CodeLog-Development
diff --git a/‎api/src/lib/api.interface.ts
Lines changed: 7 additions & 0 deletions b/‎api/src/lib/api.interface.ts
Lines changed: 7 additions & 0 deletions
diff --git a/‎api/src/lib/auth/auth.middleware.ts
Lines changed: 7 additions & 4 deletions b/‎api/src/lib/auth/auth.middleware.ts
Lines changed: 7 additions & 4 deletions
diff --git a/‎api/src/lib/user/user.controller.ts
Lines changed: 95 additions & 9 deletions b/‎api/src/lib/user/user.controller.ts
Lines changed: 95 additions & 9 deletions
diff --git a/‎api/src/lib/user/user.interface.ts
Lines changed: 24 additions & 0 deletions b/‎api/src/lib/user/user.interface.ts
Lines changed: 24 additions & 0 deletions
diff --git a/‎api/src/lib/user/user.module.ts
Lines changed: 21 additions & 2 deletions b/‎api/src/lib/user/user.module.ts
Lines changed: 21 additions & 2 deletions
diff --git a/‎api/src/lib/user/user.service.ts
Lines changed: 33 additions & 8 deletions b/‎api/src/lib/user/user.service.ts
Lines changed: 33 additions & 8 deletions
diff --git a/‎app/src/app/app.module.ts
Lines changed: 3 additions & 1 deletion b/‎app/src/app/app.module.ts
Lines changed: 3 additions & 1 deletion
@@ -1,4 +1,11 @@
+import * as express from 'express';
+import { User } from './user';
+
 export interface ApiResponse {
   success: boolean;
   message: string | undefined;
 }
+
+export interface Request extends express.Request {
+  user?: User;
+}
@@ -1,7 +1,9 @@
 import { Injectable, NestMiddleware } from '@nestjs/common';
 import { ModuleRef } from '@nestjs/core';
-import { NextFunction, Request, Response } from 'express';
+import { NextFunction, Response } from 'express';
 import { UserService } from '../user/user.service';
+import { User } from '../user';
+import { Request } from '../api.interface';
 
 @Injectable()
 export class AuthenticationMiddleware implements NestMiddleware {
@@ -17,8 +19,9 @@ export class AuthenticationMiddleware implements NestMiddleware {
     } else {
       this.userService
         .checkCookie(authCookie)
-        .then((isValid) => {
-          if (isValid) {
+        .then((user: User | undefined) => {
+          if (user?.verified) {
+            req.user = user;
             next();
           } else {
             res.status(401).end();
@@ -27,7 +30,7 @@ export class AuthenticationMiddleware implements NestMiddleware {
         .catch((e) => {
           console.error(
             ' ~ auth.middleware.ts:25 → Failed to check cookie',
-            e
+            e,
           );
           res.status(500).end();
         });
 
@@ -1,8 +1,25 @@
-import { Controller, Post, Body, Res } from '@nestjs/common';
-import { AuthRequest, NewUser } from './user.interface';
+import {
+  Controller,
+  Post,
+  Body,
+  Res,
+  Patch,
+  Get,
+  Param,
+  Req,
+} from '@nestjs/common';
+import {
+  AuthRequest,
+  ChangePasswordRequest,
+  NewUser,
+  UserInfoResponse,
+  validatePassword,
+} from './user.interface';
 import { UserService } from './user.service';
 import { Response } from 'express';
+import { Request } from '../api.interface';
 import { ApiResponse } from '../api.interface';
+import * as argon2 from 'argon2';
 
 export const EMAIL_REGEX =
   /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
@@ -11,27 +28,96 @@ export const EMAIL_REGEX =
 export class UserController {
   constructor(private userService: UserService) { }
 
