From 2dd550b9349c25a9c895d4614e8a65d547775e5b Mon Sep 17 00:00:00 2001
From: kyrea <notaeryk@gmail.com>
Date: Wed, 10 Jan 2024 19:15:07 +0530
Subject: [PATCH] Added a patch route to reset token

---
 src/controllers/v4/internal/user.js | 34 +++++++++++++++++++++++++----
 src/routes/v4/internal/user.js      | 31 ++++++++++++++++++++++----
 2 files changed, 57 insertions(+), 8 deletions(-)

diff --git a/src/controllers/v4/internal/user.js b/src/controllers/v4/internal/user.js
index 47bea44..b8a2c7c 100644
--- a/src/controllers/v4/internal/user.js
+++ b/src/controllers/v4/internal/user.js
@@ -2,6 +2,31 @@ import crypto from 'crypto';
 import Users from '../../../models/schemas/User.js';
 import generateToken from '../../../modules/generateToken.js';
 
+/**
+ * Fetches user profile data based on the provided user ID
+ *
+ * @param {Object} req - Express request object.
+ * @param {Object} res - Express response object.
+ * @param {Function} next - Express next middleware function.
+ * @returns {Object} - User profile data.
+ */
+const retrieveUserProfile = async (req, res, next) => {
+  const key = req.headers.key;
+  // Check for valid access key in headers
+  if (!key || key !== process.env.ACCESS_KEY) {
+    return res.status(401).json({
+      message: 'Unauthorized',
+    });
+  }
+  const user = await Users.findById(req.params.id);
+  if (!user) {
+    return res.status(404).json({ message: 'User not found' }); // User not found
+  }
+
+  // This will return the data however it won't be the latest one after updating the token
+  return res.status(200).json(user);
+};
+
 /**
  * Fetches user profile data based on the provided user ID and Reset Token.
  *
@@ -10,7 +35,7 @@ import generateToken from '../../../modules/generateToken.js';
  * @param {Function} next - Express next middleware function.
  * @returns {Object} - User profile data.
  */
-const retrieveAndUpdateUserProfile = async (req, res, next) => {
+const updateUserToken = async (req, res, next) => {
   const key = req.headers.key;
   // Check for valid access key in headers
   if (!key || key !== process.env.ACCESS_KEY) {
@@ -27,11 +52,12 @@ const retrieveAndUpdateUserProfile = async (req, res, next) => {
   await Users.updateOne(
     { _id: { $eq: req.params.id } },
     { $set: { token: generateToken(req.params.id, process.env.HMAC_KEY) } },
-    { upsert: true }, // Create the document if it doesn't exist
   );
 
   // This will return the data however it won't be the latest one after updating the token
-  return res.status(200).json(user);
+  return res.status(200).json({
+    message: 'Token reset successfully.',
+  });
 };
 
 /**
@@ -112,4 +138,4 @@ const userEndpoint = async (req, res, next) => {
   }
 };
 
-export { userEndpoint, retrieveAndUpdateUserProfile };
+export { userEndpoint, retrieveUserProfile, updateUserToken };
diff --git a/src/routes/v4/internal/user.js b/src/routes/v4/internal/user.js
index c948318..8319fcf 100644
--- a/src/routes/v4/internal/user.js
+++ b/src/routes/v4/internal/user.js
@@ -1,5 +1,5 @@
 import { Router } from 'express';
-import { userEndpoint, retrieveAndUpdateUserProfile } from '../../../controllers/v4/internal/user.js';
+import { userEndpoint, retrieveUserProfile, updateUserToken } from '../../../controllers/v4/internal/user.js';
 import createRateLimiter from '../../../middlewares/rateLimit.js';
 
 const router = Router();
@@ -38,9 +38,9 @@ router
   /**
    * @api {get} v4/user/profile/:id Get User Profile
    * @apiDescription Get the profile of a specific user.
-   * @apiName retrieveAndUpdateUserProfile
+   * @apiName retrieveUserProfile
    * @apiGroup UserManagement
-   * @apiPermission user
+   * @apiPermission sudo
    *
    * @apiHeader {String} Authorization User's access token.
    *
@@ -62,7 +62,30 @@ router
    * @apiSuccess {function} middleware Express middleware function that handles rate limiting.
    *
    */
-  .get(createRateLimiter(), retrieveAndUpdateUserProfile);
+  .get(createRateLimiter(), retrieveUserProfile)
+  /**
+   * @api {patch} v4/user/profile/:id Get User Profile and Update reset the existing token
+   * @apiDescription Update the token for a specific user
+   * @apiName updateUserToken
+   * @apiGroup UserManagement
+   * @apiPermission sudo
+   *
+   * @apiHeader {String} Authorization User's access token.
+   *
+   * @apiParam {String} id User's unique identifier.
+   *
+   * @apiSuccess {Object} message
+   * @apiError (Unauthorized 401) Unauthorized Only authenticated users can access the data.
+   * @apiError (Forbidden 403) Forbidden Only authorized users can access the data.
+   * @apiError (Too Many Requests 429) TooManyRequests The client has exceeded the allowed number of requests within the time window.
+   * @apiError (Internal Server Error 500) InternalServerError An error occurred while processing the rate limit.
+   *
+   * @api {function} createRateLimiter
+   * @apiDescription Creates a rate limiter middleware to control the frequency of requests.
+   * @apiSuccess {function} middleware Express middleware function that handles rate limiting.
+   *
+   */
+  .patch(createRateLimiter(), updateUserToken);
 
 // Export the router
 export default router;