add option to update data of user (.put)

Author: patchamama

controllers/userController.js

@@ -4,6 +4,7 @@
 const bcrypt = require('bcrypt')
 const router = require('express').Router()
 const User = require('../models/user')
+const { userExtractor } = require('../utils/middleware')
 
 // Post a new user to the database
 router.post('/', async (request, response) => {
@@ -33,6 +34,44 @@ router.post('/', async (request, response) => {
   response.status(201).json(savedUser)
 })
 
+// update a user data
+router.put('/:id', userExtractor, async (request, response) => {
+  // const userdata = await User.findById(request.params.id)
+  const { username, name, password, email } = request.body
+
+  const user = request.user
+
+  // only the user can update their own data
+  if (!user || request.params.id.toString() !== user.id.toString()) {
+    return response.status(401).json({ error: 'operation not permitted' })
+  }
+
+  // Check that the password is at least 3 characters long
+  if (!password || password.length < 3) {
+    return response.status(400).json({
+      error: '`password` is shorter than the minimum allowed length (3)',
+    })
+  }
+
+  // saltRounds is the number of times the password is hashed
+  const saltRounds = 10
+  const passwordHash = await bcrypt.hash(password, saltRounds)
+
+  const updatedUser = await User.findByIdAndUpdate(
+    request.params.id,
+    {
+      username,
+      name,
+      email,
+      passwordHash,
+      // Add new fields to be updated here
+    },
+    { new: true }
+  )
+
+  response.json(updatedUser)
+})
+
 // Get all users
 router.get('/', async (request, response) => {
   // Populate the prototypes field with the title of the prototype

requests/login.rest

@@ -1,4 +1,5 @@
 ###
+# Create a new user
 POST http://localhost:3003/api/users
 Content-Type: application/json
 
@@ -11,6 +12,7 @@ Content-Type: application/json
 
 
 ###
+# Login with the user and take the token
 POST http://localhost:3003/api/login
 Content-Type: application/json
 

requests/CRUD_prototypes.rest requests/prototype.restrequests/CRUD_prototypes.rest renamed to requests/prototype.rest

@@ -1,17 +1,19 @@
 ###
+# Get all prototypes with success (not need token)
 GET http://localhost:3003/api/prototypes
-Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmVkMjkyM2EyMDYzZGIyYzAzYmJjNyIsImlhdCI6MTY5NDQyODYzNiwiZXhwIjoxNjk0NDMyMjM2fQ.Z5GHfVEJgYwC_TVS6eBmWYrG6j5etoNpqg4TUkpEfRU
 
 ###
+# Login with success to get token
 POST http://localhost:3003/api/login
 Content-Type: application/json
 
 {
     "username": "root",
-    "password": "test"
+    "password": "test123"
 }
 
 ###
+# Create a prototype with success (token provided)
 POST http://localhost:3003/api/prototypes
 Content-Type: application/json
 Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmY5NjUzNmU1NjFkOTg2MDkyYWY1ZiIsImlhdCI6MTY5NDQ3MjA2MX0.pcBkU-C2mopwEoBsqnsv6zl5bOLBCeJmfAZQ3_HHABw
@@ -22,6 +24,17 @@ Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb
 }
 
 ###
+# Update a prototype
+PUT http://localhost:3003/api/prototypes/64ff96536e561d986092af5f
+Content-Type: application/json
+Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmY5NjUzNmU1NjFkOTg2MDkyYWY1ZiIsImlhdCI6MTY5NDYxMzU5Nn0.RQ8rtgOAET2zPP49M77XPXtm750wiaGFpC4raHbh2nQ
+
+{
+"title": "El nuevo ocaso 2",
+}
+
+###
+# Update a prototype with token 
 POST http://localhost:3003/api/prototypes
 Content-Type: application/json
 Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmY5NjUzNmU1NjFkOTg2MDkyYWY1ZiIsImlhdCI6MTY5NDQ3MjA2MX0.pcBkU-C2mopwEoBsqnsv6zl5bOLBCeJmfAZQ3_HHABw
@@ -32,19 +45,21 @@ Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb
 }
 
 ###
-DELETE http://localhost:3003/api/prototypes/64feedea0f268b96ab900f3e
-Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmVkMjkyM2EyMDYzZGIyYzAzYmJjNyIsImlhdCI6MTY5NDQyODYzNiwiZXhwIjoxNjk0NDMyMjM2fQ.Z5GHfVEJgYwC_TVS6eBmWYrG6j5etoNpqg4TUkpEfRU
+# Delete a prototype with success (token provided)
+DELETE http://localhost:3003/api/prototypes/6501c28cafdaa3643dcd0633
+Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmY5NjUzNmU1NjFkOTg2MDkyYWY1ZiIsImlhdCI6MTY5NDYxNDIxOX0.Euwz-1ZdOhVHGK52vaXQa_s0K9p5jslbm7OynqtNHN0
 
 
 ###
+# Create a prototype withou token
 POST http://localhost:3003/api/prototypes
 Content-Type: application/json
 
 {
   "title": "Test of blog title 2",
-  "userId": "64fed2923a2063db2c03bbc7"
 }
 
 ###
-DELETE http://localhost:3003/api/prototypes/64fdd30b5e8ccd4fa2a5ac26
+# Delete a prototype with error (not token provided)
+DELETE http://localhost:3003/api/prototypes/6501c28cafdaa3643dcd0633
 

requests/add_new_user.rest requests/user.restrequests/add_new_user.rest renamed to requests/user.rest

@@ -1,3 +1,4 @@
+# Create a new user
 POST http://localhost:3003/api/users
 Content-Type: application/json
 
@@ -9,6 +10,7 @@ Content-Type: application/json
 }
 
 ###
+# Create a new user
 POST http://localhost:3003/api/users
 Content-Type: application/json
 
@@ -22,5 +24,18 @@ Content-Type: application/json
 ###
 GET http://localhost:3003/api/users/
 
+###
+# Update a user
+PUT http://localhost:3003/api/users/64ff96536e561d986092af5f
+Content-Type: application/json
+Authorization: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6InJvb3QiLCJpZCI6IjY0ZmY5NjUzNmU1NjFkOTg2MDkyYWY1ZiIsImlhdCI6MTY5NDYxMzU5Nn0.RQ8rtgOAET2zPP49M77XPXtm750wiaGFpC4raHbh2nQ
+
+{
+  "username": "root",
+  "name": "Superuser",
+  "password": "test123",
+  "email": "myemail@email.com"
+}
+
 ###
 DELETE http://localhost:3003/api/users/64ff96297079dd5a4d82316f