planka/server/api/helpers/users/update-one.js

const path = require('path');
const bcrypt = require('bcrypt');
const rimraf = require('rimraf');
const { v4: uuid } = require('uuid');

module.exports = {
  inputs: {
    record: {
      type: 'ref',
      required: true,
    },
    values: {
      type: 'json',
      custom: (value) => {
        if (!_.isPlainObject(value)) {
          return false;
        }

        if (!_.isUndefined(value.email) && !_.isString(value.email)) {
          return false;
        }

        if (!_.isUndefined(value.password) && !_.isString(value.password)) {
          return false;
        }

        if (value.username && !_.isString(value.username)) {
          return false;
        }

        if (!_.isUndefined(value.avatarUrl) && !_.isNull(value.avatarUrl)) {
          return false;
        }

        return true;
      },
      required: true,
    },
    user: {
      type: 'ref',
      required: true,
    },
    request: {
      type: 'ref',
    },
  },

  exits: {
    emailAlreadyInUse: {},
    usernameAlreadyInUse: {},
  },

  async fn(inputs) {
    if (!_.isUndefined(inputs.values.email)) {
      // eslint-disable-next-line no-param-reassign
      inputs.values.email = inputs.values.email.toLowerCase();
    }

    let isOnlyPasswordChange = false;

    if (!_.isUndefined(inputs.values.password)) {
      Object.assign(inputs.values, {
        password: bcrypt.hashSync(inputs.values.password, 10),
        passwordChangedAt: new Date().toUTCString(),
      });

      if (Object.keys(inputs.values).length === 1) {
        isOnlyPasswordChange = true;
      }
    }

    if (inputs.values.username) {
      // eslint-disable-next-line no-param-reassign
      inputs.values.username = inputs.values.username.toLowerCase();
    }

    if (!_.isUndefined(inputs.values.avatarUrl)) {
      /* eslint-disable no-param-reassign */
      inputs.values.avatarDirname = null;
      delete inputs.values.avatarUrl;
      /* eslint-enable no-param-reassign */
    }

    const user = await User.updateOne({
      id: inputs.record.id,
      deletedAt: null,
    })
      .set(inputs.values)
      .intercept(
        {
          message:
            'Unexpected error from database adapter: conflicting key value violates exclusion constraint "user_email_unique"',
        },
        'emailAlreadyInUse',
      )
      .intercept(
        {
          message:
            'Unexpected error from database adapter: conflicting key value violates exclusion constraint "user_username_unique"',
        },
        'usernameAlreadyInUse',
      );

    if (user) {
      if (inputs.record.avatarDirname && user.avatarDirname !== inputs.record.avatarDirname) {
        try {
          rimraf.sync(path.join(sails.config.custom.userAvatarsPath, inputs.record.avatarDirname));
        } catch (error) {
          console.warn(error.stack); // eslint-disable-line no-console
        }
      }

      if (!_.isUndefined(inputs.values.password)) {
        sails.sockets.broadcast(
          `user:${user.id}`,
          'userDelete', // TODO: introduce separate event
          {
            item: user,
          },
          inputs.request,
        );

        if (user.id === inputs.user.id && inputs.request && inputs.request.isSocket) {
          const tempRoom = uuid();

          sails.sockets.addRoomMembersToRooms(`user:${user.id}`, tempRoom, () => {
            sails.sockets.leave(inputs.request, tempRoom, () => {
              sails.sockets.leaveAll(tempRoom);
            });
          });
        } else {
          sails.sockets.leaveAll(`user:${user.id}`);
        }
      }

      if (!isOnlyPasswordChange) {
        /* const projectIds = await sails.helpers.users.getManagerProjectIds(user.id);

        const userIds = _.union(
          [user.id],
          await sails.helpers.users.getAdminIds(),
          await sails.helpers.projects.getManagerAndBoardMemberUserIds(projectIds),
        ); */

        const users = await sails.helpers.users.getMany();
        const userIds = sails.helpers.utils.mapRecords(users);

        userIds.forEach((userId) => {
          sails.sockets.broadcast(
            `user:${userId}`,
            'userUpdate',
            {
              item: user,
            },
            inputs.request,
          );
        });
      }
    }

    return user;
  },
};
Initial commit 2019-08-31 04:07:25 +05:00			`const path = require('path');`
			`const bcrypt = require('bcrypt');`
Add file attachments 2020-04-21 05:04:34 +05:00			`const rimraf = require('rimraf');`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`const { v4: uuid } = require('uuid');`
Initial commit 2019-08-31 04:07:25 +05:00
			`module.exports = {`
			`inputs: {`
			`record: {`
			`type: 'ref',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
			`values: {`
			`type: 'json',`
Prepare for collection board type, refactoring, update dependencies 2020-08-04 01:32:46 +05:00			`custom: (value) => {`
			`if (!_.isPlainObject(value)) {`
			`return false;`
			`}`

			`if (!_.isUndefined(value.email) && !_.isString(value.email)) {`
			`return false;`
			`}`

			`if (!_.isUndefined(value.password) && !_.isString(value.password)) {`
			`return false;`
			`}`

			`if (value.username && !_.isString(value.username)) {`
			`return false;`
			`}`

			`if (!_.isUndefined(value.avatarUrl) && !_.isNull(value.avatarUrl)) {`
			`return false;`
			`}`