+  @Get()
+  async getUserInfo(
+    @Param('username') username: string,
+    @Req() request: Request,
+    @Res() response: Response,
+  ): Promise<UserInfoResponse> {
+    const user = await this.userService.findUserByUsername(username);
+
+    if (!user) {
+      return { success: false, message: "Couldn't find the requested user" };
+    }
+
+    if (user.username !== request.user?.username) {
+      response.status(401);
+      return { success: false, message: "You cannot see this user's details" };
+    }
+
+    return {
+      success: true,
+      message: 'User details retrieved',
+      user: {
+        username: user.username,
+        email: user.email,
+        verified: user.verified,
+      },
+    };
+  }
+
+  @Patch('/password')
+  async changePassword(
+    @Body() input: ChangePasswordRequest,
+  ): Promise<ApiResponse> {
+    const passwordValidation = validatePassword(input.newPassword);
+    if (passwordValidation !== undefined) {
+      return { success: false, message: passwordValidation };
+    }
+
+    if (input.newPassword !== input.confirm) {
+      return { success: false, message: "Confirmation password doesn't match" };
+    }
+
+    try {
+      const userRef = await this.userService.findUserByUsernameRef(
+        input.username,
+      );
+
+      const user = (await userRef?.get())?.data();
+
+      if (!user || !userRef) {
+        return {
+          success: false,
+          message: 'The specified user could not be found',
+        };
+      }
+
+      if (!(await argon2.verify(user.passwordHash, input.currentPassword))) {
+        return {
+          success: false,
+          message: 'The supplied current password was incorrect',
+        };
+      }
+
+      await this.userService.changePassword(userRef, input.newPassword);
+      return { success: true, message: 'Password updated' };
+    } catch (e) {
+      return { success: false, message: 'Failed to update password' };
+    }
+  }
+
   @Post()
   async createUser(
     @Body() newUser: NewUser,
-    @Res({ passthrough: true }) res: Response
+    @Res({ passthrough: true }) res: Response,
   ): Promise<ApiResponse> {
     try {
       if (!EMAIL_REGEX.test(newUser.email)) {
         return { success: false, message: 'Invalid email' };
       }
 
       const existingEmail = await this.userService.findUserByEmail(
-        newUser.email
+        newUser.email,
       );
       const existingUsername = await this.userService.findUserByUsername(
-        newUser.username
+        newUser.username,
       );
 
       console.log(
         '🚀 ~ user.controller.ts:31 → Existing users (undefined is good): ',
         existingEmail,
-        existingUsername
+        existingUsername,
       );
 
       if (existingEmail !== undefined || existingUsername !== undefined) {
@@ -65,10 +151,10 @@ export class UserController {
   @Post('/login')
   async login(
     @Body() loginRequest: AuthRequest,
-    @Res({ passthrough: true }) res: Response
+    @Res({ passthrough: true }) res: Response,
   ): Promise<ApiResponse> {
     const user = await this.userService.findUserByUsername(
-      loginRequest.username
+      loginRequest.username,
     );
 
     if (!user) {
@@ -81,7 +167,7 @@ export class UserController {
 
     const result = await this.userService.authenticate(
       loginRequest.username,
-      loginRequest.password
+      loginRequest.password,
     );
 
     if (result === undefined) {
 
@@ -1,4 +1,5 @@
 import { DocumentReference } from 'firebase-admin/firestore';
+import { ApiResponse } from '../api.interface';
 
 export interface NewUser {
   username: string;
@@ -23,3 +24,26 @@ export interface Cookie {
   secret: string;
   expires: number;
 }
+
+export interface ChangePasswordRequest {
+  username: string;
+  currentPassword: string;
+  newPassword: string;
+  confirm: string;
+}
+
+export interface UserInfoResponse extends ApiResponse {
+  user?: {
+    username: string;
+    email: string;
+    verified: boolean;
+  };
+}
+
+export function validatePassword(password: string): string | undefined {
+  if (password.length < 8) {
+    return 'Password must be longer that 8 characters';
+  }
+
+  return undefined;
+}
@@ -1,9 +1,28 @@
-import { Module } from '@nestjs/common';
+import {
+  MiddlewareConsumer,
+  Module,
+  NestModule,
+  RequestMethod,
+} from '@nestjs/common';
 import { UserService } from './user.service';
 import { UserController } from './user.controller';
+import { AuthenticationMiddleware } from '../auth/auth.middleware';
 
