api/controllers/UserController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import bcrypt from "bcrypt";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { RequireAuth } from "../../decorators/RequireAuth";
import { Validate } from "../../decorators/Validate";
import Controller from "../Controller";
import Request from "../Request";
import Response from "../Response";

export default class UserController extends Controller {
    @Action("PATCH", "/users/:id")
    @RequireAuth()
    @Validate(
        z.object({
            name: z.string().optional().nullable(),
            username: z.string().optional(),
            password: z.string().optional()
        })
    )
    async update(request: Request) {
        if (Object.keys(request.parsedBody!).length === 0) {
            return new Response({ status: 422, body: { error: "Nothing to update!" } });
        }

        const id = parseInt(request.params.id);

        if (!id || isNaN(id)) {
            return new Response({ status: 422, body: { error: "Invalid user ID." } });
        }

        // TODO: Allow system admins to edit other users as well
        if (id !== request.userId) {
            return new Response({ status: 403, body: { error: "Cannot modify this user." } });
        }

        const { username, password, name } = request.parsedBody ?? {};
        const { count } = await this.client.prisma.user.updateMany({
            where: {
                id
            },
            data: {
                name: name === null ? null : name && name.length > 0 ? name : undefined,
                username: username && username.length > 0 ? username : undefined,
                password: password && password.length > 0 ? bcrypt.hashSync(password, bcrypt.genSaltSync(10)) : undefined
            }
        });

        if (count === 0) {
            return new Response({ status: 404, body: { error: "No such user found." } });
        }

        return {
            success: true,
            message: "Successfully updated user information."
        };
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import bcrypt from "bcrypt";
21			import { z } from "zod";
22			import { Action } from "../../decorators/Action";
23			import { RequireAuth } from "../../decorators/RequireAuth";
24			import { Validate } from "../../decorators/Validate";
25			import Controller from "../Controller";
26			import Request from "../Request";
27			import Response from "../Response";
28
29			export default class UserController extends Controller {
30			@Action("PATCH", "/users/:id")
31			@RequireAuth()
32			@Validate(
33			z.object({
34			name: z.string().optional().nullable(),
35			username: z.string().optional(),
36			password: z.string().optional()
37			})
38			)
39			async update(request: Request) {
40			if (Object.keys(request.parsedBody!).length === 0) {
41			return new Response({ status: 422, body: { error: "Nothing to update!" } });
42			}
43
44			const id = parseInt(request.params.id);
45
46			if (!id \|\| isNaN(id)) {
47			return new Response({ status: 422, body: { error: "Invalid user ID." } });
48			}
49
50			// TODO: Allow system admins to edit other users as well
51			if (id !== request.userId) {
52			return new Response({ status: 403, body: { error: "Cannot modify this user." } });
53			}
54
55			const { username, password, name } = request.parsedBody ?? {};
56			const { count } = await this.client.prisma.user.updateMany({
57			where: {
58			id
59			},
60			data: {
61			name: name === null ? null : name && name.length > 0 ? name : undefined,
62			username: username && username.length > 0 ? username : undefined,
63			password: password && password.length > 0 ? bcrypt.hashSync(password, bcrypt.genSaltSync(10)) : undefined
64			}
65			});
66
67			if (count === 0) {
68			return new Response({ status: 404, body: { error: "No such user found." } });
69			}
70
71			return {
72			success: true,
73			message: "Successfully updated user information."
74			};
75			}
76			}