mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2025-01-17 19:38:57 +01:00
152 lines
4.4 KiB
JavaScript
152 lines
4.4 KiB
JavaScript
|
const Logger = require('../Logger')
|
||
|
const User = require('../objects/User')
|
||
|
|
||
|
const { getId } = require('../utils/index')
|
||
|
|
||
|
class UserController {
|
||
|
constructor() { }
|
||
|
|
||
|
async create(req, res) {
|
||
|
if (!req.user.isRoot) {
|
||
|
Logger.warn('Non-root user attempted to create user', req.user)
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
var account = req.body
|
||
|
|
||
|
var username = account.username
|
||
|
var usernameExists = this.db.users.find(u => u.username.toLowerCase() === username.toLowerCase())
|
||
|
if (usernameExists) {
|
||
|
return res.status(500).send('Username already taken')
|
||
|
}
|
||
|
|
||
|
account.id = getId('usr')
|
||
|
account.pash = await this.auth.hashPass(account.password)
|
||
|
delete account.password
|
||
|
account.token = await this.auth.generateAccessToken({ userId: account.id })
|
||
|
account.createdAt = Date.now()
|
||
|
var newUser = new User(account)
|
||
|
var success = await this.db.insertEntity('user', newUser)
|
||
|
if (success) {
|
||
|
this.clientEmitter(req.user.id, 'user_added', newUser)
|
||
|
res.json({
|
||
|
user: newUser.toJSONForBrowser()
|
||
|
})
|
||
|
} else {
|
||
|
return res.status(500).send('Failed to save new user')
|
||
|
}
|
||
|
}
|
||
|
|
||
|
findAll(req, res) {
|
||
|
if (!req.user.isRoot) return res.sendStatus(403)
|
||
|
var users = this.db.users.map(u => this.userJsonWithBookProgressDetails(u))
|
||
|
res.json(users)
|
||
|
}
|
||
|
|
||
|
findOne(req, res) {
|
||
|
if (!req.user.isRoot) {
|
||
|
Logger.error('User other than root attempting to get user', req.user)
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
|
||
|
var user = this.db.users.find(u => u.id === req.params.id)
|
||
|
if (!user) {
|
||
|
return res.sendStatus(404)
|
||
|
}
|
||
|
|
||
|
res.json(this.userJsonWithBookProgressDetails(user))
|
||
|
}
|
||
|
|
||
|
async update(req, res) {
|
||
|
if (!req.user.isRoot) {
|
||
|
Logger.error('User other than root attempting to update user', req.user)
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
|
||
|
var user = this.db.users.find(u => u.id === req.params.id)
|
||
|
if (!user) {
|
||
|
return res.sendStatus(404)
|
||
|
}
|
||
|
|
||
|
var account = req.body
|
||
|
|
||
|
if (account.username !== undefined && account.username !== user.username) {
|
||
|
var usernameExists = this.db.users.find(u => u.username.toLowerCase() === account.username.toLowerCase())
|
||
|
if (usernameExists) {
|
||
|
return res.status(500).send('Username already taken')
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// Updating password
|
||
|
if (account.password) {
|
||
|
account.pash = await this.auth.hashPass(account.password)
|
||
|
delete account.password
|
||
|
}
|
||
|
|
||
|
var hasUpdated = user.update(account)
|
||
|
if (hasUpdated) {
|
||
|
await this.db.updateEntity('user', user)
|
||
|
}
|
||
|
|
||
|
this.clientEmitter(req.user.id, 'user_updated', user.toJSONForBrowser())
|
||
|
res.json({
|
||
|
success: true,
|
||
|
user: user.toJSONForBrowser()
|
||
|
})
|
||
|
}
|
||
|
|
||
|
async delete(req, res) {
|
||
|
if (!req.user.isRoot) {
|
||
|
Logger.error('User other than root attempting to delete user', req.user)
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
if (req.params.id === 'root') {
|
||
|
return res.sendStatus(500)
|
||
|
}
|
||
|
if (req.user.id === req.params.id) {
|
||
|
Logger.error('Attempting to delete themselves...')
|
||
|
return res.sendStatus(500)
|
||
|
}
|
||
|
var user = this.db.users.find(u => u.id === req.params.id)
|
||
|
if (!user) {
|
||
|
Logger.error('User not found')
|
||
|
return res.json({
|
||
|
error: 'User not found'
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// delete user collections
|
||
|
var userCollections = this.db.collections.filter(c => c.userId === user.id)
|
||
|
var collectionsToRemove = userCollections.map(uc => uc.id)
|
||
|
for (let i = 0; i < collectionsToRemove.length; i++) {
|
||
|
await this.db.removeEntity('collection', collectionsToRemove[i])
|
||
|
}
|
||
|
|
||
|
// Todo: check if user is logged in and cancel streams
|
||
|
|
||
|
var userJson = user.toJSONForBrowser()
|
||
|
await this.db.removeEntity('user', user.id)
|
||
|
this.clientEmitter(req.user.id, 'user_removed', userJson)
|
||
|
res.json({
|
||
|
success: true
|
||
|
})
|
||
|
}
|
||
|
|
||
|
// GET: api/users/:id/listening-sessions
|
||
|
async getListeningSessions(req, res) {
|
||
|
if (!req.user.isRoot && req.user.id !== req.params.id) {
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
var listeningSessions = await this.getUserListeningSessionsHelper(req.params.id)
|
||
|
res.json(listeningSessions.slice(0, 10))
|
||
|
}
|
||
|
|
||
|
// GET: api/users/:id/listening-stats
|
||
|
async getListeningStats(req, res) {
|
||
|
if (!req.user.isRoot && req.user.id !== req.params.id) {
|
||
|
return res.sendStatus(403)
|
||
|
}
|
||
|
var listeningStats = await this.getUserListeningStatsHelpers(req.params.id)
|
||
|
res.json(listeningStats)
|
||
|
}
|
||
|
}
|
||
|
module.exports = new UserController()
|