users.js

// These methods handle the User-related routes.

var mongodb = require('mongodb');
var Parse = require('parse/node').Parse;
var rack = require('hat').rack();

var Auth = require('./Auth');
var crypto = require('./crypto');
var facebook = require('./facebook');
var PromiseRouter = require('./PromiseRouter');
var rest = require('./rest');
var RestWrite = require('./RestWrite');

var router = new PromiseRouter();

// Returns a promise for a {status, response, location} object.
function handleCreate(req) {
  return rest.create(req.config, req.auth,
                     '_User', req.body);
}

// Returns a promise for a {response} object.
function handleLogIn(req) {

  // Use query parameters instead if provided in url
  if (!req.body.username && req.query.username) {
    req.body = req.query;
  }

  // TODO: use the right error codes / descriptions.
  if (!req.body.username) {
    throw new Parse.Error(Parse.Error.USERNAME_MISSING,
                          'username is required.');
  }
  if (!req.body.password) {
    throw new Parse.Error(Parse.Error.PASSWORD_MISSING,
                          'password is required.');
  }

  var user;
  return req.database.find('_User', {username: req.body.username})
    .then((results) => {
      if (!results.length) {
        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                              'Invalid username/password.');
      }
      user = results[0];
      return crypto.compare(req.body.password, user.password);
    }).then((correct) => {
      if (!correct) {
        throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                              'Invalid username/password.');
      }
      var token = 'r:' + rack();
      user.sessionToken = token;
      delete user.password;

      var sessionData = {
        sessionToken: token,
        user: {
          __type: 'Pointer',
          className: '_User',
          objectId: user.objectId
        },
        createdWith: {
          'action': 'login',
          'authProvider': 'password'
        },
        restricted: false,
        expiresAt: 0,
        installationId: req.info.installationId
      };
      var create = new RestWrite(req.config, Auth.master(req.config),
                                 '_Session', null, sessionData);
      return create.execute();
    }).then(() => {
      return {response: user};
    });
}

// Returns a promise that resolves to a {response} object.
// TODO: share code with classes.js
function handleFind(req) {
  var options = {};
  if (req.body.skip) {
    options.skip = Number(req.body.skip);
  }
  if (req.body.limit) {
    options.limit = Number(req.body.limit);
  }
  if (req.body.order) {
    options.order = String(req.body.order);
  }
  if (req.body.count) {
    options.count = true;
  }
  if (typeof req.body.keys == 'string') {
    options.keys = req.body.keys;
  }
  if (req.body.include) {
    options.include = String(req.body.include);
  }
  if (req.body.redirectClassNameForKey) {
    options.redirectClassNameForKey = String(req.body.redirectClassNameForKey);
  }

  return rest.find(req.config, req.auth,
                   '_User', req.body.where, options)
  .then((response) => {
    return {response: response};
  });

}

// Returns a promise for a {response} object.
function handleGet(req) {
  return rest.find(req.config, req.auth, '_User',
                   {objectId: req.params.objectId})
  .then((response) => {
    if (!response.results || response.results.length == 0) {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                            'Object not found.');
    } else {
      return {response: response.results[0]};
    }
  });
}

function handleMe(req) {
  if (!req.info || !req.info.sessionToken) {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                            'Object not found.');
  }
  return rest.find(req.config, Auth.master(req.config), '_Session',
                   {_session_token: req.info.sessionToken},
                   {include: 'user'})
  .then((response) => {
    if (!response.results || response.results.length == 0 ||
        !response.results[0].user) {
      throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND,
                            'Object not found.');
    } else {
      var user = response.results[0].user;
      return {response: user};
    }
  });
}

function handleDelete(req) {
  return rest.del(req.config, req.auth,
                  req.params.className, req.params.objectId)
  .then(() => {
    return {response: {}};
  });
}

function handleUpdate(req) {
  return rest.update(req.config, req.auth, '_User',
                     req.params.objectId, req.body)
  .then((response) => {
    return {response: response};
  });
}

function notImplementedYet(req) {
  throw new Parse.Error(Parse.Error.COMMAND_UNAVAILABLE,
                        'This path is not implemented yet.');
}

router.route('POST', '/users', handleCreate);
router.route('GET', '/login', handleLogIn);
router.route('GET', '/users/me', handleMe);
router.route('GET', '/users/:objectId', handleGet);
router.route('PUT', '/users/:objectId', handleUpdate);
router.route('GET', '/users', handleFind);
router.route('DELETE', '/users/:objectId', handleDelete);

router.route('POST', '/requestPasswordReset', notImplementedYet);

module.exports = router;