el.xwx.moe/lib/api/controllers/users/userId/updateUserById.ts

import { prisma } from "@/lib/api/db";
import { AccountSettings } from "@/types/global";
import bcrypt from "bcrypt";
import removeFile from "@/lib/api/storage/removeFile";
import createFile from "@/lib/api/storage/createFile";
import updateCustomerEmail from "@/lib/api/updateCustomerEmail";
import createFolder from "@/lib/api/storage/createFolder";

const emailEnabled =
  process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;

export default async function updateUserById(
  userId: number,
  data: AccountSettings
) {
  const ssoUser = await prisma.account.findFirst({
    where: {
      userId: userId,
    },
  });
  const user = await prisma.user.findUnique({
    where: {
      id: userId,
    },
  });

  if (ssoUser) {
    // deny changes to SSO-defined properties
    if (data.email !== user?.email) {
      return {
        response: "SSO users cannot change their email.",
        status: 400,
      };
    }
    if (data.newPassword) {
      return {
        response: "SSO Users cannot change their password.",
        status: 400,
      };
    }
    if (data.name !== user?.name) {
      return {
        response: "SSO Users cannot change their name.",
        status: 400,
      };
    }
    if (data.username !== user?.username) {
      return {
        response: "SSO Users cannot change their username.",
        status: 400,
      };
    }
    if (data.image?.startsWith("data:image/jpeg;base64")) {
      return {
        response: "SSO Users cannot change their avatar.",
        status: 400,
      };
    }
  } else {
    // verify only for non-SSO users
    // SSO users cannot change their email, password, name, username, or avatar
    if (emailEnabled && !data.email)
      return {
        response: "Email invalid.",
        status: 400,
      };
    else if (!data.username)
      return {
        response: "Username invalid.",
        status: 400,
      };
    if (data.newPassword && data.newPassword?.length < 8)
      return {
        response: "Password must be at least 8 characters.",
        status: 400,
      };
    // Check email (if enabled)
    const checkEmail =
      /^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i;
    if (emailEnabled && !checkEmail.test(data.email?.toLowerCase() || ""))
      return {
        response: "Please enter a valid email.",
        status: 400,
      };

    const checkUsername = RegExp("^[a-z0-9_-]{3,31}$");

    if (!checkUsername.test(data.username.toLowerCase()))
      return {
        response:
          "Username has to be between 3-30 characters, no spaces and special characters are allowed.",
        status: 400,
      };

    const userIsTaken = await prisma.user.findFirst({
      where: {
        id: { not: userId },
        OR: emailEnabled
          ? [
              {
                username: data.username.toLowerCase(),
              },
              {
                email: data.email?.toLowerCase(),
              },
            ]
          : [
              {
                username: data.username.toLowerCase(),
              },
            ],
      },
    });

    if (userIsTaken) {
      if (data.email?.toLowerCase().trim() === userIsTaken.email?.trim())
        return {
          response: "Email is taken.",
          status: 400,
        };
      else if (
        data.username?.toLowerCase().trim() === userIsTaken.username?.trim()
      )
        return {
          response: "Username is taken.",
          status: 400,
        };

      return {
        response: "Username/Email is taken.",
        status: 400,
      };
    }

    // Avatar Settings

    if (data.image?.startsWith("data:image/jpeg;base64")) {
      if (data.image.length < 1572864) {
        try {
          const base64Data = data.image.replace(
            /^data:image\/jpeg;base64,/,
            ""
          );

          createFolder({ filePath: `uploads/avatar` });

          await createFile({
            filePath: `uploads/avatar/${userId}.jpg`,
            data: base64Data,
            isBase64: true,
          });
        } catch (err) {
          console.log("Error saving image:", err);
        }
      } else {
        console.log("A file larger than 1.5MB was uploaded.");
        return {
          response: "A file larger than 1.5MB was uploaded.",
          status: 400,
        };
      }
    } else if (data.image == "") {
      removeFile({ filePath: `uploads/avatar/${userId}.jpg` });
    }
  }

  const previousEmail = (
    await prisma.user.findUnique({ where: { id: userId } })
  )?.email;

