REST-Node-ts/source/controller/User.ts at master · idea2app/REST-Node-ts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
import {
    Authorized,
    Body,
    CurrentUser,
    Delete,
    ForbiddenError,
    Get,
    HttpCode,
    HttpError,
    JsonController,
    OnNull,
    OnUndefined,
    Param,
    Post,
    Put,
    QueryParams
} from 'routing-controllers';
import { ResponseSchema } from 'routing-controllers-openapi';

import { Role, SignInData, User, UserFilter, UserListChunk } from '../model';
import { activityLogService, BaseService, sessionService } from '../service';
import { supabase } from '../utility';

@JsonController('/user')
export class UserController {
    store = sessionService.userStore;
    service = new BaseService(User, ['email', 'mobilePhone', 'name']);

    @Post('/session/email/:email/OTP')
    @OnUndefined(204)
    async sendEmailOTP(@Param('email') email: string) {
        const { error } = await supabase.auth.signInWithOtp({ email });

        if (error) throw new HttpError(error.status, error.message);
    }

    @Get('/session')
    @Authorized()
    @ResponseSchema(User)
    getSession(@CurrentUser() user: User) {
        return user;
    }

    @Post('/session')
    @HttpCode(201)
    @ResponseSchema(User)
    async signIn(@Body() { email, password }: SignInData): Promise<User> {
        let user = await this.store.findOneBy({
            email,
            password: sessionService.encrypt(password)
        });

        if (!user) {
            const { error, data } = await supabase.auth.verifyOtp({
                type: 'email',
                email,
                token: password
            });
            if (error) throw new HttpError(error.status, error.message);

            user =
                (await this.store.findOneBy({ email })) ||
                (await this.signUp({ email, password: data.user.id }));
        }
        return sessionService.sign(user);
    }

    @Post()
    @HttpCode(201)
    @ResponseSchema(User)
    signUp(@Body() data: SignInData) {
        return sessionService.signUp(data);
    }

    @Put('/:id')
    @Authorized()
    @ResponseSchema(User)
    async updateOne(
        @Param('id') id: number,
        @CurrentUser() updatedBy: User,
        @Body() { password, ...data }: User
    ) {
        if (!updatedBy.roles.includes(Role.Administrator) && id !== updatedBy.id)
            throw new ForbiddenError();

        await this.store.save({
            ...data,
            password: password && sessionService.encrypt(password),
            id
        });
        await activityLogService.logUpdate(updatedBy, 'User', id);

        return sessionService.sign(await this.store.findOneBy({ id }));
    }

    @Get('/:id')
    @OnNull(404)
    @ResponseSchema(User)
    getOne(@Param('id') id: number) {
        return this.service.getOne(id);
    }

    @Delete('/:id')
    @Authorized()
    @OnUndefined(204)
    async deleteOne(@Param('id') id: number, @CurrentUser() deletedBy: User) {
        if (deletedBy.roles.includes(Role.Administrator) && id == deletedBy.id)
            throw new ForbiddenError();

        await this.store.softDelete(id);

        await activityLogService.logDelete(deletedBy, 'User', id);
    }

    @Get()
    @ResponseSchema(UserListChunk)
    getList(@QueryParams() filter: UserFilter) {
        return this.service.getList(filter);
    }
}