diff --git a/server/middleware/checkKnownOrg.js b/server/middleware/checkKnownOrg.js new file mode 100644 index 0000000..ac7e974 --- /dev/null +++ b/server/middleware/checkKnownOrg.js @@ -0,0 +1,38 @@ +const { User, Organization } = require('../../models/index'); + +async function GetOrg(req, res, next) { + const user = req.user; + const orgID = req.params.orgID || req.query.orgID || req.body.orgID; + + const verify = await Organization.findOne({ + where: { orgID: orgID }, + include: [ + { + model: User, + as: 'orgOwner', + where: { userID: user.userID }, + required: false, + }, + { + model: User, + as: 'orgMembers', + where: { userID: user.userID }, + required: false, + }, + ], + }); + + if (!verify) { + return res.status(500).send('There is no organization with this id.'); + } + + if (!verify.orgOwner && verify.orgMembers.length == 0) { + return res + .status(500) + .send('You do not know any organizations with this id.'); + } + + return next(); +} + +module.exports = GetOrg; diff --git a/server/middleware/checkKnownUser.js b/server/middleware/checkKnownUser.js new file mode 100644 index 0000000..623a710 --- /dev/null +++ b/server/middleware/checkKnownUser.js @@ -0,0 +1,60 @@ +const { User, Organization } = require('../../models/index'); + +async function checkKnownUser(req, res, next) { + const user = req.user; + const userID = req.params.userID || req.query.userID || req.body.userID; + + if (user.userID == userID) { + return next(); + } + + const result = await User.findOne({ + where: { userID: userID }, + include: [ + { + model: Organization, + as: 'ownedOrg', + include: { + model: User, + as: 'orgMembers', + where: { userID: user.userID }, + required: false, + }, + }, + { + model: Organization, + as: 'memberOrgs', + include: [ + { + model: User, + as: 'orgMembers', + where: { userID: user.userID }, + required: false, + }, + { + model: User, + as: 'orgOwner', + where: { userID: user.userID }, + required: false, + }, + ], + }, + ], + }); + + if (!result) { + return res.status(500).send('No user with that ID exists.'); + } + + const filteredResult = result.memberOrgs.filter( + (org) => org.orgMembers.length != 0 || org_owner + ); + + if (filteredResult.length == 0 && result.ownedOrg.orgMembers.length == 0) { + return res.status(403).send('You do not have contact with this user.'); + } + + return next(); +} + +module.exports = checkKnownUser; diff --git a/server/routes/auth/GetUserDetails.js b/server/routes/auth/GetUserDetails.js index ff79096..c6e88be 100644 --- a/server/routes/auth/GetUserDetails.js +++ b/server/routes/auth/GetUserDetails.js @@ -9,53 +9,6 @@ async function GetUserDetails(req, res, next) { } const result = await User.findOne({ where: { userID: userID } }); - - const check = await User.findOne({ - where: { userID: userID }, - include: [ - { - model: Organization, - as: 'memberOrgs', - include: [ - { - model: User, - as: 'orgMembers', - where: { userID: user.userID }, - required: false, - }, - { - model: User, - as: 'orgOwner', - where: { userID: user.userID }, - required: false, - }, - ], - }, - { - model: Organization, - as: 'ownedOrg', - include: { - model: User, - as: 'orgMembers', - where: { userID: user.userID }, - required: false, - }, - }, - ], - }); - - if (!check) { - return res.status(500).send('No user with that ID exists.'); - } - - const filteredCheck = check.memberOrgs.filter( - (org) => org.orgMembers.length != 0 || org_owner - ); - - if (filteredCheck.length == 0 && check.ownedOrg.orgMembers.length == 0) { - return res.status(403).send('You do not have contact with this user.'); - } - return res.send(result); } diff --git a/server/routes/authRouter.js b/server/routes/authRouter.js index be60d46..fd9f984 100644 --- a/server/routes/authRouter.js +++ b/server/routes/authRouter.js @@ -3,6 +3,7 @@ var router = express.Router(); const basicAuth = require('../middleware/basicAuth'); const tokenAuth = require('../middleware/tokenAuth'); +const checkKnownUser = require('../middleware/checkKnownUser'); const CreateUser = require('./auth/CreateUser'); const