umami/pages/api/account/index.js

import { getAccountById, getAccountByUsername, updateAccount, createAccount } from 'queries';
import { useAuth } from 'lib/middleware';
import { hashPassword } from 'lib/crypto';
import { ok, unauthorized, methodNotAllowed, badRequest } from 'lib/response';

export default async (req, res) => {
  await useAuth(req, res);

  const { user_id: current_user_id, is_admin: current_user_is_admin } = req.auth;

  if (req.method === 'POST') {
    const { user_id, username, password, is_admin } = req.body;

    if (user_id) {
      const account = await getAccountById(user_id);

      if (account.user_id === current_user_id || current_user_is_admin) {
        const data = {};

        if (password) {
          data.password = hashPassword(password);
        }

        // Only admin can change these fields
        if (current_user_is_admin) {
          data.username = username;
          data.is_admin = is_admin;
        }

        if (data.username && account.username !== data.username) {
          const accountByUsername = await getAccountByUsername(username);

          if (accountByUsername) {
            return badRequest(res, 'Account already exists');
          }
        }

        const updated = await updateAccount(user_id, data);

        return ok(res, updated);
      }

      return unauthorized(res);
    } else {
      const accountByUsername = await getAccountByUsername(username);

      if (accountByUsername) {
        return badRequest(res, 'Account already exists');
      }

      const created = await createAccount({ username, password: hashPassword(password) });

      return ok(res, created);
    }
  }

  return methodNotAllowed(res);
};
move queries 2022-07-12 23:14:36 +02:00			`import { getAccountById, getAccountByUsername, updateAccount, createAccount } from 'queries';`
Account settings page. 2020-08-09 08:48:43 +02:00			`import { useAuth } from 'lib/middleware';`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`import { hashPassword } from 'lib/crypto';`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`import { ok, unauthorized, methodNotAllowed, badRequest } from 'lib/response';`
Account settings page. 2020-08-09 08:48:43 +02:00
			`export default async (req, res) => {`
			`await useAuth(req, res);`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`const { user_id: current_user_id, is_admin: current_user_is_admin } = req.auth;`
Account settings page. 2020-08-09 08:48:43 +02:00
			`if (req.method === 'POST') {`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`const { user_id, username, password, is_admin } = req.body;`
Account settings page. 2020-08-09 08:48:43 +02:00
			`if (user_id) {`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`const account = await getAccountById(user_id);`
Account settings page. 2020-08-09 08:48:43 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`if (account.user_id === current_user_id \|\| current_user_is_admin) {`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`const data = {};`

			`if (password) {`
Change to synchronous password hashing. 2021-05-24 02:29:27 +02:00			`data.password = hashPassword(password);`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`}`
Account settings page. 2020-08-09 08:48:43 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`// Only admin can change these fields`
			`if (current_user_is_admin) {`
Allow user to change admin username. 2022-04-04 07:25:32 +02:00			`data.username = username;`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`data.is_admin = is_admin;`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`if (data.username && account.username !== data.username) {`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`const accountByUsername = await getAccountByUsername(username);`
Account editing and change password. 2020-08-09 11:03:37 +02:00
			`if (accountByUsername) {`
			`return badRequest(res, 'Account already exists');`
			`}`
			`}`
Added CORS to website API endpoints. 2022-04-04 09:33:20 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`const updated = await updateAccount(user_id, data);`
Account settings page. 2020-08-09 08:48:43 +02:00
			`return ok(res, updated);`
			`}`

			`return unauthorized(res);`
			`} else {`
Refactor database queries. 2020-08-12 07:24:41 +02:00			`const accountByUsername = await getAccountByUsername(username);`
Account editing and change password. 2020-08-09 11:03:37 +02:00
			`if (accountByUsername) {`
			`return badRequest(res, 'Account already exists');`
			`}`

Change to synchronous password hashing. 2021-05-24 02:29:27 +02:00			`const created = await createAccount({ username, password: hashPassword(password) });`
Account settings page. 2020-08-09 08:48:43 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`return ok(res, created);`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`
			`}`

			`return methodNotAllowed(res);`
			`};`