  // Other settings

  const saltRounds = 10;
  const newHashedPassword = bcrypt.hashSync(data.newPassword || "", saltRounds);

  const updatedUser = await prisma.user.update({
    where: {
      id: userId,
    },
    data: {
      name: data.name,
      username: data.username?.toLowerCase().trim(),
      email: data.email?.toLowerCase().trim(),
      isPrivate: data.isPrivate,
      image: data.image ? `uploads/avatar/${userId}.jpg` : "",
      collectionOrder: data.collectionOrder.filter(
        (value, index, self) => self.indexOf(value) === index
      ),
      archiveAsScreenshot: data.archiveAsScreenshot,
      archiveAsPDF: data.archiveAsPDF,
      archiveAsWaybackMachine: data.archiveAsWaybackMachine,
      linksRouteTo: data.linksRouteTo,
      password:
        data.newPassword && data.newPassword !== ""
          ? newHashedPassword
          : undefined,
    },
    include: {
      whitelistedUsers: true,
      subscriptions: true,
    },
  });

  const { whitelistedUsers, password, subscriptions, ...userInfo } =
    updatedUser;

  // If user.whitelistedUsers is not provided, we will assume the whitelistedUsers should be removed
  const newWhitelistedUsernames: string[] = data.whitelistedUsers || [];

  // Get the current whitelisted usernames
  const currentWhitelistedUsernames: string[] = whitelistedUsers.map(
    (data) => data.username
  );

  // Find the usernames to be deleted (present in current but not in new)
  const usernamesToDelete: string[] = currentWhitelistedUsernames.filter(
    (username) => !newWhitelistedUsernames.includes(username)
  );

  // Find the usernames to be created (present in new but not in current)
  const usernamesToCreate: string[] = newWhitelistedUsernames.filter(
    (username) =>
      !currentWhitelistedUsernames.includes(username) && username.trim() !== ""
  );

  // Delete whitelistedUsers that are not present in the new list
  await prisma.whitelistedUser.deleteMany({
    where: {
      userId: userId,
      username: {
        in: usernamesToDelete,
      },
    },
  });

  // Create new whitelistedUsers that are not in the current list, no create many ;(
  for (const username of usernamesToCreate) {
    await prisma.whitelistedUser.create({
      data: {
        username,
        userId: userId,
      },
    });
  }

  const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;

  if (STRIPE_SECRET_KEY && emailEnabled && previousEmail !== data.email)
    await updateCustomerEmail(
      STRIPE_SECRET_KEY,
      previousEmail as string,
      data.email as string
    );

  const response: Omit<AccountSettings, "password"> = {
    ...userInfo,
    whitelistedUsers: newWhitelistedUsernames,
    image: userInfo.image ? `${userInfo.image}?${Date.now()}` : "",
    subscription: { active: subscriptions?.active },
  };

  return { response, status: 200 };
}
added update account functionality 2023-05-20 14:25:00 -05:00			`import { prisma } from "@/lib/api/db";`
			`import { AccountSettings } from "@/types/global";`
implemented change password functionality 2023-05-22 15:29:24 -05:00			`import bcrypt from "bcrypt";`
digital ocean spaces/aws S3 integratoin 2023-07-01 09:11:39 -05:00			`import removeFile from "@/lib/api/storage/removeFile";`
			`import createFile from "@/lib/api/storage/createFile";`
added docker bind mounts + bug fix 2023-08-03 16:54:04 -05:00			`import updateCustomerEmail from "@/lib/api/updateCustomerEmail";`
			`import createFolder from "@/lib/api/storage/createFolder";`

