feat(api): add endpoint to update user's account details

2023-10-11 16:46:17 -04:00 · 2023-10-11 16:46:17 -04:00 · a120a295ae
commit a120a295ae
parent c86363b766
1 changed files with 106 additions and 0 deletions
--- a/server/api/user/me/index.put.ts
+++ b/server/api/user/me/index.put.ts
@ -0,0 +1,106 @@
+import san from "sanitize-html";
+import { weirdToNormalChars } from "weird-to-normal-chars";
+import { Profile, MyStuff } from "~/lib/client/types/form/myStuff";
+import { apiRoot, messages } from "~/lib/server/constants";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
+import { Review } from "~/models/stories/review";
+import { IUser, User } from "~/models/user";
+import axios from "axios";
+
+function emsg(arg: string): any {
+	return {
+		statusCode: 400,
+		message: `Could not update ${arg}`,
+	};
+}
+
+export default eventHandler(async (ev) => {
+	isLoggedIn(ev);
+	const body = await readBody<MyStuff>(ev);
+	let u = await User.findById(ev.context.currentUser!._id).exec();
+	if (!u) {
+		throw createError({
+			statusCode: 500,
+			message: "this shouldn't happen.",
+		});
+	}
+	let update: Partial<IUser> & any = {};
+	if (body.email?.toLocaleLowerCase() !== u!.email) {
+		if (u?.validPassword(body.password!)) {
+			update.email = body.email;
+		} else {
+			throw createError(emsg("email"));
+		}
+	}
+	if (body.password !== "" && body.newPassword) {
+		if (u?.validPassword(body.password || "")) {
+			update.password = User.generateHash(body.newPassword);
+		} else {
+			throw createError(emsg("password"));
+		}
+	}
+	update["profile.disclaimer"] = body.disclaimer;
+	update["profile.hidden"] = !!body.hidden;
+	update["profile.nightMode"] = !!body.nightMode;
+	update.notifyOnReviewReply = !!body.reviewReply;
+	let nusername = weirdToNormalChars(body.username || u.username);
+	if (nusername !== u.username) {
+		let exists = await User.findOne({
+			username: nusername,
+		});
+		if (exists) {
+			throw createError(emsg("username"));
+		}
+		let { data: lookup } = await axios.get(
+			`${apiRoot}/session-sharing/lookup`,
+			{
+				params: {
+					id: ev.context.currentUser!._id,
+				},
+			},
+		);
+
+		await axios.put(`${apiRoot}/v3/users/${lookup.value.uid}`, {
+			body: {
+				username: nusername,
+				_uid: 1,
+			},
+			headers: {
+				Authorization: `Bearer ${useRuntimeConfig().nodebb.masterToken}`,
+			},
+		});
+		update.username = nusername;
+		let regex = new RegExp(nusername, "g");
+		await Review.collection.updateMany(
+			{
+				text: {
+					$regex: regex,
+				},
+			},
+			[
+				{
+					$set: {
+						text: {
+							$replaceAll: {
+								input: "$text",
+								find: u!.username,
+								replacement: nusername,
+							},
+						},
+					},
+				},
+			],
+		);
+	}
+	u = await User.findByIdAndUpdate(
+		ev.context.currentUser!._id,
+		{
+			$set: update,
+		},
+		{ new: true },
+	);
+	return {
+		success: true,
+		data: u,
+	};
+});