UpdateUserDetails = require('./auth/UpdateUserDetails'); @@ -16,7 +17,7 @@ router.post('/register', CreateUser); router.patch('/update', tokenAuth, UpdateUserDetails); router.post('/login', basicAuth, Login); router.post('/logout', tokenAuth, Logout); -router.get('/:userID', tokenAuth, GetUserDetails); +router.get('/:userID', tokenAuth, checkKnownUser, GetUserDetails); router.get('/reset-password', RequestReset); router.patch('/reset-password/:id', ResetPassword); diff --git a/server/routes/group/GetGroupDetails.js b/server/routes/group/GetGroup.js similarity index 100% rename from server/routes/group/GetGroupDetails.js rename to server/routes/group/GetGroup.js diff --git a/server/routes/group/GetGroupMembers.js b/server/routes/group/GetGroupMembers.js deleted file mode 100644 index e69de29..0000000 diff --git a/server/routes/groupRouter.js b/server/routes/groupRouter.js index 503b51a..4a42816 100644 --- a/server/routes/groupRouter.js +++ b/server/routes/groupRouter.js @@ -2,19 +2,20 @@ var express = require('express'); var router = express.Router(); const tokenAuth = require('../middleware/tokenAuth'); +const checkKnownUser = require('../middleware/checkKnownUser'); const CreateGroup = require('./group/CreateGroup'); const DeleteGroup = require('./group/DeleteGroup'); // const UpdateGroupDetails = require('./group/UpdateGroupDetails'); // const GetGroup = require('./group/GetGroup'); -const AddGroupMember = require('./group/AddGroupMembers'); -const RemoveGroupMember = require('./group/RemoveGroupMember'); +// const AddGroupMember = require('./group/AddGroupMembers'); +// const RemoveGroupMember = require('./group/RemoveGroupMember'); router.post('/create', tokenAuth, CreateGroup); router.delete('/:groupID/delete', tokenAuth, DeleteGroup); // router.patch('/:groupID/update', tokenAuth, UpdateGroupDetails); // router.get('/:groupID', tokenAuth, GetGroup); -// router.post('/:groupID/add', tokenAuth, AddGroupMember); +// router.post('/:groupID/add', tokenAuth, checkKnownUser, AddGroupMember); // router.post('/:orgID/remove', tokenAuth, RemoveGroupMember); module.exports = router; diff --git a/server/routes/org/GetOrg.js b/server/routes/org/GetOrg.js index 8647119..44d83de 100644 --- a/server/routes/org/GetOrg.js +++ b/server/routes/org/GetOrg.js @@ -1,36 +1,9 @@ const { User, Organization } = require('../../models/index'); async function GetOrg(req, res, next) { + const user = req.user; const orgID = req.params.orgID; - const verify = await Organization.findOne({ - where: { orgID: orgID }, - include: [ - { - model: User, - as: 'orgOwner', - where: { userID: user.userID }, - required: false, - }, - { - model: User, - as: 'orgMembers', - where: { userID: user.userID }, - required: false, - }, - ], - }); - - if (!verify) { - return res.status(500).send('There is no organization with this id.'); - } - - if (!verify.orgOwner && verify.orgMembers.length == 0) { - return res - .status(500) - .send('You do not know any organizations with this id.'); - } - const result = await Organization.findOne({ where: { orgID: orgID }, include: { model: User, as: 'orgMembers', required: false }, diff --git a/server/routes/orgRouter.js b/server/routes/orgRouter.js index 301b450..ab49e36 100644 --- a/server/routes/orgRouter.js +++ b/server/routes/orgRouter.js @@ -2,6 +2,7 @@ var express = require('express'); var router = express.Router(); const tokenAuth = require('../middleware/tokenAuth'); +const checkKnownOrg = require('../middleware/checkKnownOrg'); const CreateOrg = require('./org/CreateOrg'); const DeleteOrg = require('./org/DeleteOrg'); @@ -13,7 +14,7 @@ const RemoveOrgMember = require('./org/RemoveOrgMember'); router.post('/create', tokenAuth, CreateOrg); router.delete('/delete', tokenAuth, DeleteOrg); router.patch('/update', tokenAuth, UpdateOrgDetails); -router.get('/:orgID', tokenAuth, GetOrg); +router.get('/:orgID', tokenAuth, checkKnownOrg, GetOrg); router.post('/:orgID/add', tokenAuth, AddOrgMember); router.post('/:orgID/delete', tokenAuth, RemoveOrgMember);