meb/OLD-server-architecture
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement user management routes and add settings endpoint to API server

Browse Source
This commit is contained in:
Giuseppe Raffa
2026-04-04 18:46:31 +02:00
parent 3efed93cbb
commit 0f511c2cf9
4 changed files with 126 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/src/index.js
View File

@@ -76,6 +76,9 @@ app.use('/storage', storageRoutes)
const paramsRoutes = require('./routes/params') const paramsRoutes = require('./routes/params')
app.use('/params', paramsRoutes) app.use('/params', paramsRoutes)
const settingsRoutes = require('./routes/settings')
app.use('/settings', settingsRoutes)
// Avvio del server // Avvio del server
app.listen(PORT, '0.0.0.0', () => { app.listen(PORT, '0.0.0.0', () => {
console.log(`Started on port ${PORT}`); console.log(`Started on port ${PORT}`);

9
api/src/routes/settings.js Normal file
View File

@@ -0,0 +1,9 @@
// api.mebboat.it/settings
const express = require('express');
const router = express.Router();
module.exports = router

2
auth/src/index.js
View File

@@ -33,7 +33,9 @@ app.set('view engine', 'html');
// Routes // Routes
const authRoutes = require('./routes/auth'); const authRoutes = require('./routes/auth');
const usersRoutes = require('./routes/users');
app.use('/', authRoutes); app.use('/', authRoutes);
app.use('/users', usersRoutes);
app.get('/health', async (req, res) => { app.get('/health', async (req, res) => {
const dbConnected = await database.checkPostgres(); const dbConnected = await database.checkPostgres();

113
auth/src/routes/users.js
View File

@@ -1,2 +1,113 @@
const router = require('express').Router(); // api.mebboat.it/users
const router = require('express').Router();
const jwt = require('../tools/jwt');
const { query } = require('../storage/database');
// Middleware di autenticazione: estrae l'utente dal token JWT
const requireAuth = (req, res, next) => {
// Estraiamo il token dai cookies (inserito al login) o dall'header "Authorization"
const token = (req.cookies && req.cookies.auth_token) || jwt.getToken(req.headers['authorization']);
if (!token) {
return res.status(401).json({ error: 'Non autorizzato: token mancante' });
}
const verified = jwt.verifyToken(token);
if (!verified.valid) {
return res.status(401).json({ error: 'Non autorizzato: token scaduto o non valido', reason: verified.reason });
}
// Il riferimento all'identità dell'utente viene agganciato all'oggetto `req`
// (payload conterrà { user_id, username, session_id })
req.user = verified.payload;
next();
};
router.use(requireAuth);
router.get('/', async (req, res) => {
try {
const result = await query(
'SELECT id, username, is_active, created_at, telegram_id FROM users'
);
res.json(result.rows);
} catch (err) {
res.status(500).json({ error: 'Errore interno del server ' + err });
}
})
router.get('/tonotify/', async (req, res) => {
try {
const result = await query(
'SELECT telegram_id FROM users WHERE telegram_id IS NOT NULL'
);
res.json(result.rows);
} catch (err) {
res.status(500).json({ error: 'Errore interno del server ' + err });
}
})
router.get('/me', async (req, res) => {
try {
const result = await query(
'SELECT id, username, is_active, created_at, telegram_id FROM users WHERE id = $1',
[req.user.user_id]
);
if (result.rows.length === 0) {
return res.status(404).json({ error: 'Utente non trovato' });
}
res.json(result.rows[0]);
} catch (err) {
console.error('[USERS] Errore recupero utente:', err);
res.status(500).json({ error: 'Errore interno del server' });
}
});
// 2. Modificare l'username dell'utente
router.put('/me/username', async (req, res) => {
// Si aspetta il nuovo parametro via query (?newUsername=Mario) o body se preferibile
const newUsername = req.query.newUsername || req.body?.newUsername;
if (!newUsername) {
return res.status(400).json({ error: 'Nuovo username richiesto' });
}
try {
await query(
'UPDATE users SET username = $1 WHERE id = $2',
[newUsername, req.user.user_id] // Nessuna informazione identitaria prelevata dal body
);
res.json({ success: true, message: 'Username aggiornato con successo' });
} catch (err) {
if (err.code === '23505') { // UNIQUE constraint violation PostgreSQL
return res.status(409).json({ error: 'Questo username è già in uso' });
}
console.error('[USERS] Errore aggiornamento username:', err);
res.status(500).json({ error: 'Errore interno del server' });
}
});
// 3. Modificare altri parametri (es. telegram_id)
router.put('/me/telegram', async (req, res) => {
const telegramId = req.query.telegramId || req.body?.telegramId;
if (!telegramId) {
return res.status(400).json({ error: 'Telegram ID richiesto' });
}
try {
await query(
'UPDATE users SET telegram_id = $1 WHERE id = $2',
[telegramId, req.user.user_id]
);
res.json({ success: true, message: 'Telegram ID aggiornato con successo' });
} catch (err) {
console.error('[USERS] Errore aggiornamento parametro:', err);
res.status(500).json({ error: 'Errore interno del server' });
}
});
module.exports = router;