Anjing Webshells

Website : rimsha.abasa.com
: / var / www / mudeerapi.abasa.com / nodetest-backup30April26 / src / routes /
Filename : user.routes.js
back
// src/routes/user.routes.js
import express from 'express';
import multer from 'multer';
import multerS3 from 'multer-s3';
import { S3Client } from '@aws-sdk/client-s3';
import crypto from 'crypto';
import checkAuth from '../middlewares/check-auth.js';
import { checkRole } from '../middlewares/checkRole.js';
import { 
    signup, 
    login, 
    getUsers, 
    getEmployeeById, 
    updateUser,
    updateFinancialSettings,
    updatePassword,
    uploadProfilePicture,
    test, 
    requestPasswordOtp, 
    verifyOtpAndResetPassword,
    updateFcmToken,
    deleteUserData,
    deactivateUser,
    reactivateUser
} from '../controllers/user.controller.js';

const router = express.Router();

const s3Client = new S3Client({
    region: process.env.AWS_REGION,
    credentials: {
        accessKeyId: process.env.AWS_ACCESS_KEY_ID,
        secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
    },
});

const pfpUpload = multer({
    storage: multerS3({
        s3: s3Client,
        bucket: process.env.AWS_BUCKET_NAME || 'mudeer-bucket',
        contentType: multerS3.AUTO_CONTENT_TYPE,
        metadata: (req, file, cb) => cb(null, { fieldName: file.fieldname }),
        key: (req, file, cb) => {
            const ext =
                file.mimetype === 'image/png'
                    ? 'png'
                    : file.mimetype === 'image/webp'
                        ? 'webp'
                        : 'jpg';
            const nonce = crypto.randomBytes(8).toString('hex');
            cb(null, `pfps/${req.params.id}/${Date.now()}-${nonce}.${ext}`);
        },
    }),
    limits: { fileSize: 2 * 1024 * 1024 },
    fileFilter: (req, file, cb) => {
        const allowed = ['image/jpeg', 'image/png', 'image/webp'];
        if (allowed.includes(file.mimetype)) cb(null, true);
        else cb(new Error('Only JPEG, PNG and WebP images are allowed'));
    },
});

router.post('/signup', signup);
router.put('/:id/updateUser', checkAuth, checkRole(['super_admin', 'admin']), updateUser);
router.put('/:id/financial-settings', checkAuth, updateFinancialSettings);
router.put('/updatePassword', checkAuth, updatePassword);
router.get('/test', test);
router.put('/fcm-token', checkAuth, updateFcmToken);
router.put('/deactivate/:id', checkAuth, checkRole(['super_admin', 'admin']), deactivateUser);
router.put('/reactivate/:id', checkAuth, checkRole(['super_admin', 'admin']), reactivateUser);
router.delete('/delete/:id', checkAuth, checkRole(['super_admin', 'admin']), deleteUserData);

router.post('/login', login);
router.get('/', checkAuth, getUsers);
router.get('/Employee/:id', checkAuth, getEmployeeById);

router.post('/:id/profile-picture', checkAuth, (req, res, next) => {
    pfpUpload.single('profilePicture')(req, res, (err) => {
        if (err) {
            return res.status(400).json({ error: err.message || 'Upload failed' });
        }
        uploadProfilePicture(req, res);
    });
});

router.post('/request/password/otp', requestPasswordOtp );
router.post('/password/reset-otp', verifyOtpAndResetPassword );

export default router;