api/controllers/UserController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import bcrypt from "bcrypt";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { RequireAuth } from "../../decorators/RequireAuth";
import { Validate } from "../../decorators/Validate";
import Controller from "../Controller";
import Request from "../Request";
import Response from "../Response";

export default class UserController extends Controller {
    @Action("PATCH", "/users/:id")
    @RequireAuth()
    @Validate(
        z.object({
            name: z.string().optional().nullable(),
            username: z.string().optional(),
            password: z.string().optional()
        })
    )
    async update(request: Request) {
        if (Object.keys(request.parsedBody).length === 0) {
            return new Response({ status: 422, body: { error: "Nothing to update!" } });
        }

        const id = parseInt(request.params.id);

        if (!id || isNaN(id)) {
            return new Response({ status: 422, body: { error: "Invalid user ID." } });
        }

        // TODO: Allow system admins to edit other users as well
        if (id !== request.userId) {
            return new Response({ status: 403, body: { error: "Cannot modify this user." } });
        }

        const { username, password, name } = request.parsedBody ?? {};
        const { count } = await this.client.prisma.user.updateMany({
            where: {
                id
            },
            data: {
                name: name === null ? null : name && name.length > 0 ? name : undefined,
                username: username && username.length > 0 ? username : undefined,
                password: password && password.length > 0 ? bcrypt.hashSync(password, bcrypt.genSaltSync(10)) : undefined
            }
        });

        if (count === 0) {
            return new Response({ status: 404, body: { error: "No such user found." } });
        }

        return {
            success: true,
            message: "Successfully updated user information."
        };
    }
}
1	/**
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2023 OSN Developers.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import bcrypt from "bcrypt";
21	import { z } from "zod";
22	import { Action } from "../../decorators/Action";
23	import { RequireAuth } from "../../decorators/RequireAuth";
24	import { Validate } from "../../decorators/Validate";
25	import Controller from "../Controller";
26	import Request from "../Request";
27	import Response from "../Response";
28
29	export default class UserController extends Controller {
30	@Action("PATCH", "/users/:id")
31	@RequireAuth()
32	@Validate(
33	z.object({
34	name: z.string().optional().nullable(),
35	username: z.string().optional(),
36	password: z.string().optional()
37	})
38	)
39	async update(request: Request) {
40	if (Object.keys(request.parsedBody).length === 0) {
41	return new Response({ status: 422, body: { error: "Nothing to update!" } });
42	}
43
44	const id = parseInt(request.params.id);
45
46	if (!id \|\| isNaN(id)) {
47	return new Response({ status: 422, body: { error: "Invalid user ID." } });
48	}
49
50	// TODO: Allow system admins to edit other users as well
51	if (id !== request.userId) {
52	return new Response({ status: 403, body: { error: "Cannot modify this user." } });
53	}
54
55	const { username, password, name } = request.parsedBody ?? {};
56	const { count } = await this.client.prisma.user.updateMany({
57	where: {
58	id
59	},
60	data: {
61	name: name === null ? null : name && name.length > 0 ? name : undefined,
62	username: username && username.length > 0 ? username : undefined,
63	password: password && password.length > 0 ? bcrypt.hashSync(password, bcrypt.genSaltSync(10)) : undefined
64	}
65	});
66
67	if (count === 0) {
68	return new Response({ status: 404, body: { error: "No such user found." } });
69	}
70
71	return {
72	success: true,
73	message: "Successfully updated user information."
74	};
75	}
76	}