			`return true;`
			`},`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`required: true,`
Initial commit 2019-08-31 04:07:25 +05:00			`},`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`user: {`
			`type: 'ref',`
			`required: true,`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`request: {`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`type: 'ref',`
			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`},`

Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`exits: {`
Add username to user 2020-04-03 00:35:25 +05:00			`emailAlreadyInUse: {},`
			`usernameAlreadyInUse: {},`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`async fn(inputs) {`
Initial commit 2019-08-31 04:07:25 +05:00			`if (!_.isUndefined(inputs.values.email)) {`
Move from prettier-eslint to eslint-plugin-prettier, update dependencies 2020-02-03 18:42:31 +05:00			`// eslint-disable-next-line no-param-reassign`
Initial commit 2019-08-31 04:07:25 +05:00			`inputs.values.email = inputs.values.email.toLowerCase();`
			`}`

Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`let isOnlyPasswordChange = false;`

Initial commit 2019-08-31 04:07:25 +05:00			`if (!_.isUndefined(inputs.values.password)) {`
feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`Object.assign(inputs.values, {`
			`password: bcrypt.hashSync(inputs.values.password, 10),`
			`passwordChangedAt: new Date().toUTCString(),`
			`});`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00
			`if (Object.keys(inputs.values).length === 1) {`
			`isOnlyPasswordChange = true;`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

Add username to user 2020-04-03 00:35:25 +05:00			`if (inputs.values.username) {`
			`// eslint-disable-next-line no-param-reassign`
			`inputs.values.username = inputs.values.username.toLowerCase();`
			`}`

Add file attachments 2020-04-21 05:04:34 +05:00			`if (!_.isUndefined(inputs.values.avatarUrl)) {`
			`/* eslint-disable no-param-reassign */`
			`inputs.values.avatarDirname = null;`
			`delete inputs.values.avatarUrl;`
			`/* eslint-enable no-param-reassign */`
			`}`

Initial commit 2019-08-31 04:07:25 +05:00			`const user = await User.updateOne({`
			`id: inputs.record.id,`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`deletedAt: null,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`})`
			`.set(inputs.values)`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`.intercept(`
			`{`
			`message:`
			`'Unexpected error from database adapter: conflicting key value violates exclusion constraint "user_email_unique"',`
			`},`
Add username to user 2020-04-03 00:35:25 +05:00			`'emailAlreadyInUse',`
			`)`
			`.intercept(`
			`{`
			`message:`
			`'Unexpected error from database adapter: conflicting key value violates exclusion constraint "user_username_unique"',`
			`},`
			`'usernameAlreadyInUse',`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`);`
Initial commit 2019-08-31 04:07:25 +05:00
			`if (user) {`
Add file attachments 2020-04-21 05:04:34 +05:00			`if (inputs.record.avatarDirname && user.avatarDirname !== inputs.record.avatarDirname) {`
Initial commit 2019-08-31 04:07:25 +05:00			`try {`
Add file attachments 2020-04-21 05:04:34 +05:00			`rimraf.sync(path.join(sails.config.custom.userAvatarsPath, inputs.record.avatarDirname));`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`} catch (error) {`
			`console.warn(error.stack); // eslint-disable-line no-console`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

feat: Improve security of access tokens (#279) Closes #275 2022-08-09 18:03:21 +02:00			`if (!_.isUndefined(inputs.values.password)) {`
			`sails.sockets.broadcast(`
			`user:${user.id}`,
			`'userDelete', // TODO: introduce separate event`
			`{`
			`item: user,`
			`},`
			`inputs.request,`
			`);`

			`if (user.id === inputs.user.id && inputs.request && inputs.request.isSocket) {`
			`const tempRoom = uuid();`

			sails.sockets.addRoomMembersToRooms(`user:${user.id}`, tempRoom, () => {
			`sails.sockets.leave(inputs.request, tempRoom, () => {`
			`sails.sockets.leaveAll(tempRoom);`
			`});`
			`});`
			`} else {`
			sails.sockets.leaveAll(`user:${user.id}`);
			`}`
			`}`

Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`if (!isOnlyPasswordChange) {`
Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`/* const projectIds = await sails.helpers.users.getManagerProjectIds(user.id);`

			`const userIds = _.union(`
			`[user.id],`
			`await sails.helpers.users.getAdminIds(),`
			`await sails.helpers.projects.getManagerAndBoardMemberUserIds(projectIds),`
			`); */`

			`const users = await sails.helpers.users.getMany();`
			`const userIds = sails.helpers.utils.mapRecords(users);`
Initial commit 2019-08-31 04:07:25 +05:00
Add username to user 2020-04-03 00:35:25 +05:00			`userIds.forEach((userId) => {`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`sails.sockets.broadcast(`
			`user:${userId}`,
			`'userUpdate',`
			`{`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`item: user,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`},`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`inputs.request,`
Add email and password change functionality for a current user, remove deep compare hooks 2019-10-18 08:06:34 +05:00			`);`
			`});`
			`}`
Initial commit 2019-08-31 04:07:25 +05:00			`}`

Project managers, board members, auto-update after reconnection, refactoring 2021-06-24 01:05:22 +05:00			`return user;`
Code formatting with prettier, change eslint config for the server 2019-11-05 18:01:42 +05:00			`},`
Initial commit 2019-08-31 04:07:25 +05:00			`};`