Files
encoach_ui_odoo19/src/pages/api/users/update.ts
2024-09-07 21:50:29 +01:00

188 lines
6.4 KiB
TypeScript

// Next.js API route support: https://nextjs.org/docs/api-routes/introduction
import type { NextApiRequest, NextApiResponse } from "next";
import { app, storage } from "@/firebase";
import { getFirestore, collection, getDocs, getDoc, doc, setDoc, query, where } from "firebase/firestore";
import { withIronSessionApiRoute } from "iron-session/next";
import { sessionOptions } from "@/lib/session";
import { Group, User } from "@/interfaces/user";
import { getDownloadURL, getStorage, ref, uploadBytes } from "firebase/storage";
import { getAuth, signInWithEmailAndPassword, updateEmail, updatePassword } from "firebase/auth";
import { errorMessages } from "@/constants/errors";
import moment from "moment";
import ShortUniqueId from "short-unique-id";
import { Payment } from "@/interfaces/paypal";
import { toFixedNumber } from "@/utils/number";
import { propagateExpiryDateChanges, propagateStatusChange } from "@/utils/propagate.user.changes";
import client from "@/lib/mongodb";
const db = client.db(process.env.MONGODB_DB);
const auth = getAuth(app);
export default withIronSessionApiRoute(handler, sessionOptions);
// TODO: Data is set as any as data cannot be parsed to Payment
// because the id is not a par of the hash and payment expects date to be of type Date
// but if it is not inserted as a string, some UI components will not work (Invalid Date)
const addPaymentRecord = async (data: any) => {
await db.collection("payments").insertOne(data);
};
const managePaymentRecords = async (user: User, userId: string | undefined): Promise<boolean> => {
try {
if (user.type === "corporate" && userId) {
const shortUID = new ShortUniqueId();
const data: Payment = {
id: shortUID.randomUUID(8),
corporate: userId,
agent: user.corporateInformation.referralAgent,
agentCommission: user.corporateInformation.payment!.commission,
agentValue: toFixedNumber((user.corporateInformation.payment!.commission / 100) * user.corporateInformation.payment!.value, 2),
currency: user.corporateInformation.payment!.currency,
value: user.corporateInformation.payment!.value,
isPaid: false,
date: new Date().toISOString(),
};
const corporatePayments = await db.collection("payments").find({ corporate: userId }).toArray();
if (corporatePayments.length === 0) {
await addPaymentRecord(data);
return true;
}
const hasPaymentPaidAndExpiring = corporatePayments.filter((doc) => {
return (
doc.isPaid &&
moment().isAfter(moment(user.subscriptionExpirationDate).subtract(30, "days")) &&
moment().isBefore(moment(user.subscriptionExpirationDate))
);
});
if (hasPaymentPaidAndExpiring.length > 0) {
await addPaymentRecord(data);
return true;
}
}
return false;
} catch (e) {
// if this process fails it should not stop the rest of the process
console.log(e);
return false;
}
};
async function handler(req: NextApiRequest, res: NextApiResponse) {
if (!req.session.user) {
res.status(401).json({ ok: false });
return;
}
const queryId = req.query.id as string;
let user = await db.collection("users").findOne<User>({ id: queryId ? (queryId as string) : req.session.user.id });
const updatedUser = req.body as User & { password?: string; newPassword?: string };
if (!!queryId) {
await db.collection("users").updateOne(
{ id: queryId },
{ $set: updatedUser }
);
await managePaymentRecords(updatedUser, updatedUser.id);
if (updatedUser.status || updatedUser.type === "corporate") {
// there's no await as this does not affect the user
propagateStatusChange(queryId, updatedUser.status);
propagateExpiryDateChanges(queryId, user?.subscriptionExpirationDate, updatedUser.subscriptionExpirationDate || null);
}
res.status(200).json({ ok: true });
return;
}
if (updatedUser.profilePicture && updatedUser.profilePicture !== req.session.user.profilePicture) {
const profilePictureFiletype = updatedUser.profilePicture.split(";")[0].split("/")[1];
const profilePictureRef = ref(storage, `profile_pictures/${req.session.user.id}.${profilePictureFiletype}`);
const pictureBytes = Buffer.from(updatedUser.profilePicture.split(";base64,")[1], "base64url");
const pictureSnapshot = await uploadBytes(profilePictureRef, pictureBytes);
const pictureReference = ref(storage, pictureSnapshot.metadata.fullPath);
updatedUser.profilePicture = await getDownloadURL(pictureReference);
}
if (updatedUser.newPassword && updatedUser.password) {
try {
const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
await updatePassword(credential.user, updatedUser.newPassword);
} catch {
res.status(400).json({ error: "E001", message: errorMessages.E001 });
return;
}
}
if (updatedUser.email !== req.session.user.email && updatedUser.password) {
try {
const usersWithSameEmail = await db.collection("users").find({ email: updatedUser.email.toLowerCase() }).toArray();
if (usersWithSameEmail.length > 0) {
res.status(400).json({ error: "E003", message: errorMessages.E003 });
return;
}
const credential = await signInWithEmailAndPassword(auth, req.session.user.email, updatedUser.password);
await updateEmail(credential.user, updatedUser.email);
if (req.session.user.type === "student") {
const corporateAdmins = (await db.collection("users").find<User>({ type: "corporate" }).toArray()).map((x) => x.id);
const groups = await db.collection("groups").find<Group>({
participants: req.session.user!.id,
admin: { $in: corporateAdmins }
}).toArray();
groups.forEach(async (group) => {
await db.collection("groups").updateOne(
{ id: group.id },
{ $set: { participants: group.participants.filter((x) => x !== req.session.user!.id) } }
);
});
}
} catch {
res.status(400).json({ error: "E002", message: errorMessages.E002 });
return;
}
}
if (updatedUser.status) {
// there's no await as this does not affect the user
propagateStatusChange(req.session.user.id, updatedUser.status);
}
delete updatedUser.password;
delete updatedUser.newPassword;
await db.collection("users").updateOne(
{ id: queryId },
{ $set: updatedUser }
);
user = await db.collection("users").findOne<User>({ id: req.session.user.id });
if (!queryId) {
req.session.user = user ? user : null;
await req.session.save();
}
if (user) {
await managePaymentRecords(user, queryId);
}
res.status(200).json({ user });
}
export const config = {
api: {
bodyParser: {
sizeLimit: "20mb",
},
},
};