API-11: User Data Endpoint #6

Merged
Paddy merged 1 commits from API-11 into master 2021-08-20 21:22:58 +00:00
4 changed files with 129 additions and 12 deletions

View File

@ -2,6 +2,8 @@
* Required External Modules and Interfaces
*/
import express, {Request, Response} from 'express';
import * as DataService from './data.service';
import * as UserService from '../userService/user.service';
import logger from '../../../middleware/logger';
/**
@ -9,18 +11,32 @@ import logger from '../../../middleware/logger';
*/
export const dataRouter = express.Router();
dataRouter.get('/', async (req: Request, res: Response) => {
dataRouter.get('/user/:isDevCall', async (req: Request, res: Response) => {
try {
res.status(200).send('GET data');
} catch (e) {
logger.error('Error handling a request: ' + e.message);
res.status(500).send({'message': 'Internal Server Error. Try again later.'});
}
});
let userId = (req.query.userId ?? '').toString();
let sessionId = (req.query.sessionId ?? '').toString();
let sessionKey = (req.query.sessionKey ?? '').toString();
let useDev: boolean = (req.params.isDevCall ?? '') === 'dev'; // TBD
dataRouter.post('/', async (req: Request, res: Response) => {
try {
res.status(200).send('POST data');
if (userId === '' || sessionId === '' || sessionKey === '') {
res.status(400).send({
'status': 'WRONG_PARAMS',
'message': 'Missing or wrong parameters'
});
return;
}
if (!await UserService.checkSession(useDev, userId, sessionId, sessionKey)) {
res.status(403).send({
'status': 'INVALID_SESSION',
'message': 'The user or session could not be found or the session is invalid'
});
return;
}
let data = await DataService.getUserData(useDev, userId);
res.status(200).send(data);
} catch (e) {
logger.error('Error handling a request: ' + e.message);
res.status(500).send({'message': 'Internal Server Error. Try again later.'});

View File

@ -0,0 +1,75 @@
import * as dotenv from 'dotenv';
dotenv.config();
const mariadb = require('mariadb');
const prod_pool = mariadb.createPool({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.PARTYPLANER_PROD_DATABASE,
connectionLimit: 5
});
const dev_pool = mariadb.createPool({
host: process.env.DB_HOST,
user: process.env.DB_USER,
password: process.env.DB_PASSWORD,
database: process.env.PARTYPLANER_DEV_DATABASE,
connectionLimit: 5
});
/**
* Used in the getUserData method as return value
*/
export interface UserData {
username: string;
email: string;
firstName: string;
lastName: string;
lastLogin: string;
emailIsVerified: string;
isPremiumUser: string;
}
/**
* Returns all data about the given user
* @param useDev If the dev or prod database should be used
* @param userId The userId of the user to return the data for
* @return UserData An object containing the user data
*/
export const getUserData = async (useDev: boolean, userId: string): Promise<UserData> => {
let conn;
try {
if (useDev) {
conn = await dev_pool.getConnection();
} else {
conn = await prod_pool.getConnection();
}
let rows = await conn.query('SELECT username, email, first_name, last_Name, last_login, email_is_verified, is_premium_user FROM users WHERE user_id = ?', userId);
let user: UserData = {} as UserData;
for (let row in rows) {
if (row !== 'meta') {
user = {
username: rows[row].username,
email: rows[row].email,
firstName: rows[row].first_name,
lastName: rows[row].last_name,
lastLogin: rows[row].last_login,
emailIsVerified: rows[row].email_is_verified,
isPremiumUser: rows[row].is_premium_user
};
}
}
return user;
} catch (err) {
throw err;
} finally {
if (conn) {
conn.end();
}
}
};

View File

@ -14,8 +14,6 @@ loginRouter.post('/:isDevCall', async (req: Request, res: Response) => {
try {
let username: string = '';
let email: string = '';
let firstName: string = '';
let lastName: string = '';
let password: string = '';
let useDev: boolean = (req.params.isDevCall ?? '') === 'dev'; // TBD

View File

@ -298,3 +298,31 @@ export const checkUsernameAndEmail = async (useDev: boolean, username: string, e
}
}
};
export const checkSession = async (useDev: boolean, userId: string, sessionId: string, sessionKey: string): Promise<boolean> => {
let conn;
try {
if (useDev) {
conn = await dev_pool.getConnection();
} else {
conn = await prod_pool.getConnection();
}
let rows = await conn.query('SELECT session_key_hash FROM sessions WHERE user_id = ? AND session_id = ?', [userId, sessionId]);
let savedHash = '';
for (let row in rows) {
if (row !== 'meta') {
savedHash = rows[row].session_key_hash;
}
}
return bcrypt.compareSync(sessionKey, savedHash);
} catch (err) {
throw err;
} finally {
if (conn) {
conn.end();
}
}
};