canopy/src/controllers/api/admin/passwordResetController.js

/*Canopy - The next generation of stoner streaming software
Copyright (C) 2024-2025 Rainbownapkin and the TTN Community

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as
published by the Free Software Foundation, either version 3 of the
License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <https://www.gnu.org/licenses/>.*/

//config
const config = require('../../../../config.json');

//npm imports
const {validationResult, matchedData} = require('express-validator');

//local imports
const {userModel} = require('../../../schemas/user/userSchema');
const passwordResetModel = require("../../../schemas/user/passwordResetSchema");
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');

module.exports.post = async function(req, res){
    try{
        //check for validation errors
        const validResult = validationResult(req);

        //if none
        if(validResult.isEmpty()){
            //grab validated/sanatized data
            const {user} = matchedData(req);
            //Find user from input
            const userDB = await userModel.findOne({user});

            //If we're proxied use passthrough IP
            const ip = config.proxied ? req.headers['x-forwarded-for'] : req.ip;

            //If there is no user
            if(userDB == null){
                //Scream
                return errorHandler(res, "User not found.", "Bad Query.");
            }

            //Generate the password reset link
            const requestDB = await passwordResetModel.create({user: userDB._id, ipHash: ip});

            //send URL
            res.status(200);
            return res.send({url: requestDB.getResetURL()});
        //otherwise scream
        }else{
            res.status(400);
            return res.send({errors: validResult.array()})
        }
    }catch(err){
        return exceptionHandler(res, err);
    }
}