move some methods

packages/server/src/controllers/UserController/index.js

@@ -1,9 +1,14 @@
 import { Controller } from "linebridge/dist/server"
 import passport from "passport"
-import { User, UserFollow } from "../../models"
+import lodash from "lodash"
-import { Token, Schematized, createUser } from "../../lib"
+
 import SessionController from "../SessionController"
-import _ from "lodash"
+
+import { User, UserFollow } from "../../models"
+import { Token, Schematized } from "../../lib"
+
+import createUser from "./methods/createUser"
+import updatePassword from "./methods/updatePassword"
 
 const AllowedPublicUpdateFields = [
     "fullName",
@@ -217,7 +222,7 @@ export default class UserController extends Controller {
                     })
                 }
 
-                user = _.pick(user, AllowedAnonPublicGetters)
+                user = lodash.pick(user, AllowedAnonPublicGetters)
 
                 return res.json(user)
             }
@@ -417,6 +422,39 @@ export default class UserController extends Controller {
 
             return res.json(result)
         }),
+        "/self/update_password": {
+            middlewares: ["withAuthentication"],
+            fn: Schematized({
+                required: ["currentPassword", "newPassword"],
+                select: ["currentPassword", "newPassword",]
+            }, async (req, res) => {
+                const user = await User.findById(req.user._id).select("+password")
+
+                if (!user) {
+                    return res.status(404).json({ message: "User not found" })
+                }
+
+                const currentPasswordHash = await bcrypt.hash(req.selection.currentPassword, parseInt(process.env.BCRYPT_ROUNDS ?? 3))
+
+                const isPasswordValid = await bcrypt.compareSync(currentPasswordHash, user.password)
+
+                if (!isPasswordValid) {
+                    return res.status(401).json({ message: "Invalid password" })
+                }
+
+                const result = await updatePassword({
+                    user_id: req.user._id,
+                    newPassword: req.selection.newPassword,
+                }).catch((error) => {
+                    res.status(500).json({ message: error.message })
+                    return null
+                })
+
+                if (result) {
+                    return res.json(result)
+                }
+            })
+        },
         "/update_user": {
             middlewares: ["withAuthentication", "roles"],
             fn: Schematized({

packages/server/src/controllers/UserController/methods/createUser.js

@@ -1,4 +1,4 @@
-import { User } from "../../models"
+import { User } from "../../../models"
 import Avatars from "dicebar_lib"
 import bcrypt from "bcrypt"
 

packages/server/src/controllers/UserController/methods/updatePassword.js

@@ -0,0 +1,24 @@
+import bcrypt from "bcrypt"
+import { User } from "../../../models"
+
+export default async function (payload) {
+    const { user_id, password } = payload
+
+    const user = await User.findById(user_id)
+
+    if (!user) {
+        throw new Error("User not found")
+    }
+
+    // hash the password
+    const hash = bcrypt.hashSync(password, parseInt(process.env.BCRYPT_ROUNDS ?? 3))
+
+    user.password = hash
+
+    await user.save()
+
+    return {
+        status: "ok",
+        message: "Password updated successfully",
+    }
+}

packages/server/src/lib/index.js

@@ -1,5 +1,4 @@
 export { default as Schematized } from "./schematized"
 export { default as additionsHandler } from "./additionsHandler"
-export { default as createUser } from "./createUser"
 
 export * as Token from "./token"