GEOLYTIX · RobAndrewHurst · Jun 24, 2024 · May 20, 2024 · Jun 4, 2024 · Jun 4, 2024
diff --git a/mod/user/_user.js b/mod/user/_user.js
@@ -1,84 +1,71 @@
 /**
+## /user/_user
+
+The _user module exports the user method to route User API requests.
+
+- admin
+- register
+- verify
+- add
+- delete
+- update
+- list
+- log
+- key
+- token
+- cookie
+- login
+
 @module /user
 */
 
 const reqHost = require('../utils/reqHost')
 
-const view = require('../view')
-
 const methods = {
-  admin: {
-    handler: (req, res) => {
-      req.params.template = 'user_admin_view'
-      req.params.language = req.params.user.language
-      req.params.user = req.params.user.email
-      view(req, res)
-    },
-    admin: true
-  },
-  register: {
-    handler: require('./register')
-  },
-  verify: {
-    handler: require('./verify')
-  },
-  add: {
-    handler: require('./add'),
-    admin: true
-  },
-  delete: {
-    handler: require('./delete'),
-    admin: true
-  },
-  update: {
-    handler: require('./update'),
-    admin: true
-  },
-  list: {
-    handler: require('./list'),
-    admin: true
-  },
-  log: {
-    handler: require('./log'),
-    admin: true
-  },
-  key: {
-    handler: require('./key'),
-    login: true
-  },
-  token: {
-    handler: require('./token'),
-    login: true
-  },
-  cookie: {
-    handler: require('./cookie')
-  },
-  login: {
-    handler: require('./login')
-  }
+  admin: require('./admin'),
+  register: require('./register'),
+  verify: require('./verify'),
+  add: require('./add'),
+  delete: require('./delete'),
+  update: require('./update'),
+  list: require('./list'),
+  log: require('./log'),
+  key: require('./key'),
+  token: require('./token'),
+  cookie: require('./cookie'),
+  login: require('./login')
 }
 
-module.exports = async (req, res) => {
+/**
+### user(req, res)
+
+The Mapp API uses the user method to lookup and route User API requests.
+
+The route method assigns the host param from /utils/reqHost before the request and response arguments are passed a User API method identified by the method param.
 
-  const method = methods[req.params.method]
+The method request parameter must be an own member of the methods object, eg. `admin`, `register`, `verify`, `add`, `delete`, `update`, `list`, `log`, `key`, `token`, `cookie`, or `login`.
+
+@function user
+@param {Object} [req] HTTP request.
+@param {Object} [res] HTTP response.
+@param {Object} [req.params] Request parameter.
+@param {string} [req.params.method] Method request parameter.
+*/
+
+module.exports = async function user(req, res) {
+
+  if (!Object.hasOwn(methods, req.params.method)) {
 
-  if (!method) {
     return res.send(`Failed to evaluate 'method' param.`)
   }
 
   req.params.host = reqHost(req)
 
-  if (!req.params.user && (method.login || method.admin)) {
+  const method = await methods[req.params.method](req, res)
 
-    req.params.msg = 'login_required'
-    return methods.login.handler(req, res)
-  }
-
-  if (req.params.user && (!req.params.user.admin && method.admin)) {
+  if (method instanceof Error) {
 
-    req.params.msg = 'admin_required'
-    return methods.login.handler(req, res)
+    req.params.msg = method.message
+    methods.login(req, res)
   }
-
-  method.handler(req, res)
 }
diff --git a/mod/user/add.js b/mod/user/add.js
@@ -13,6 +13,16 @@ module.exports = async (req, res) => {
     return res.status(500).send('Missing email param')
   }
 
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
+  if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
   const email = req.params.email.replace(/\s+/g, '')
 
   // Delete exsiting user account with same email in ACL.

diff --git a/mod/user/admin.js b/mod/user/admin.js
@@ -0,0 +1,19 @@
+const view = require('../view')
+
+module.exports = async (req, res) => {
+
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
+  if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
+  req.params.template = 'user_admin_view'
+  req.params.language = req.params.user.language
+  req.params.user = req.params.user.email
+  view(req, res)
+}
diff --git a/mod/user/cookie.js b/mod/user/cookie.js
@@ -10,6 +10,8 @@ const acl = require('./acl')
 
 module.exports = async (req, res) => {
 
+  if (!acl) return res.status(500).send('ACL unavailable.')
+
   const cookie = req.cookies && req.cookies[process.env.TITLE]
 
   if (!cookie) {

diff --git a/mod/user/delete.js b/mod/user/delete.js
@@ -8,8 +8,31 @@ const mailer = require('../utils/mailer')
 
 module.exports = async (req, res) => {
 
+  if (!acl) return res.status(500).send('ACL unavailable.')
+
+  if (!req.params.email) {
+
+    return res.status(500).send('Missing email param')
+  }
+
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
   const email = req.params.email.replace(/\s+/g, '')
 
