alai-server/backend/controllers/user.go

186 lines
4.8 KiB
Go
Raw Normal View History

2022-06-29 21:26:05 -04:00
package controllers
import (
"encoding/json"
2023-02-09 01:07:31 -03:00
"errors"
2022-06-29 21:26:05 -04:00
"net/http"
"strconv"
2022-07-22 23:00:31 -04:00
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/database"
2023-02-09 01:07:31 -03:00
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/middlewares"
2022-07-22 23:00:31 -04:00
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/models"
"git.cromer.cl/Proyecto-Titulo/alai-server/backend/utils"
2022-06-29 21:26:05 -04:00
"github.com/julienschmidt/httprouter"
)
2023-02-01 14:38:42 -03:00
func ListUser(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
2022-06-29 21:26:05 -04:00
gdb := database.Connect()
defer database.Close(gdb)
var users []models.User
2023-02-01 16:20:29 -03:00
queryParams := request.URL.Query()
2023-02-01 21:55:47 -03:00
limit, offset, err := utils.GetLimitOffset(queryParams)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, err.Error())
return
2023-02-01 16:20:29 -03:00
}
2023-02-01 17:56:56 -03:00
filters := []string{
"name",
"username",
"email",
"password",
}
whereClause, err := utils.GenerateWhereFilter(filters, queryParams)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, err.Error())
return
}
result := gdb.Model(&models.User{}).Where(whereClause).Order("ID asc").Limit(limit).Offset(offset).Find(&users)
2022-06-29 21:26:05 -04:00
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else {
for i := range users {
users[i].Password = ""
}
writer.Header().Set("Content-Type", "application/json")
writer.WriteHeader(http.StatusOK)
json.NewEncoder(writer).Encode(users)
}
}
func GetUser(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
gdb := database.Connect()
defer database.Close(gdb)
var user models.User
result := gdb.Model(&models.User{}).Find(&user, params.ByName("id"))
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
2022-06-29 21:26:05 -04:00
return
} else {
user.Password = ""
writer.Header().Set("Content-Type", "application/json")
writer.WriteHeader(http.StatusOK)
json.NewEncoder(writer).Encode(user)
}
}
func CreateUser(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
2022-06-29 21:26:05 -04:00
gdb := database.Connect()
defer database.Close(gdb)
2023-01-30 09:33:59 -03:00
var user models.User
decoder := json.NewDecoder(request.Body)
err := decoder.Decode(&user)
2023-01-30 09:35:43 -03:00
if err != nil {
2023-01-30 09:33:59 -03:00
utils.JSONErrorOutput(writer, http.StatusBadRequest, err.Error())
return
}
2023-01-30 09:33:59 -03:00
user.HashPassword(user.Password)
2022-06-29 21:26:05 -04:00
result := gdb.Create(&user)
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
2022-06-29 21:26:05 -04:00
return
} else {
writer.WriteHeader(http.StatusNoContent)
2022-06-29 21:26:05 -04:00
}
}
2022-06-29 21:26:05 -04:00
func UpdateUser(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
gdb := database.Connect()
defer database.Close(gdb)
2023-02-09 01:07:31 -03:00
claims := request.Context().Value(middlewares.JWTContextKey).(*utils.JWTClaim)
username := claims.Username
var user models.User
2023-01-30 09:33:59 -03:00
decoder := json.NewDecoder(request.Body)
2023-01-30 09:33:59 -03:00
err := decoder.Decode(&user)
2023-01-30 09:35:43 -03:00
if err != nil {
2023-01-30 09:33:59 -03:00
utils.JSONErrorOutput(writer, http.StatusBadRequest, err.Error())
return
}
2023-01-30 09:33:59 -03:00
user.ID, err = strconv.ParseUint(params.ByName("id"), 10, 64)
2023-01-30 09:35:43 -03:00
if err != nil {
2023-01-30 09:33:59 -03:00
utils.JSONErrorOutput(writer, http.StatusBadRequest, err.Error())
return
2022-06-29 21:26:05 -04:00
}
2023-02-09 01:07:31 -03:00
if user.NewPassword != "" {
var tmpUser models.User
result := gdb.Find(&tmpUser).Where(&models.User{Username: username})
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
return
}
// If the logged in user and the modified user are no the same, password can't be changed
if tmpUser.ID != user.ID {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("only the same user may change password").Error())
return
}
err = tmpUser.CheckPassword(user.Password)
if err != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, errors.New("incorrect user or password").Error())
return
}
user.HashPassword(user.NewPassword)
} else {
user.Password = ""
2023-01-30 09:33:59 -03:00
}
result := gdb.Updates(&user)
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
2022-07-22 22:17:29 -04:00
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
return
} else {
writer.WriteHeader(http.StatusNoContent)
2022-07-22 22:17:29 -04:00
}
}
2022-06-29 21:26:05 -04:00
func DeleteUser(writer http.ResponseWriter, request *http.Request, params httprouter.Params) {
gdb := database.Connect()
defer database.Close(gdb)
2022-06-29 21:26:05 -04:00
var user models.User
user.ID, _ = strconv.ParseUint(params.ByName("id"), 10, 64)
2023-02-06 22:33:25 -03:00
result := gdb.Unscoped().Delete(&user)
if result.Error != nil {
utils.JSONErrorOutput(writer, http.StatusBadRequest, result.Error.Error())
return
} else if result.RowsAffected == 0 {
writer.WriteHeader(http.StatusNotFound)
return
} else {
writer.WriteHeader(http.StatusNoContent)
}
2022-06-29 21:26:05 -04:00
}