umami/pages/api/account.js

import { getAccounts, getAccount, updateAccount, createAccount } from 'lib/db';
import { useAuth } from 'lib/middleware';
import { hashPassword, uuid } from 'lib/crypto';
import { ok, unauthorized, methodNotAllowed, badRequest } from 'lib/response';

export default async (req, res) => {
  await useAuth(req, res);

  const { user_id: current_user_id, is_admin: current_user_is_admin } = req.auth;

  if (req.method === 'GET') {
    if (current_user_is_admin) {
      const accounts = await getAccounts();

      return ok(res, accounts);
    }

    return unauthorized(res);
  }

  if (req.method === 'POST') {
    const { user_id, username, password, is_admin } = req.body;

    if (user_id) {
      const account = await getAccount({ user_id });

      if (account.user_id === current_user_id || current_user_is_admin) {
        const data = { password: password ? await hashPassword(password) : undefined };

        // Only admin can change these fields
        if (current_user_is_admin) {
          // Cannot change username of admin
          if (username !== 'admin') {
            data.username = username;
          }
          data.is_admin = is_admin;
        }

        if (data.username && account.username !== data.username) {
          const accountByUsername = await getAccount({ username });

          if (accountByUsername) {
            return badRequest(res, 'Account already exists');
          }
        }

        const updated = await updateAccount(user_id, data);

        return ok(res, updated);
      }

      return unauthorized(res);
    } else {
      const accountByUsername = await getAccount({ username });

      if (accountByUsername) {
        return badRequest(res, 'Account already exists');
      }

      const created = await createAccount({ username, password: await hashPassword(password) });

      return ok(res, created);
    }
  }

  return methodNotAllowed(res);
};
Account settings page. 2020-08-09 08:48:43 +02:00			`import { getAccounts, getAccount, updateAccount, createAccount } from 'lib/db';`
			`import { useAuth } from 'lib/middleware';`
			`import { hashPassword, uuid } from 'lib/crypto';`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`import { ok, unauthorized, methodNotAllowed, badRequest } from 'lib/response';`
Account settings page. 2020-08-09 08:48:43 +02:00
			`export default async (req, res) => {`
			`await useAuth(req, res);`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`const { user_id: current_user_id, is_admin: current_user_is_admin } = req.auth;`
Account settings page. 2020-08-09 08:48:43 +02:00
			`if (req.method === 'GET') {`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`if (current_user_is_admin) {`
Account settings page. 2020-08-09 08:48:43 +02:00			`const accounts = await getAccounts();`

			`return ok(res, accounts);`
			`}`

			`return unauthorized(res);`
			`}`

			`if (req.method === 'POST') {`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`const { user_id, username, password, is_admin } = req.body;`
Account settings page. 2020-08-09 08:48:43 +02:00
			`if (user_id) {`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`const account = await getAccount({ user_id });`
Account settings page. 2020-08-09 08:48:43 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`if (account.user_id === current_user_id \|\| current_user_is_admin) {`
Account settings page. 2020-08-09 08:48:43 +02:00			`const data = { password: password ? await hashPassword(password) : undefined };`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`// Only admin can change these fields`
			`if (current_user_is_admin) {`
			`// Cannot change username of admin`
			`if (username !== 'admin') {`
			`data.username = username;`
			`}`
			`data.is_admin = is_admin;`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`

Account editing and change password. 2020-08-09 11:03:37 +02:00			`if (data.username && account.username !== data.username) {`
			`const accountByUsername = await getAccount({ username });`

			`if (accountByUsername) {`
			`return badRequest(res, 'Account already exists');`
			`}`
			`}`

			`const updated = await updateAccount(user_id, data);`
Account settings page. 2020-08-09 08:48:43 +02:00
			`return ok(res, updated);`
			`}`

			`return unauthorized(res);`
			`} else {`
Account editing and change password. 2020-08-09 11:03:37 +02:00			`const accountByUsername = await getAccount({ username });`

			`if (accountByUsername) {`
			`return badRequest(res, 'Account already exists');`
			`}`

			`const created = await createAccount({ username, password: await hashPassword(password) });`
Account settings page. 2020-08-09 08:48:43 +02:00
Account editing and change password. 2020-08-09 11:03:37 +02:00			`return ok(res, created);`
Account settings page. 2020-08-09 08:48:43 +02:00			`}`
			`}`

			`return methodNotAllowed(res);`
			`};`