generated from corrad-software/corrad-af-2024
162 lines
4.0 KiB
JavaScript
162 lines
4.0 KiB
JavaScript
import prisma from "../../utils/prisma";
|
|
import sha256 from "crypto-js/sha256";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
// Get user ID from route
|
|
const id = parseInt(event.context.params.id);
|
|
|
|
if (isNaN(id)) {
|
|
return {
|
|
statusCode: 400,
|
|
message: "Invalid user ID"
|
|
};
|
|
}
|
|
|
|
// Get request body
|
|
const body = await readBody(event);
|
|
|
|
console.log("PUT User body:", JSON.stringify({
|
|
...body,
|
|
userPassword: body.userPassword ? '[REDACTED]' : undefined
|
|
}));
|
|
|
|
// Validate request body
|
|
if (!body || typeof body !== 'object') {
|
|
return {
|
|
statusCode: 400,
|
|
message: "Invalid request body, expected JSON object",
|
|
received: body
|
|
};
|
|
}
|
|
|
|
// Check if user exists
|
|
const existingUser = await prisma.user.findUnique({
|
|
where: {
|
|
userID: id
|
|
}
|
|
});
|
|
|
|
if (!existingUser) {
|
|
return {
|
|
statusCode: 404,
|
|
message: "User not found"
|
|
};
|
|
}
|
|
|
|
// Check if department exists if department ID is provided
|
|
if (body.dp_id) {
|
|
const department = await prisma.department.findUnique({
|
|
where: {
|
|
dp_id: parseInt(body.dp_id)
|
|
}
|
|
});
|
|
|
|
if (!department) {
|
|
return {
|
|
statusCode: 404,
|
|
message: "Department not found",
|
|
dp_id: body.dp_id
|
|
};
|
|
}
|
|
}
|
|
|
|
// Check if username is taken by another user
|
|
if (body.userUsername && body.userUsername !== existingUser.userUsername) {
|
|
const usernameExists = await prisma.user.findFirst({
|
|
where: {
|
|
userUsername: body.userUsername,
|
|
userID: {
|
|
not: id
|
|
}
|
|
}
|
|
});
|
|
|
|
if (usernameExists) {
|
|
return {
|
|
statusCode: 409,
|
|
message: "Username is already taken by another user"
|
|
};
|
|
}
|
|
}
|
|
|
|
// Prepare update data
|
|
const updateData = {};
|
|
|
|
// Only update fields that are provided
|
|
if (body.userUsername !== undefined) updateData.userUsername = body.userUsername;
|
|
if (body.userFullName !== undefined) updateData.userFullName = body.userFullName;
|
|
if (body.userEmail !== undefined) updateData.userEmail = body.userEmail;
|
|
if (body.userPhone !== undefined) updateData.userPhone = body.userPhone;
|
|
if (body.userStatus !== undefined) updateData.userStatus = body.userStatus ? body.userStatus.toUpperCase() : null;
|
|
if (body.dp_id !== undefined) updateData.dp_id = body.dp_id ? parseInt(body.dp_id) : null;
|
|
|
|
// Hash password if provided
|
|
if (body.userPassword) {
|
|
updateData.userPassword = sha256(body.userPassword).toString();
|
|
}
|
|
|
|
// Update modified date
|
|
updateData.userModifiedDate = new Date();
|
|
|
|
// Update user
|
|
const user = await prisma.user.update({
|
|
where: {
|
|
userID: id
|
|
},
|
|
data: updateData
|
|
});
|
|
|
|
// Create audit log
|
|
await prisma.audit.create({
|
|
data: {
|
|
auditIP: getRequestIP(event),
|
|
auditURL: getRequestURL(event),
|
|
auditURLMethod: 'PUT',
|
|
auditAction: 'UPDATE_USER',
|
|
auditDetails: JSON.stringify({
|
|
before: {
|
|
...existingUser,
|
|
userPassword: "[REDACTED]"
|
|
},
|
|
after: {
|
|
...user,
|
|
userPassword: "[REDACTED]"
|
|
}
|
|
}),
|
|
auditUserID: null,
|
|
auditUsername: null
|
|
}
|
|
});
|
|
|
|
// Remove password from response
|
|
const userResponse = {
|
|
...user,
|
|
userPassword: undefined
|
|
};
|
|
|
|
return {
|
|
statusCode: 200,
|
|
message: "User updated successfully",
|
|
data: userResponse
|
|
};
|
|
} catch (error) {
|
|
console.error("Error updating user:", error);
|
|
|
|
return {
|
|
statusCode: 500,
|
|
message: "Internal server error",
|
|
error: error.message
|
|
};
|
|
}
|
|
});
|
|
|
|
// Helper functions
|
|
function getRequestIP(event) {
|
|
return event.node.req.headers['x-forwarded-for'] ||
|
|
event.node.req.connection.remoteAddress;
|
|
}
|
|
|
|
function getRequestURL(event) {
|
|
return event.node.req.url;
|
|
}
|