+  // A user may remove themselves from the ACL.
+  if (req.params.user?.email === email) {
+
+    // The cookie must be set to null on successful return from delete method.
+    res.setHeader('Set-Cookie', `${process.env.TITLE}=null;HttpOnly;Max-Age=0;Path=${process.env.DIR || '/'}`)
+    console.log(`${email} removed themselves`)
+  } else if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
   // Delete user account in ACL.
   let rows = await acl(`
     DELETE FROM acl_schema.acl_table

diff --git a/mod/user/key.js b/mod/user/key.js
@@ -24,6 +24,18 @@ const jwt = require('jsonwebtoken')
 
 module.exports = async (req, res) => {
 
+  if (!acl) return res.status(500).send('ACL unavailable.')
+
+  if (!req.params.email) {
+
+    return res.status(500).send('Missing email param')
+  }
+
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
   // Get user from ACL.
   let rows = await acl(`
     SELECT * FROM acl_schema.acl_table

diff --git a/mod/user/list.js b/mod/user/list.js
@@ -17,40 +17,34 @@ const acl = require('./acl')
  */
 module.exports = async (req, res) => {
 
-  /**
-  @typedef {Object} acl
-  @property {string} email
-  @property {bool} verified
-  @property {bool} approved
-  @property {bool} admin
-  @property {bool} api
-  @property {array} roles
-  @property {string} language
-  @property {array} access_log
-  @property {int} failedattempts
-  @property {string} approved_by
-  @property {string} expires_on
-  @property {bool} blocked
-  @property {string} verificationtoken
-  */
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
+  if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
   let rows = await acl(`
-  SELECT
-    email,
-    verified,
-    approved,
-    admin,
-    length(api)::boolean AS api,
-    roles,
-    language,
-    access_log[array_upper(access_log, 1)],
-    failedattempts,
-    approved_by,
-    ${process.env.APPROVAL_EXPIRY ? 'expires_on,' : ''}
-    blocked,
-    verificationtoken
-  FROM acl_schema.acl_table
-  ${req.params.email ? `WHERE email='${req.params.email}'`: ''}
-  ORDER BY email;`)
+    SELECT
+      email,
+      verified,
+      approved,
+      admin,
+      length(api)::boolean AS api,
+      roles,
+      language,
+      access_log[array_upper(access_log, 1)],
+      failedattempts,
+      approved_by,
+      ${process.env.APPROVAL_EXPIRY ? 'expires_on,' : ''}
+      blocked,
+      verificationtoken
+    FROM acl_schema.acl_table
+    ${req.params.email ? `WHERE email='${req.params.email}'`: ''}
+    ORDER BY email;`)
 
   if (rows instanceof Error) return res.status(500).send('Failed to query PostGIS table.')
 

diff --git a/mod/user/log.js b/mod/user/log.js
@@ -6,6 +6,23 @@ const acl = require('./acl')
 
 module.exports = async (req, res) => {
 
+  if (!acl) return res.status(500).send('ACL unavailable.')
+
+  if (!req.params.email) {
+
+    return res.status(500).send('Missing email param')
+  }
+
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
+  if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
   const rows = await acl(`
   SELECT access_log
   FROM acl_schema.acl_table

diff --git a/mod/user/token.js b/mod/user/token.js
@@ -6,6 +6,11 @@ const jwt = require('jsonwebtoken')
 
 module.exports = async (req, res) => {
 
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
   const user = req.params.user
 
   if (user.from_token) return res.send('Token may not be generated from token authentication.')

diff --git a/mod/user/update.js b/mod/user/update.js
@@ -10,6 +10,18 @@ const languageTemplates = require('../utils/languageTemplates')
 
 module.exports = async (req, res) => {
 
+  if (!acl) return res.status(500).send('ACL unavailable.')
+
+  if (!req.params.user) {
+
+    return new Error('login_required')
+  }
+
+  if (!req.params.user?.admin) {
+
+    return new Error('admin_required')
+  }
+
   // Remove spaces from email.
   const email = req.params.email.replace(/\s+/g, '')