Video 113: Authenticating User Endpoints

2020-07-15 16:26:27 -06:00 · 2020-07-15 16:26:27 -06:00 · b06a1d3e88
commit b06a1d3e88
parent db05569296
1 changed files with 7 additions and 35 deletions
--- a/task-manager/src/routers/user.js
+++ b/task-manager/src/routers/user.js
@ -53,23 +53,7 @@ router.get('/users/me', auth, async (req, res) => {
  res.send(req.user)
 })

-router.get('/users/:id', async (req, res) => {
-  const _id = req.params.id
-
-  try {
-    const user = await User.findById(_id)
-
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
-  } catch (e) {
-    res.status(500).send()
-  }
-})
-
-router.patch('/users/:id', async (req, res) => {
+router.patch('/users/me', auth, async (req, res) => {
  const updates = Object.keys(req.body)
  const allowedUpdates = ['name', 'email', 'password', 'age']
  const isValidOperation = updates.every((update) => allowedUpdates.includes(update))
@ -79,30 +63,18 @@ router.patch('/users/:id', async (req, res) => {
  }

  try {
-    const user = await User.findById(req.params.id)
-
-    updates.forEach((update) => user[update] = req.body[update])
-    await user.save()
-
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
+    updates.forEach((update) => req.user[update] = req.body[update])
+    await req.user.save()
+    res.send(req.user)
  } catch (e) {
    res.status(400).send(e)
  }
 })

-router.delete('/users/:id', async (req, res) => {
+router.delete('/users/me', auth, async (req, res) => {
  try {
-    const user = await User.findByIdAndDelete(req.params.id)
-
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
+    await req.user.remove()
+    res.send(req.user)
  } catch (e) {
    res.status(500).send()
  }