			`const emailEnabled =`
			`process.env.EMAIL_FROM && process.env.EMAIL_SERVER ? true : false;`
added update account functionality 2023-05-20 14:25:00 -05:00
added delete user endpoint 2023-10-23 14:24:22 -05:00			`export default async function updateUserById(`
support for bearer tokens 2023-11-02 13:59:31 -05:00			`userId: number,`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`data: AccountSettings`
tab-seperated modals + eslint fix + much more bug fixed and improvements 2023-06-09 17:31:14 -05:00			`) {`
feat: refactored login 2023-12-03 14:01:28 -06:00			`const ssoUser = await prisma.account.findFirst({`
minor error handling 2023-07-18 11:44:37 -05:00			`where: {`
feat: refactored login 2023-12-03 14:01:28 -06:00			`userId: userId,`
			`},`
			`});`
			`const user = await prisma.user.findUnique({`
			`where: {`
			`id: userId,`
			`},`
			`});`
bugs fixed 2023-12-30 08:31:53 -06:00
minor improvements 2023-12-07 15:33:01 -06:00			`if (ssoUser) {`
			`// deny changes to SSO-defined properties`
feat: refactored login 2023-12-03 14:01:28 -06:00			`if (data.email !== user?.email) {`
			`return {`
			`response: "SSO users cannot change their email.",`
			`status: 400,`
			`};`
			`}`
			`if (data.newPassword) {`
			`return {`
			`response: "SSO Users cannot change their password.",`
			`status: 400,`
			`};`
			`}`
			`if (data.name !== user?.name) {`
			`return {`
			`response: "SSO Users cannot change their name.",`
			`status: 400,`
			`};`
			`}`
			`if (data.username !== user?.username) {`
			`return {`
			`response: "SSO Users cannot change their username.",`
			`status: 400,`
			`};`
			`}`
bugs fixed 2023-12-30 08:31:53 -06:00			`if (data.image?.startsWith("data:image/jpeg;base64")) {`
feat: refactored login 2023-12-03 14:01:28 -06:00			`return {`
			`response: "SSO Users cannot change their avatar.",`
			`status: 400,`
			`};`
			`}`
minor improvements 2023-12-07 15:33:01 -06:00			`} else {`
			`// verify only for non-SSO users`
feat: refactored login 2023-12-03 14:01:28 -06:00			`// SSO users cannot change their email, password, name, username, or avatar`
			`if (emailEnabled && !data.email)`
			`return {`
			`response: "Email invalid.",`
			`status: 400,`
			`};`
			`else if (!data.username)`
			`return {`
			`response: "Username invalid.",`
			`status: 400,`
			`};`
			`if (data.newPassword && data.newPassword?.length < 8)`
			`return {`
			`response: "Password must be at least 8 characters.",`
			`status: 400,`
			`};`
			`// Check email (if enabled)`
			`const checkEmail =`
			`/^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)\|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i;`
			`if (emailEnabled && !checkEmail.test(data.email?.toLowerCase() \|\| ""))`
			`return {`
			`response: "Please enter a valid email.",`
			`status: 400,`
			`};`

			`const checkUsername = RegExp("^[a-z0-9_-]{3,31}$");`

			`if (!checkUsername.test(data.username.toLowerCase()))`
			`return {`
			`response:`
			`"Username has to be between 3-30 characters, no spaces and special characters are allowed.",`
			`status: 400,`
			`};`

			`const userIsTaken = await prisma.user.findFirst({`
			`where: {`
			`id: { not: userId },`
			`OR: emailEnabled`
			`? [`
format 2024-02-22 02:51:24 -06:00			`{`
			`username: data.username.toLowerCase(),`
			`},`
			`{`
			`email: data.email?.toLowerCase(),`
			`},`
			`]`
feat: refactored login 2023-12-03 14:01:28 -06:00			`: [`
format 2024-02-22 02:51:24 -06:00			`{`
			`username: data.username.toLowerCase(),`
			`},`
			`],`
feat: refactored login 2023-12-03 14:01:28 -06:00			`},`
			`});`