 @Module({
   providers: [UserService],
   controllers: [UserController],
 })
-export class UserModule { }
+export class UserModule implements NestModule {
+  configure(consumer: MiddlewareConsumer) {
+    consumer.apply(AuthenticationMiddleware).forRoutes(
+      {
+        path: 'password',
+        method: RequestMethod.PATCH,
+      },
+      {
+        path: '',
+        method: RequestMethod.GET,
+      },
+    );
+  }
+}
@@ -16,20 +16,45 @@ export class UserService implements OnModuleInit {
     });
   }
 
+  async changePassword(
+    userRef: DocumentReference,
+    newPassword: string,
+  ): Promise<void> {
+    if (!this.firebaseService) {
+      throw 'No firebase provider';
+    }
+
+    await userRef.update({ passwordHash: await argon2.hash(newPassword) });
+  }
+
   async findUserByUsername(username: string): Promise<User | undefined> {
+    try {
+      const ref = await this.findUserByUsernameRef(username);
+      const data = await ref?.get();
+      return data?.data();
+    } catch (e) {
+      return undefined;
+    }
+  }
+
+  async findUserByUsernameRef(
+    username: string,
+  ): Promise<DocumentReference<User> | undefined> {
     if (!this.firebaseService) {
       throw 'No firebase connection';
     }
 
     const firestore = this.firebaseService?.getFirestore();
     const collection = firestore?.collection('/users');
     const result = await collection?.where('username', '==', username).get();
+
     console.log('🚀 ~ user.service.ts:27 → result', result?.docs.length);
     if (!result || result?.docs.length === 0) {
       return undefined;
     }
 
-    const user: User | undefined = result?.docs.at(0)?.data() as User;
+    const user: DocumentReference<User> | undefined = result?.docs.at(0)
+      ?.ref as DocumentReference<User> | undefined;
     console.log(`🚀 ~ user.service.ts:33 → user: ${JSON.stringify(user)}`);
     return user;
   }
@@ -85,7 +110,7 @@ export class UserService implements OnModuleInit {
 
   async authenticate(
     username: string,
-    password: string
+    password: string,
   ): Promise<Cookie | undefined> {
     const firestore = this.firebaseService?.getFirestore();
     const collection = firestore?.collection('/users');
@@ -123,14 +148,14 @@ export class UserService implements OnModuleInit {
     return undefined;
   }
 
-  async checkCookie(secret: string): Promise<boolean> {
+  async checkCookie(secret: string): Promise<User | undefined> {
     if (!this.firebaseService) {
-      return false;
+      return undefined;
     }
 
     const firestore = this.firebaseService.getFirestore();
     if (!firestore) {
-      return false;
+      return undefined;
     }
 
     const query = await firestore
@@ -140,15 +165,15 @@ export class UserService implements OnModuleInit {
       .get();
 
     if (query.docs.length !== 1) {
-      return false;
+      return undefined;
     }
 
     const cookie = query.docs[0].data() as Cookie;
     const user: User | undefined = (await cookie.userRef.get()).data() as User;
     if (!user.verified) {
-      return false;
+      return undefined;
     }
 
-    return true;
+    return user;
   }
 }
@@ -9,6 +9,7 @@ import { FormsModule } from '@angular/forms';
 import { AuthModule } from './auth/auth.module';
 import { CommonModule } from '@angular/common';
 import { NotificationService } from './notification.service';
+import { StatusPageModule } from './status/status.module';
 
 @NgModule({
   declarations: [AppComponent],
@@ -18,6 +19,7 @@ import { NotificationService } from './notification.service';
     FormsModule,
     AppRoutingModule,
     HttpClientModule,
+    StatusPageModule,
     AuthModule,
     IonicModule.forRoot(),
   ],
@@ -27,4 +29,4 @@ import { NotificationService } from './notification.service';
   ],
   bootstrap: [AppComponent],
 })
-export class AppModule {}
+export class AppModule { }