diff --git a/package.json b/package.json index bb8e9f0..4c7e68c 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ "build": "tsc", "dev": "tsc -w", "lint": "eslint --fix \"src/**/*.ts*\"", - "test": "jest" + "test": "jest -i" }, "repository": { "type": "git", diff --git a/src/mongooseRestFramework.ts b/src/mongooseRestFramework.ts index 67d2d54..1647138 100644 --- a/src/mongooseRestFramework.ts +++ b/src/mongooseRestFramework.ts @@ -84,7 +84,7 @@ interface GooseRESTOptions { permissions: RESTPermissions; queryFields?: string[]; // return null to prevent the query from running - queryFilter?: (user?: User) => Record | null; + queryFilter?: (user?: User, query?: Record) => Record | null; transformer?: GooseTransformer; sort?: string | {[key: string]: "ascending" | "descending"}; defaultQueryParams?: {[key: string]: any}; @@ -267,6 +267,34 @@ export function authenticateMiddleware(anonymous = false) { return passport.authenticate(strategies, {session: false}); } +export async function signupUser( + userModel: UserModel, + email: string, + password: string, + body?: any +) { + try { + const user = await (userModel as any).register({email}, password); + if (user.postCreate) { + delete body.email; + delete body.password; + try { + await user.postCreate(body); + } catch (e) { + logger.error("Error in user.postCreate", e); + throw e; + } + } + await user.save(); + if (!user.token) { + throw new Error("Token not created"); + } + return user; + } catch (error) { + throw error; + } +} + // TODO allow customization export function setupAuth(app: express.Application, userModel: UserModel) { passport.use(new AnonymousStrategy()); @@ -280,20 +308,9 @@ export function setupAuth(app: express.Application, userModel: UserModel) { }, async (req, email, password, done) => { try { - const user = await (userModel as any).register({email}, password); - if (user.postCreate) { - const body = req.body; - delete body.email; - delete body.password; - await user.postCreate(body); - } - await user.save(); - if (!user.token) { - return done(new Error("Token not created")); - } - return done(null, user); - } catch (error) { - return done(error); + done(undefined, await signupUser(userModel, email, password, req.body)); + } catch (e) { + return done(e); } } ) @@ -663,7 +680,12 @@ export function gooseRestRouter( } if (options.queryFilter) { - const queryFilter = options.queryFilter(req.user); + let queryFilter; + try { + queryFilter = await options.queryFilter(req.user, query); + } catch (e) { + return res.status(400).json({message: `Query filter error: ${e}`}); + } // If the query filter returns null specifically, we know this is a query that shouldn't // return any results. @@ -814,10 +836,20 @@ export function gooseRestRouter( } } - try { - await data.remove(); - } catch (e) { - return res.status(400).send({message: (e as any).message}); + // Support .deleted from isDeleted plugin + if ( + Object.keys(model.schema.paths).includes("deleted") && + model.schema.paths.deleted.instance === "Boolean" + ) { + data.deleted = true; + await data.save(); + } else { + // For models without the isDeleted plugin + try { + await data.remove(); + } catch (e) { + return res.status(400).send({message: (e as any).message}); + } } if (options.postDelete) {