|
||||
|
|
@ -174,7 +207,7 @@ router.post('/user/change-username', async (req, res) => {
|
|||
return res.json({ error: 'user.account.changeUsername.taken' })
|
||||
}
|
||||
|
||||
await req.db.get(SQL`UPDATE users SET username = ${req.body.username} WHERE email = ${normalise(req.user.email)}`);
|
||||
await req.db.get(SQL`UPDATE users SET username = ${req.body.username} WHERE id = ${req.user.id}`);
|
||||
|
||||
return res.json({token: await issueAuthentication(req.db, req.user)});
|
||||
});
|
||||
|
|
@ -222,7 +255,7 @@ router.post('/user/change-email', async (req, res) => {
|
|||
|
||||
await invalidateAuthenticator(req.db, authenticator);
|
||||
|
||||
await req.db.get(SQL`UPDATE users SET email = ${authenticator.payload.to} WHERE email = ${normalise(req.user.email)}`);
|
||||
await req.db.get(SQL`UPDATE users SET email = ${authenticator.payload.to} WHERE id = ${req.user.id}`);
|
||||
req.user.email = authenticator.payload.to;
|
||||
|
||||
return res.json({token: await issueAuthentication(req.db, req.user)});
|
||||
|
|
@ -233,14 +266,9 @@ router.post('/user/delete', async (req, res) => {
|
|||
return res.status(401).json({error: 'Unauthorised'});
|
||||
}
|
||||
|
||||
const userId = (await req.db.get(SQL`SELECT id FROM users WHERE username = ${req.user.username}`)).id;
|
||||
if (!userId) {
|
||||
return res.json(false);
|
||||
}
|
||||
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${userId}`)
|
||||
await req.db.get(SQL`DELETE FROM authenticators WHERE userId = ${userId}`)
|
||||
await req.db.get(SQL`DELETE FROM users WHERE id = ${userId}`)
|
||||
await req.db.get(SQL`DELETE FROM profiles WHERE userId = ${req.user.id}`)
|
||||
await req.db.get(SQL`DELETE FROM authenticators WHERE userId = ${req.user.id}`)
|
||||
await req.db.get(SQL`DELETE FROM users WHERE id = ${req.user.id}`)
|
||||
|
||||
return res.json(true);
|
||||
});
|
||||
|
|
|
|||
Reference in New Issue