ee372f472f
* Add with-next-connect example * Update README * Fix code and lint * Fix typo * Run prettier * Include username * Rename example * Match with-passport styling * Add comments in code * Run prettier * Rewrite example * Add some comments * Update README.md * keys -> secret * Updated package.json and readme * UX changes * Securely encrypt cookie with @hapi/iron * Update README * Abstract db related actions and update README * security: add note on password hashing * remove unused dep * Updated readme Co-authored-by: Luis Alvarez <luis@zeit.co>
36 lines
1.1 KiB
JavaScript
36 lines
1.1 KiB
JavaScript
import nextConnect from 'next-connect'
|
|
import auth from '../../middleware/auth'
|
|
import { deleteUser, updateUserByUsername } from '../../lib/db'
|
|
|
|
const handler = nextConnect()
|
|
|
|
handler
|
|
.use(auth)
|
|
.get((req, res) => {
|
|
// You do not generally want to return the whole user object
|
|
// because it may contain sensitive field such as !!password!! Only return what needed
|
|
// const { name, username, favoriteColor } = req.user
|
|
// res.json({ user: { name, username, favoriteColor } })
|
|
res.json({ user: req.user })
|
|
})
|
|
.use((req, res, next) => {
|
|
// handlers after this (PUT, DELETE) all require an authenticated user
|
|
// This middleware to check if user is authenticated before continuing
|
|
if (!req.user) {
|
|
res.status(401).send('unauthenticated')
|
|
} else {
|
|
next()
|
|
}
|
|
})
|
|
.put((req, res) => {
|
|
const { name } = req.body
|
|
const user = updateUserByUsername(req, req.user.username, { name })
|
|
res.json({ user })
|
|
})
|
|
.delete((req, res) => {
|
|
deleteUser(req)
|
|
req.logOut()
|
|
res.status(204).end()
|
|
})
|
|
|
|
export default handler
|