KK
/
customer-dashboard-api
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check user state

main
alex 2024-02-18 10:24:27 +01:00
parent 617f521708
commit c1804a3663
3 changed files with 52 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/controllers/usersController.ts
View File

@ -46,7 +46,6 @@ export async function AddEmployee(req: Request, res: Response) {
if ( if (
!storeId || !storeId ||
!username || !username ||
!email ||
passwordSetOnInitLogging === undefined || passwordSetOnInitLogging === undefined ||
(!password && passwordSetOnInitLogging === false) || (!password && passwordSetOnInitLogging === false) ||
!language || !language ||
@ -107,22 +106,33 @@ export async function AddEmployee(req: Request, res: Response) {
// validate username and email // validate username and email
email = email.toLowerCase(); if (!isUsernameValid(username)) {
if (!isUsernameValid(username) || !(await isEmailValid(email))) {
return res.status(400).send({ err: "invalid request" }); return res.status(400).send({ err: "invalid request" });
} }
// check if user already exists // only validate email if it is provided
if (email !== undefined && email.length > 0) {
email = email.toLowerCase();
const existingUser = await User.findOne({ console.log("email", email);
where: {
email: email,
},
});
if (existingUser) { if (!(await isEmailValid(email))) {
return res.status(400).send({ err: "invalid request" }); return res.status(400).send({ err: "invalid request" });
}
// check if user already exists
const existingUser = await User.findOne({
where: {
email: email,
},
});
if (existingUser) {
return res.status(400).send({ err: "invalid request" });
}
} else {
email = "";
} }
// create user // create user
@ -362,6 +372,11 @@ export async function UpdateEmployee(req: Request, res: Response) {
...update, ...update,
email: email, email: email,
}; };
} else {
update = {
...update,
email: "",
};
} }
if (username) { if (username) {

24
src/middleware/authMiddleware.ts
View File

@ -1,5 +1,8 @@
import { Request } from "express"; import { Request } from "express";
import { getUserSession } from "../utils/utils"; import { getUserSession } from "../utils/utils";
import User from "../models/user";
import { ACCOUNT_STATE } from "../utils/constants";
import { userLogger } from "../logger/logger";
export async function sessionProtection(req: Request, res: any, next: any) { export async function sessionProtection(req: Request, res: any, next: any) {
const session = await getUserSession(req); const session = await getUserSession(req);
@ -14,5 +17,26 @@ export async function sessionProtection(req: Request, res: any, next: any) {
return res.status(401).send({ err: "unauthorized" }); return res.status(401).send({ err: "unauthorized" });
} }
// check if user is active
const user = await User.findOne({
where: {
user_id: session.user_id,
},
attributes: ["state"],
});
if (!user) {
return res.status(401).send({ err: "unauthorized" });
}
if (user.state !== ACCOUNT_STATE.ACTIVE) {
userLogger.info(
session.user_id,
"GetUser logout due to account state",
user.state.toString()
);
return res.status(401).send({ err: "unauthorized" });
}
next(); next();
} }

2
src/models/user.ts
View File

@ -59,7 +59,7 @@ User.init(
}, },
email: { email: {
type: DataTypes.STRING, type: DataTypes.STRING,
unique: true, // allowNull defaults to true
}, },
username: { username: {
type: DataTypes.STRING, type: DataTypes.STRING,