			`if (userIsTaken) {`
			`if (data.email?.toLowerCase().trim() === userIsTaken.email?.trim())`
			`return {`
			`response: "Email is taken.",`
			`status: 400,`
			`};`
			`else if (`
			`data.username?.toLowerCase().trim() === userIsTaken.username?.trim()`
			`)`
			`return {`
			`response: "Username is taken.",`
			`status: 400,`
			`};`
minor error handling 2023-07-18 11:44:37 -05:00
bug fixed 2023-10-23 00:45:31 -05:00			`return {`
feat: refactored login 2023-12-03 14:01:28 -06:00			`response: "Username/Email is taken.",`
bug fixed 2023-10-23 00:45:31 -05:00			`status: 400,`
			`};`
feat: refactored login 2023-12-03 14:01:28 -06:00			`}`
added docker bind mounts + bug fix 2023-08-03 16:54:04 -05:00
feat: refactored login 2023-12-03 14:01:28 -06:00			`// Avatar Settings`

			`if (data.image?.startsWith("data:image/jpeg;base64")) {`
			`if (data.image.length < 1572864) {`
			`try {`
minor improvements 2023-12-07 15:33:01 -06:00			`const base64Data = data.image.replace(`
			`/^data:image\/jpeg;base64,/,`
			`""`
			`);`
feat: refactored login 2023-12-03 14:01:28 -06:00
			createFolder({ filePath: `uploads/avatar` });

			`await createFile({`
			filePath: `uploads/avatar/${userId}.jpg`,
			`data: base64Data,`
			`isBase64: true,`
			`});`
			`} catch (err) {`
			`console.log("Error saving image:", err);`
			`}`
			`} else {`
			`console.log("A file larger than 1.5MB was uploaded.");`
			`return {`
			`response: "A file larger than 1.5MB was uploaded.",`
			`status: 400,`
			`};`
fully added profile photo submission 2023-05-22 07:20:48 -05:00			`}`
feat: refactored login 2023-12-03 14:01:28 -06:00			`} else if (data.image == "") {`
			removeFile({ filePath: `uploads/avatar/${userId}.jpg` });
fully added profile photo submission 2023-05-22 07:20:48 -05:00			`}`
			`}`
added update account functionality 2023-05-20 14:25:00 -05:00
support for bearer tokens 2023-11-02 13:59:31 -05:00			`const previousEmail = (`
			`await prisma.user.findUnique({ where: { id: userId } })`
			`)?.email;`

tab-seperated modals + eslint fix + much more bug fixed and improvements 2023-06-09 17:31:14 -05:00			`// Other settings`

fully implemented email authentication 2023-07-12 13:26:34 -05:00			`const saltRounds = 10;`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`const newHashedPassword = bcrypt.hashSync(data.newPassword \|\| "", saltRounds);`
fully implemented email authentication 2023-07-12 13:26:34 -05:00
added update account functionality 2023-05-20 14:25:00 -05:00			`const updatedUser = await prisma.user.update({`
			`where: {`
support for bearer tokens 2023-11-02 13:59:31 -05:00			`id: userId,`
added update account functionality 2023-05-20 14:25:00 -05:00			`},`
			`data: {`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`name: data.name,`
feat: refactored login 2023-12-03 14:01:28 -06:00			`username: data.username?.toLowerCase().trim(),`
bug fixed 2023-10-23 00:45:31 -05:00			`email: data.email?.toLowerCase().trim(),`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`isPrivate: data.isPrivate,`
support for bearer tokens 2023-11-02 13:59:31 -05:00			image: data.image ? `uploads/avatar/${userId}.jpg` : "",
fully added subcollection tree functionality 2024-03-04 07:56:16 -06:00			`collectionOrder: data.collectionOrder.filter(`
			`(value, index, self) => self.indexOf(value) === index`
			`),`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`archiveAsScreenshot: data.archiveAsScreenshot,`
			`archiveAsPDF: data.archiveAsPDF,`
			`archiveAsWaybackMachine: data.archiveAsWaybackMachine,`
Allow users to choose what clicking links opens 2024-02-08 00:42:58 -06:00			`linksRouteTo: data.linksRouteTo,`
fully implemented email authentication 2023-07-12 13:26:34 -05:00			`password:`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`data.newPassword && data.newPassword !== ""`
fully implemented email authentication 2023-07-12 13:26:34 -05:00			`? newHashedPassword`
			`: undefined,`
added update account functionality 2023-05-20 14:25:00 -05:00			`},`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`include: {`
minor fix 2023-08-04 19:32:13 -05:00			`whitelistedUsers: true,`
code refactoring + many security/bug fixes 2023-11-06 07:25:57 -06:00			`subscriptions: true,`
minor fix 2023-08-04 19:32:13 -05:00			`},`
added update account functionality 2023-05-20 14:25:00 -05:00			`});`

