feat(members): fetching the current member

AEGEE · Feb 1, 2020 · 6fac8bc · 6fac8bc
1 parent 435ba56
commit 6fac8bc
Show file tree

Hide file tree

Showing 5 changed files with 85 additions and 2 deletions.
diff --git a/lib/helpers.js b/lib/helpers.js
@@ -35,8 +35,27 @@ function filterFields(body, fieldsToFilter) {
     return unflattenObject(flatten);
 }
 
+// Figure out if the value is a number or a string containing only numbers
+function isNumber (value) {
+    /* istanbul ignore if */
+    if (typeof value === 'number') {
+        return true;
+    }
+
+    /* istanbul ignore else */
+    if (typeof value === 'string') {
+        const valueAsNumber = +value; // converts to number if it's all numbers or to NaN otherwise
+        return !Number.isNaN(valueAsNumber);
+    }
+
+    // Is not covered, probably will be in the future.
+    /* istanbul ignore next */
+    return false;
+};
+
 module.exports = {
     filterFields,
     flattenObject,
-    unflattenObject
+    unflattenObject,
+    isNumber
 };
diff --git a/lib/morgan.js b/lib/morgan.js
@@ -11,7 +11,7 @@ module.exports = morgan((tokens, req, res) => {
         tokens.status(req, res),
         tokens.res(req, res, 'content-length'), '-',
         tokens['response-time'](req, res), 'ms,',
-        req.user ? ('user ' + req.user.user.name + ' with id ' + req.user.id) : 'unauthorized'
+        req.user ? ('user ' + req.user.username + ' with id ' + req.user.id) : 'unauthorized'
     ].join(' ');
 
     if (['PUT', 'POST'].includes(tokens.method(req, res))) {

diff --git a/lib/server.js b/lib/server.js
@@ -15,8 +15,10 @@ const middlewares = require('../middlewares/generic');
 const campaigns = require('../middlewares/campaigns');
 const register = require('../middlewares/register');
 const login = require('../middlewares/login');
+const members = require('../middlewares/members');
 
 const GeneralRouter = router({ mergeParams: true });
+const MemberRouter = router({ mergeParams: true });
 
 const server = express();
 server.use(bodyParser.json());
@@ -32,12 +34,24 @@ process.on('unhandledRejection', (err) => {
     }
 });
 
+// Endpoints not requiring authorization.
 GeneralRouter.get('/healthcheck', middlewares.healthcheck);
 GeneralRouter.post('/campaigns/:campaign_id', campaigns.registerUser);
 GeneralRouter.post('/confirm-email', register.confirmEmail);
 GeneralRouter.post('/login', login.login);
 
+// Endpoints allowing unauthorized and authorized access.
+GeneralRouter.use(middlewares.maybeAuthorize);
 
+// Endpoints not allowing unauthorized access.
+GeneralRouter.use(middlewares.ensureAuthorized);
+GeneralRouter.get('/my_permissions', middlewares.getMyGlobalPermissions);
+
+// Everything related to a specific (maybe logged in) user. Auth only.
+MemberRouter.use(middlewares.maybeAuthorize, middlewares.ensureAuthorized, middlewares.fetchUser);
+MemberRouter.get('/', members.getUser);
+
+server.use('/members/:user_id', MemberRouter);
 server.use('/', GeneralRouter);
 
 server.use(middlewares.notFound);

diff --git a/middlewares/generic.js b/middlewares/generic.js
@@ -2,6 +2,7 @@ const moment = require('moment');
 
 const errors = require('../lib/errors');
 const logger = require('../lib/logger');
+const helpers = require('../lib/helpers');
 const { User, AccessToken } = require('../models');
 
 const packageInfo = require('../package');
@@ -44,6 +45,40 @@ exports.ensureAuthorized = async (req, res, next) => {
     return next();
 };
 
+exports.getMyGlobalPermissions = async (req, res) => {
+    // TODO: return real permissions.
+    return res.json({
+        success: true,
+        data: []
+    });
+};
+
+exports.fetchUser = async (req, res, next) => {
+    if (req.params.user_id === 'me') {
+        req.currentUser = req.user;
+        return next();
+    }
+
+    // searching the user by url
+    let where = { url: req.params.user_id };
+
+    // searching the user by id if it's numeric
+    if (helpers.isNumber(req.params.user_id)) {
+        where = { id: Number (req.params.user_id) };
+    }
+
+    const user = await User.findOne({ where });
+    if (!user) {
+        return errors.makeNotFoundError(req, 'User is not found.');
+    }
+
+    req.currentUser = user;
+
+    // TODO: fetch permissions
+
+    return next();
+};
+
 /* istanbul ignore next */
 exports.healthcheck = (req, res) => {
     return res.json({

diff --git a/middlewares/members.js b/middlewares/members.js
@@ -0,0 +1,15 @@
+const { User } = require('../models');
+const { Sequelize } = require('../lib/sequelize');
+const errors = require('../lib/errors');
+
+module.exports.listAllUsers = async (req, res) => {
+
+};
+
+module.exports.getUser = async (req, res) => {
+    // TODO: check permissions
+    return res.json({
+        success: true,
+        data: req.user
+    });
+};