const express = require('express');
const mongoose = require('mongoose');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const { fetchAdmin } = require('../controllers/fetchAdmin');
const { Admin } = require('../models/Admin');
const { adminAuth } = require('../middlewares/adminAuth');
const { User } = require('../models/User');
const {signUpBody, loginBody} = require('../types');
const router = express.Router();
router.post('/signUp', async (req, res) => {
try {
const {success} = signUpBody.safeParse(req.body);
if (!success) {
res.status(404).json({message:"Invalid Details"});
return;
}
// checking for existing user
let userExists = await fetchAdmin(req.body.email);
if (userExists) {
res.status(404).json({message:"Admin already exists"});
return;
}
let { name, email, phone, password } = req.body;
let salt = await bcrypt.genSalt(10);
let hash = await bcrypt.hash(password, salt);
let createdUser = await Admin.create({
name,
email,
phone,
password: hash
})
if (createdUser) {
let userId = createdUser._id.toString();
let token = jwt.sign({
userId: userId,
isAdmin: true
}, process.env.SECRET_KEY);
res.status(200).json({
message: "Admin created successfully",
token: token
});
} else {
console.log(createdUser);
res.status(500).json({message:"failed to create Admin"});
}
} catch (err) {
console.log(err);
res.json({message: "Api Call Failed"});
}
});
router.post('/signin', async (req, res) => {
try {
let {success} = loginBody.safeParse(req.body);
if (!success) {
res.json({message: "Invalid Credentials"});
return;
}
let userExists = await fetchAdmin(req.body.email);
if (!userExists) {
res.json({message: "Admin does not exist"});
return;
}
const checkPassword = await bcrypt.compare(req.body.password, userExists.password);
if (checkPassword) {
let token = jwt.sign({
userId: userExists._id,
isAdmin: true
}, process.env.SECRET_KEY);
return res.status(200).json({
message: "success",
token: token
})
} else {
return res.json({
message: "Password is incorrect"
})
}
} catch (err) {
console.log(err);
res.json({message: "Api Call Failed"});
}
});
router.put('/edit', adminAuth, async (req, res) => {
try {
let edited = false;
let userId = req.userId;
if (req.body.name) {
await Admin.updateOne({_id: userId}, {name: req.body.name});
edited = true;
}
if (req.body.phone) {
await Admin.updateOne({_id: userId}, {phone: req.body.phone});
edited = true;
}
if (req.body.password) {
let password = req.body.password;
if (password.length >= 6) {
let salt = await bcrypt.genSalt(10);
let hash = await bcrypt.hash(password, salt);
await Admin.updateOne({_id: userId}, {password: hash});
edited = true;
} else {
res.json({message:"The password must be at least 6 characters"});
return;
}
}
if (edited) {
res.status(200).json({message:"Profile updated successfuly"});
} else {
res.status(500).json({message:"failed to update user"});
}
} catch (err) {
console.log(err);
res.json({message: "Api Call Failed"});
}
});
// fetching all users, excluding user passwords
router.get('/allusers', adminAuth, async (req, res) => {
try {
let users = await User.find().select('-password');
if (users.length > 0) {
res.json({users});
} else {
res.json({message: "No Users found"});
}
} catch (err) {
console.log(err);
res.json({message: "Api Call Failed"});
}
});
router.delete('/deleteUser/:id?', adminAuth, async (req, res) => {
try {
let user = req.params.id;
user = new mongoose.Types.ObjectId(user);
if (user) {
let isValid = mongoose.Types.ObjectId.isValid(user);
if (!isValid) {
res.json({ message: 'Invalid User Id'});
return;
}
let {deletedCount} = await User.deleteOne({_id: user});
if (deletedCount) {
res.json({message: "User deleted successfully"});
return;
} else {
res.status(500).json({message: "failed to delete user"});
return;
}
}
res.json({message: "Provide a valid User ID"});
} catch (err) {
console.log(err);
res.json({message: "Api Call Failed"});
}
});
module.exports = router;