code refactoring + many security/bug fixes 2023-11-06 07:25:57 -06:00			`const { whitelistedUsers, password, subscriptions, ...userInfo } =`
			`updatedUser;`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00
			`// If user.whitelistedUsers is not provided, we will assume the whitelistedUsers should be removed`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`const newWhitelistedUsernames: string[] = data.whitelistedUsers \|\| [];`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00
			`// Get the current whitelisted usernames`
minor fix 2023-08-04 19:32:13 -05:00			`const currentWhitelistedUsernames: string[] = whitelistedUsers.map(`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`(data) => data.username`
minor fix 2023-08-04 19:32:13 -05:00			`);`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00
			`// Find the usernames to be deleted (present in current but not in new)`
			`const usernamesToDelete: string[] = currentWhitelistedUsernames.filter(`
minor fix 2023-08-04 19:32:13 -05:00			`(username) => !newWhitelistedUsernames.includes(username)`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`);`

			`// Find the usernames to be created (present in new but not in current)`
			`const usernamesToCreate: string[] = newWhitelistedUsernames.filter(`
minor fix 2023-08-04 19:32:13 -05:00			`(username) =>`
			`!currentWhitelistedUsernames.includes(username) && username.trim() !== ""`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`);`

			`// Delete whitelistedUsers that are not present in the new list`
			`await prisma.whitelistedUser.deleteMany({`
			`where: {`
support for bearer tokens 2023-11-02 13:59:31 -05:00			`userId: userId,`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`username: {`
			`in: usernamesToDelete,`
			`},`
			`},`
			`});`

			`// Create new whitelistedUsers that are not in the current list, no create many ;(`
			`for (const username of usernamesToCreate) {`
			`await prisma.whitelistedUser.create({`
			`data: {`
			`username,`
support for bearer tokens 2023-11-02 13:59:31 -05:00			`userId: userId,`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`},`
			`});`
			`}`

implemented stripe for the cloud instance 2023-07-15 21:15:43 -05:00			`const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY;`

support for bearer tokens 2023-11-02 13:59:31 -05:00			`if (STRIPE_SECRET_KEY && emailEnabled && previousEmail !== data.email)`
implemented stripe for the cloud instance 2023-07-15 21:15:43 -05:00			`await updateCustomerEmail(`
			`STRIPE_SECRET_KEY,`
support for bearer tokens 2023-11-02 13:59:31 -05:00			`previousEmail as string,`
refactored/cleaned up API + added support for renaming tags 2023-10-22 23:28:39 -05:00			`data.email as string`
implemented stripe for the cloud instance 2023-07-15 21:15:43 -05:00			`);`

better profile photo update logic 2023-06-08 08:39:22 -05:00			`const response: Omit<AccountSettings, "password"> = {`
			`...userInfo,`
add sqlite compatibility + fix whitespace bug collections 2023-08-03 23:33:51 -05:00			`whitelistedUsers: newWhitelistedUsernames,`
refactored how avatars are being handled 2023-10-27 23:45:14 -05:00			image: userInfo.image ? `${userInfo.image}?${Date.now()}` : "",
code refactoring + many security/bug fixes 2023-11-06 07:25:57 -06:00			`subscription: { active: subscriptions?.active },`
better profile photo update logic 2023-06-08 08:39:22 -05:00			`};`

			`return { response, status: 200 };`
added update account functionality 2023-05-20 14:25:00 -05:00			`}`