Refactoring

2017-09-05 22:47:29 -07:00 · 2017-09-05 22:47:29 -07:00 · 5b6f86668a
commit 5b6f86668a
parent 3eb97bab6a
6 changed files with 103 additions and 22 deletions
--- a/src/web/routes/account/data.js
+++ b/src/web/routes/account/data.js
@ -75,8 +75,8 @@ function reportError(req, res, error) {
 }

 class AccountDataRoute {
-    constructor(accountDB, channelDB, csrfVerify, verifySessionAsync) {
-        this.accountDB = accountDB;
+    constructor(accountController, channelDB, csrfVerify, verifySessionAsync) {
+        this.accountController = accountController;
        this.channelDB = channelDB;
        this.csrfVerify = csrfVerify;
        this.verifySessionAsync = verifySessionAsync;
@ -88,22 +88,9 @@ class AccountDataRoute {
        if (!await authorize(req, res, this.csrfVerify, this.verifySessionAsync)) return;

        try {
-            const user = await this.accountDB.getByName(req.params.user);
+            const user = await this.accountController.getAccount(req.params.user);

-            if (user) {
-                // Whitelist fields to expose, to avoid accidental
-                // information leaks when new fields are added.
-                const result = {
-                    name: user.name,
-                    email: user.email,
-                    profile: user.profile,
-                    time: user.time
-                };
-
-                res.status(200).json({ result });
-            } else {
-                res.status(404).json({ result: null });
-            }
+            res.status(user === null ? 404 : 200).json({ result: user });
        } catch (error) {
            reportError(req, res, error);
        }
@ -114,7 +101,14 @@ class AccountDataRoute {
        if (!checkAcceptsJSON(req, res)) return;
        if (!await authorize(req, res, this.csrfVerify, this.verifySessionAsync)) return;

-        res.status(501).json({ error: 'Not implemented' });
+        const { password, updates } = req.body;
+
+        try {
+            this.accountController.updateAccount(req.user, updates, password);
+            res.status(204).send();
+        } catch (error) {
+            reportError(req, res, error);
+        }
    }

    @GET('/account/data/:user/channels')
--- a/src/web/webserver.js
+++ b/src/web/webserver.js
@ -193,7 +193,7 @@ module.exports = {
        channelIndex,
        session,
        globalMessageBus,
-        accountDB,
+        accountController,
        channelDB
    ) {
        patchExpressToHandleAsync();
@ -209,6 +209,9 @@ module.exports = {
            extended: false,
            limit: '1kb' // No POST data should ever exceed this size under normal usage
        }));
+        app.use(bodyParser.json({
+            limit: '1kb'
+        }));
        if (webConfig.getCookieSecret() === 'change-me') {
            LOGGER.warn('The configured cookie secret was left as the ' +
                    'default of "change-me".');
@ -261,7 +264,12 @@ module.exports = {
            const { AccountDataRoute } = require('./routes/account/data');
            require('@calzoneman/express-babel-decorators').bind(
                app,
-                new AccountDataRoute(accountDB, channelDB, csrfVerify, verifySessionAsync)
+                new AccountDataRoute(
+                    accountController,
+                    channelDB,
+                    csrfVerify,
+                    verifySessionAsync
+                )
            );
        }