backend revamp: users

src/api/index.ts

@@ -1,47 +1,13 @@
 import { Router } from 'express';
-import { createSessionFromCodeAndProvider } from './auth';
+import { createSessionFromCodeAndProvider } from '../auth';
-import {
+import { getGroupByID, getPoolByID, getPoolsWithUser } from '../data';
-	getGroupByID,
+import { GroupModel, PoolModel } from '../models';
-	getPoolByID,
+
-	getPoolsWithUser,
+import * as user from './user';
-	getUserByID,
-} from './data';
-import { GroupModel, PoolModel } from './models';
 
 export const router = Router();
 
-router.get('/user', async (req, res) => {
+router.use('/user', user.router);
-	if (typeof req.query.userID != 'string') {
-		return;
-	}
-
-	let userID = req.query.userID;
-	if (userID === '@me') {
-		userID = req.session.accountID;
-	}
-
-	let user = await getUserByID(userID);
-
-	if (user) {
-		res.json({ status: 'success', data: user });
-	} else {
-		res.json({ status: 'error', error: 'not_found' });
-	}
-});
-
-router.patch('/user', (req, res) => {
-	// if (!(req.body.userID in users)) {
-	// 	res.json({ status: 'error', error: 'user not found' });
-	// } else {
-	// 	let user = users[req.body.userID];
-	// 	user.username = req.body.username;
-	// 	user.first_name = req.body.first_name;
-	// 	user.last_name = req.body.last_name;
-	// 	res.json({ status: 'success' });
-	// }
-});
-
-router.delete('/user', (req, res) => {});
 
 router.get('/pool', async (req, res) => {
 	if (typeof req.query.poolID != 'string') {

src/api/user.ts

@@ -0,0 +1,43 @@
+import { Router } from 'express';
+import { GroupModel, PoolModel, UserModel } from '../models';
+import requireApiAuth from '../requireApiAuth';
+import { ObjectID } from 'mongodb';
+
+export const router = Router();
+
+router.use(requireApiAuth);
+
+router.get('/@me/groups', async (req, res) => {
+	let userID = req.session.accountID;
+	let groups = await GroupModel.find({
+		member_ids: { $all: [userID] },
+	});
+
+	res.json({ status: 'success', data: groups });
+});
+
+router.get('/@me/pools', async (req, res) => {
+	let userID = req.session.accountID;
+	let pools = await PoolModel.find({
+		participant_ids: { $all: [userID] },
+	}).exec();
+
+	res.json({ status: 'success', data: pools });
+});
+
+router.get('/@me', async (req, res) => {
+	let user = await UserModel.findById(
+		new ObjectID(req.session.accountID)
+	).exec();
+
+	res.json({ status: 'success', data: user });
+});
+
+router.get('/:userID', async (req, res) => {
+	let userID = req.params.userID;
+	let user = await UserModel.findById(new ObjectID(userID)).exec();
+	let data = user.toJSON();
+	delete data['email'];
+
+	res.json({ status: 'success', data });
+});

src/index.ts

@@ -16,7 +16,7 @@ else console.log('DB connected successfully');
 import bodyParser from 'body-parser';
 import cors from 'cors';
 import express from 'express';
-import * as api from './api';
+import * as api from './api/index';
 import { sessionMiddleware } from './sessionMiddleware';
 
 const app = express();

src/requireApiAuth.ts

@@ -0,0 +1,12 @@
+import { RequestHandler } from 'express';
+
+const requireApiAuth: RequestHandler = (req, res, next) => {
+	if (req.session?.accountID == null) {
+		res.status(401);
+		res.json({ error: 'unauthorized' });
+	} else {
+		next();
+	}
+};
+
+export default requireApiAuth;