const { Controller } = require('libflitter') const Validator = require('email-validator') class ProfileController extends Controller { static get services() { return [...super.services, 'models'] } async fetch(req, res, next) { const User = this.models.get('auth:User') let user if ( req.params.user_id === 'me' ) user = req.user else { // if not me, verify that user can view profile if ( !req.user.can(`profile:view:${req.params.user_id}`) ) return res.status(401).api() user = await User.findById(req.params.user_id) } return res.api({ first_name: user.first_name, last_name: user.last_name, email: user.email, uid: user.uid, tagline: user.tagline, user_id: user.id, }) } async update(req, res, next) { const User = this.models.get('auth:User') let user if ( req.params.user_id === 'me' ) user = req.user else { // If not me, verify that user can modify profile if ( !req.user.can(`profile:update:${req.params.user_id}`) ) return res.status(401).api() user = await User.findById(req.params.user_id) } if ( !user ) return res.status(404) .message('No user found with the specified ID.') .api() // Make sure the required fields are provided const required_fields = ['first_name', 'last_name', 'email'] for ( const field of required_fields ) { if ( !req.body[field]?.trim() ) return res.status(400) .message(`Required field "${field}" is missing or invalid.`) .api() } // Validate the e-mail if ( !Validator.validate(req.body.email) ) return res.status(400) .message(`"email" field must be a valid e-mail address.`) .api() // Update the user's profile user.first_name = req.body.first_name user.last_name = req.body.last_name user.email = req.body.email if ( req.body.tagline ) user.tagline = req.body.tagline else delete user.tagline // Save the record await user.save() return res.api() } } module.exports = exports = ProfileController