Video 113: Authenticating User Endpoints

task-manager/src/routers/user.js

@@ -53,23 +53,7 @@ router.get('/users/me', auth, async (req, res) => {
   res.send(req.user)
 })
 
-router.get('/users/:id', async (req, res) => {
+router.patch('/users/me', auth, async (req, res) => {
-  const _id = req.params.id
-
-  try {
-    const user = await User.findById(_id)
-
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
-  } catch (e) {
-    res.status(500).send()
-  }
-})
-
-router.patch('/users/:id', async (req, res) => {
   const updates = Object.keys(req.body)
   const allowedUpdates = ['name', 'email', 'password', 'age']
   const isValidOperation = updates.every((update) => allowedUpdates.includes(update))
@@ -79,30 +63,18 @@ router.patch('/users/:id', async (req, res) => {
   }
 
   try {
-    const user = await User.findById(req.params.id)
+    updates.forEach((update) => req.user[update] = req.body[update])
-
+    await req.user.save()
-    updates.forEach((update) => user[update] = req.body[update])
+    res.send(req.user)
-    await user.save()
-
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
   } catch (e) {
     res.status(400).send(e)
   }
 })
 
-router.delete('/users/:id', async (req, res) => {
+router.delete('/users/me', auth, async (req, res) => {
   try {
-    const user = await User.findByIdAndDelete(req.params.id)
+    await req.user.remove()
-
+    res.send(req.user)
-    if (!user) {
-      return res.status(404).send()
-    }
-
-    res.send(user)
   } catch (e) {
     res.status(500).send()
   }