HackRU-Backend/src/functions/read/handler.ts at 8e62352d13aae6778bf0c85ccb77f697bad3b575 · HackRU/HackRU-Backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
import type { ValidatedEventAPIGatewayProxyEvent } from '@libs/api-gateway';
import { middyfy } from '@libs/lambda';
import schema from './schema';
import { MongoDB, validateToken, ensureRoles } from '../../util';
import * as path from 'path';
import * as dotenv from 'dotenv';
dotenv.config({ path: path.resolve(process.cwd(), '.env') });

const read: ValidatedEventAPIGatewayProxyEvent<typeof schema> = async (event) => {
  try {
    // Check if token is valid
    const isValidToken = validateToken(event.body.auth_token, process.env.JWT_SECRET, event.body.auth_email);
    if (!isValidToken) {
      return {
        statusCode: 401,
        body: JSON.stringify({
          statuscode: 401,
          message: 'Unauthorized',
        }),
      };
    }

    // Connect to DB
    const db = MongoDB.getInstance(process.env.MONGO_URI);
    await db.connect();
    const users = db.getCollection('users');

    // Ensure auth user exists
    const authUser = await users.findOne({ email: event.body.auth_email });
    if (!authUser) {
      return {
        statusCode: 404,
        body: JSON.stringify({
          statuscode: 404,
          message: 'Auth user not found.',
        }),
      };
    }

    // Ensure user has proper role
    const roles = ['hacker', 'director', 'organizer'];
    if (!ensureRoles(authUser.role, roles)) {
      return {
        statusCode: 401,
        body: JSON.stringify({
          statusCode: 401,
          message: 'Unauthorized. Auth user is not an organizer/director/hacker.',
        }),
      };
    }

    const lookupEmail = event.body.email.toLowerCase();

    // Ensures user can only look up their own information
    if (
      !authUser.role['director'] &&
      !authUser.role['organizer'] &&
      (authUser.email !== lookupEmail || event.body.all)
    ) {
      return {
        statusCode: 403,
        body: JSON.stringify({
          statusCode: 403,
          message: 'Hackers can only look up their own information.',
        }),
      };
    }

    // Find the user
    // eslint-disable-next-line @typescript-eslint/naming-convention
    if (!event.body.all) {
      const lookUpUser = await users.findOne({ email: lookupEmail }, { projection: { password: 0, _id: 0 } }); // exclude password and id
      if (!lookUpUser) {
        return {
          statusCode: 404,
          body: JSON.stringify({
            statusCode: 404,
            message: 'Look-up user not found.',
          }),
        };
      }

      // Return user data
      return {
        statusCode: 200,
        body: JSON.stringify(lookUpUser),
      };
    } else {
      const lookUpAllUsers = await users.find({}, { projection: { password: 0, _id: 0 } }).toArray(); // exclude password and id
      if (!lookUpAllUsers) {
        return {
          statusCode: 404,
          body: JSON.stringify({
            statusCode: 404,
            message: 'Look-up all users not found.',
          }),
        };
      }

      // Return user data
      return {
        statusCode: 200,
        body: JSON.stringify(lookUpAllUsers),
      };
    }
  } catch (error) {
    console.error('Error reading user:', error);
    return {
      statusCode: 500,
      body: JSON.stringify({
        statusCode: 500,
        message: 'Internal server error.',
        error,
      }),
    };
  }
};

export const main = middyfy(read);