Refaktoriere Controller-Methoden zur Benutzer-, Event- und Menü-Datenverwaltung, indem die Logik in separate Service-Klassen ausgelagert wird. Implementiere eine verbesserte Fehlerbehandlung und sichere Rückgaben. Füge eine neue Route zur Passwortänderung im Benutzer-Router hinzu.
This commit is contained in:
Torsten Schulz (local)
@@ -1,104 +1,42 @@
|
||||
const { User } = require('../models');
|
||||
const UserService = require('../services/UserService');
|
||||
const UserValidator = require('../validators/UserValidator');
|
||||
const ErrorHandler = require('../utils/ErrorHandler');
|
||||
|
||||
exports.getAllUsers = async (req, res) => {
|
||||
try {
|
||||
const users = await User.findAll({
|
||||
order: [['name', 'ASC']],
|
||||
attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
|
||||
});
|
||||
res.status(200).json(users);
|
||||
} catch (error) {
|
||||
console.error('Error fetching users:', error);
|
||||
res.status(500).json({ message: 'Error fetching users' });
|
||||
}
|
||||
};
|
||||
exports.getAllUsers = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
const users = await UserService.getAllUsers();
|
||||
ErrorHandler.successResponse(res, users, 'Benutzer erfolgreich abgerufen');
|
||||
});
|
||||
|
||||
exports.getUserById = async (req, res) => {
|
||||
try {
|
||||
const user = await User.findByPk(req.params.id, {
|
||||
attributes: ['id', 'name', 'email', 'active', 'created_at'] // Passwort ausschließen
|
||||
});
|
||||
if (user) {
|
||||
res.status(200).json(user);
|
||||
} else {
|
||||
res.status(404).json({ message: 'User not found' });
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error fetching user:', error);
|
||||
res.status(500).json({ message: 'Error fetching user' });
|
||||
}
|
||||
};
|
||||
exports.getUserById = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
UserValidator.validateId(req.params.id);
|
||||
const user = await UserService.getUserById(req.params.id);
|
||||
ErrorHandler.successResponse(res, user, 'Benutzer erfolgreich abgerufen');
|
||||
});
|
||||
|
||||
exports.createUser = async (req, res) => {
|
||||
try {
|
||||
const user = await User.create(req.body);
|
||||
|
||||
// Sichere User-Daten zurückgeben (ohne Passwort)
|
||||
const safeUser = {
|
||||
id: user.id,
|
||||
name: user.name,
|
||||
email: user.email,
|
||||
active: user.active,
|
||||
created_at: user.created_at
|
||||
};
|
||||
|
||||
res.status(201).json(safeUser);
|
||||
} catch (error) {
|
||||
console.error('Error creating user:', error);
|
||||
res.status(500).json({ message: 'Error creating user' });
|
||||
}
|
||||
};
|
||||
exports.createUser = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
UserValidator.validateCreateUser(req.body);
|
||||
const user = await UserService.createUser(req.body);
|
||||
ErrorHandler.successResponse(res, user, 'Benutzer erfolgreich erstellt', 201);
|
||||
});
|
||||
|
||||
exports.updateUser = async (req, res) => {
|
||||
try {
|
||||
const user = await User.findByPk(req.params.id);
|
||||
if (user) {
|
||||
// Erstelle eine Kopie der Request-Daten ohne sensible Felder
|
||||
const updateData = { ...req.body };
|
||||
|
||||
// Entferne sensible Felder, die niemals über diese Route geändert werden dürfen
|
||||
delete updateData.password;
|
||||
delete updateData.id;
|
||||
delete updateData.created_at;
|
||||
|
||||
// Setze updated_at auf aktuelle Zeit
|
||||
updateData.updated_at = new Date();
|
||||
|
||||
// Logging für Debugging
|
||||
console.log('Updating user:', req.params.id, 'with data:', updateData);
|
||||
|
||||
await user.update(updateData);
|
||||
|
||||
// Sichere User-Daten zurückgeben (ohne Passwort)
|
||||
const safeUser = {
|
||||
id: user.id,
|
||||
name: user.name,
|
||||
email: user.email,
|
||||
active: user.active,
|
||||
created_at: user.created_at
|
||||
};
|
||||
|
||||
res.status(200).json(safeUser);
|
||||
} else {
|
||||
res.status(404).json({ message: 'User not found' });
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error updating user:', error);
|
||||
res.status(500).json({ message: 'Error updating user' });
|
||||
}
|
||||
};
|
||||
exports.updateUser = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
UserValidator.validateId(req.params.id);
|
||||
UserValidator.validateUpdateUser(req.body);
|
||||
const user = await UserService.updateUser(req.params.id, req.body);
|
||||
ErrorHandler.successResponse(res, user, 'Benutzer erfolgreich aktualisiert');
|
||||
});
|
||||
|
||||
exports.deleteUser = async (req, res) => {
|
||||
try {
|
||||
const user = await User.findByPk(req.params.id);
|
||||
if (user) {
|
||||
await user.destroy();
|
||||
res.status(200).json({ message: 'User deleted successfully' });
|
||||
} else {
|
||||
res.status(404).json({ message: 'User not found' });
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Error deleting user:', error);
|
||||
res.status(500).json({ message: 'Error deleting user' });
|
||||
}
|
||||
};
|
||||
exports.deleteUser = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
UserValidator.validateId(req.params.id);
|
||||
await UserService.deleteUser(req.params.id);
|
||||
ErrorHandler.successResponse(res, null, 'Benutzer erfolgreich gelöscht');
|
||||
});
|
||||
|
||||
// Neue Route für Passwort-Änderung
|
||||
exports.changePassword = ErrorHandler.asyncHandler(async (req, res) => {
|
||||
const { currentPassword, newPassword } = req.body;
|
||||
UserValidator.validateId(req.params.id);
|
||||
UserValidator.validatePasswordChange(currentPassword, newPassword);
|
||||
await UserService.changePassword(req.params.id, currentPassword, newPassword);
|
||||
ErrorHandler.successResponse(res, null, 'Passwort erfolgreich geändert');
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user