feat(server): added in profile update (password only currently)

2025-03-04 05:45:34 -06:00
parent 1af561acb1
commit eb41ed5dd0
4 changed files with 357 additions and 69 deletions
--- a/server/services/auth/controllers/users/updateProfile.ts
+++ b/server/services/auth/controllers/users/updateProfile.ts
@@ -0,0 +1,38 @@
+import {eq, sql} from "drizzle-orm";
+import {db} from "../../../../../database/dbclient.js";
+import {users} from "../../../../../database/schema/users.js";
+import {log} from "../../../logger/logger.js";
+import {createPassword} from "../../utils/createPassword.js";
+
+const blacklistedTokens = new Set();
+
+function blacklistToken(token: string) {
+    blacklistedTokens.add(token);
+    setTimeout(() => blacklistedTokens.delete(token), 3600 * 1000); // Remove after 1 hour
+}
+
+function isTokenBlacklisted(token: string) {
+    return blacklistedTokens.has(token);
+}
+
+export const updateProfile = async (user: any, data: any, token: string) => {
+    if (isTokenBlacklisted(token)) {
+        log.warn(`${user.username} is trying to use a black listed token`);
+        throw Error("This token was already used");
+    }
+    log.info(`${user.user_id}`);
+
+    //re salt and encrypt the password
+    try {
+        const saltPass = await createPassword(data.password);
+        // update the password
+        const profileUpdate = await db
+        .update(users)
+        .set({password: saltPass, upd_user: user.username, upd_date: sql`NOW()`})
+        .where(eq(users.user_id, user.user_id));
+
+        blacklistToken(token);
+    } catch (error) {
+        log.error(error, "There was an error updating the users profile");
+    }
+};
--- a/server/services/auth/routes/user/profileUpdate.ts
+++ b/server/services/auth/routes/user/profileUpdate.ts
@@ -0,0 +1,95 @@
+import {createRoute, OpenAPIHono, z} from "@hono/zod-openapi";
+import {authMiddleware} from "../../middleware/authMiddleware.js";
+import {updateProfile} from "../../controllers/users/updateProfile.js";
+import {verify} from "hono/jwt";
+import {log} from "../../../logger/logger.js";
+
+const app = new OpenAPIHono();
+
+const UserSchema = z.object({
+    password: z
+    .string()
+    .min(6, {message: "Passwords must be longer than 3 characters"})
+    .regex(/[A-Z]/, {message: "Password must contain at least one uppercase letter"})
+    .regex(/[\W_]/, {message: "Password must contain at least one special character"})
+    .openapi({example: "Password1!"}),
+});
+app.openapi(
+    createRoute({
+        tags: ["User"],
+        summary: "Updates a users Profile",
+        description: "Currently you can only update your password over the API",
+        method: "post",
+        path: "/",
+        middleware: authMiddleware,
+        request: {
+            body: {
+                content: {
+                    "application/json": {schema: UserSchema},
+                },
+            },
+        },
+        responses: {
+            200: {
+                content: {
+                    "application/json": {
+                        schema: z.object({
+                            message: z.string().optional().openapi({example: "User Profile has been updated"}),
+                        }),
+                    },
+                },
+                description: "Sucess return",
+            },
+            401: {
+                content: {
+                    "application/json": {
+                        schema: z.object({message: z.string().optional().openapi({example: "Unauthenticated"})}),
+                    },
+                },
+                description: "Unauthorized",
+            },
+            500: {
+                content: {
+                    "application/json": {
+                        schema: z.object({message: z.string().optional().openapi({example: "Internal Server error"})}),
+                    },
+                },
+                description: "Internal Server Error",
+            },
+        },
+    }),
+    async (c) => {
+        // make sure we have a vaid user being accessed thats really logged in
+        const authHeader = c.req.header("Authorization");
+
+        if (authHeader?.includes("Basic")) {
+            return c.json({message: "You are a Basic user! Please login to get a token"}, 401);
+        }
+
+        if (!authHeader) {
+            return c.json({message: "Unauthorized"}, 401);
+        }
+
+        const token = authHeader?.split("Bearer ")[1] || "";
+        let user;
+
+        try {
+            const payload = await verify(token, process.env.JWT_SECRET!);
+            user = payload.user;
+        } catch (error) {
+            log.error(error, "Failed session check, user must be logged out");
+            return c.json({message: "Unauthorized"}, 401);
+        }
+
+        // now pass all the data over to update the user info
+        try {
+            const data = await c?.req.json();
+            await updateProfile(user, data, token);
+            return c.json({message: "Your profile has been updated"});
+        } catch (error) {
+            return c.json({message: "There was an error", error});
+        }
+    }
+);
+
+export default app;