EngrEric/userManagement.js

## userManagement.js
const {
  USERS_TABLE,
  DELETED_USERS_TABLE,
  db,
  AWS,
  userPoolId,
} = require("../config");
const { OK } = require("http-status-codes");
const { errorResponse } = require("./utils");
const auth = new AWS.CognitoIdentityServiceProvider();

/**
 * @function createAdmin Modifies a user data to be an admin
 * @param {*} req  http request object
 * @param {*} res http response object
 * const { userId } = req.params;
 * const { accessToken } = req.query;
 * @returns {object} response object with status code
 */
const createAdmin = async (req, res) => {
  const { userId, email } = req.body;

  try {
    const { $response } = await auth
      .adminAddUserToGroup({
        GroupName: "admins",
        UserPoolId: userPoolId,
        Username: email,
      })
      .promise();

    if ($response.error) {
      errorResponse($response.error, res);
    }

    const params = {
      TableName: USERS_TABLE,
      ReturnValues: "ALL_NEW",
      Key: {
        userId,
      },
      UpdateExpression: "set isAdmin = :a",
      ExpressionAttributeValues: {
        ":a": true,
      },
    };

    try {
      const { $response: dbRes, Attributes } = await db.update(params);

      if (dbRes.error) {
        errorResponse(dbRes.error, res);
      }

      return res.status(OK).send({
        status: "success",
        data: Attributes,
      });
    } catch (error) {
      errorResponse(error, res);
    }
  } catch (error) {
    errorResponse(error, res);
  }
};

/**
 * @function Removes user privilege as admin and update the db
 * @param {*} req  http request object
 * const { userId } = req.params;
 * const { accessToken } = req.query;
 * @param {*} res http response object
 * @returns {object} response object with status code
 */
const removeAdminPrivilege = async (req, res) => {
  const { userId, email } = req.query;

  try {
    const { $response } = await auth
      .adminRemoveUserFromGroup({
        GroupName: "admins",
        UserPoolId: userPoolId,
        Username: email,
      })
      .promise();

    if ($response.error) {
      errorResponse($response.error, res);
    }

    const params = {
      TableName: USERS_TABLE,
      ReturnValues: "ALL_NEW",
      Key: {
        userId,
      },
      UpdateExpression: "set isAdmin = :a",
      ExpressionAttributeValues: {
        ":a": false,
      },
    };
    try {
      const { $response: dbRes, Attributes } = await db.update(params);

      if (dbRes.error) {
        errorResponse(dbRes.error, res);
      }

      return res.status(OK).send({
        status: "success",
        data: Attributes,
      });
    } catch (error) {
      errorResponse(error, res);
    }
  } catch (error) {
    errorResponse(error, res);
  }
};

/**
 * @function Func Gets all the users in the database
 * @param {object} req http request object
 * @param {object} res http response object
 */
const getAllUsers = async (req, res) => {
  var params = {
    TableName: USERS_TABLE,
  };

  // invoke the scanning
  let { Items, LastEvaluatedKey, $response: dbRes } = await db.scan(params);

  if (dbRes.error) {
    errorResponse(dbRes.error, res);
  }

  // continue scanning if we have more items, because
  // scan can retrieve a maximum of 1MB of data
  if (typeof LastEvaluatedKey != "undefined") {
    params.ExclusiveStartKey = LastEvaluatedKey;
    Items = [...Items, ...(await db.scan(params)).Items];
  }

  return res.status(OK).send({
    status: "success",
    data: Items,
  });
};

/**
 * deletes the user in the pool and move the user to deleted user table
 * @param {object} req http request object
 * const { email, userId } = req.body;
 * @param {object} res http response object
 */
const deleteUser = async (req, res) => {
  const { email, userId } = req.body;

  const params = {
    TableName: USERS_TABLE,
    Key: {
      userId: userId,
    },
  };

  const params2 = {
    TableName: DELETED_USERS_TABLE,
    Key: {
      userId,
    },
  };

  try {
    const { $response } = await auth
      .adminDeleteUser({ UserPoolId: "sample userpool id", Username: email })
      .promise();

    if ($response.error) {
      errorResponse($response.error, res);
    }

    const { $response: getRes, Item } = await db.get(params);
    if (getRes.error) {
      errorResponse(getRes.error, res);
    }
    if (Item !== undefined) {
      params2["Item"] = Item;

      await db.put(params2);
      const { $response: dbRes, Attributes } = await db.delete(params);

      if (dbRes.error) {
        errorResponse(dbRes.error, res);
      }

      return res.status(OK).send({
        status: "success",
        data: {
          ...Attributes,
        },
      });
    } else {
      errorResponse({ error: "Item is not found in the db" }, res);
    }
  } catch (error) {
    errorResponse(error, res);
  }
};

/**
 * Function that enables and disables the user in the user pool.
 * Disabled users cannot login
 * @param {object} req http request object
 * const { email, status } = req.body;
 * @param {object} res http response object
 */
const disableOrEnableUser = async (req, res) => {
  const { email, status } = req.body;
  try {
    const { $response } =
      status === "enable"
        ? await auth
            .adminEnableUser({
              UserPoolId: "us-east-2_yw8hUaHPM",
              Username: email,
            })
            .promise()
        : await auth
            .adminDisableUser({
              UserPoolId: "us-east-2_yw8hUaHPM",
              Username: email,
            })
            .promise();

    if ($response.error) {
      errorResponse($response.error, res);
    }

    return res.status(OK).send({
      status: "success",
      data: {},
    });
  } catch (error) {
    errorResponse(error, res);
  }
};

module.exports = {
  createAdmin,
  removeAdminPrivilege,
  getAllUsers,
  deleteUser,
  disableOrEnableUser,
};
	const {
	USERS_TABLE,
	DELETED_USERS_TABLE,
	db,
	AWS,
	userPoolId,
	} = require("../config");
	const { OK } = require("http-status-codes");
	const { errorResponse } = require("./utils");
	const auth = new AWS.CognitoIdentityServiceProvider();

	/**
	* @function createAdmin Modifies a user data to be an admin
	* @param {*} req http request object
	* @param {*} res http response object
	* const { userId } = req.params;
	* const { accessToken } = req.query;
	* @returns {object} response object with status code
	*/
	const createAdmin = async (req, res) => {
	const { userId, email } = req.body;

	try {
	const { $response } = await auth
	.adminAddUserToGroup({
	GroupName: "admins",
	UserPoolId: userPoolId,
	Username: email,
	})
	.promise();

	if ($response.error) {
	errorResponse($response.error, res);
	}

	const params = {
	TableName: USERS_TABLE,
	ReturnValues: "ALL_NEW",
	Key: {
	userId,
	},
	UpdateExpression: "set isAdmin = :a",
	ExpressionAttributeValues: {
	":a": true,
	},
	};

	try {
	const { $response: dbRes, Attributes } = await db.update(params);

	if (dbRes.error) {
	errorResponse(dbRes.error, res);
	}

	return res.status(OK).send({
	status: "success",
	data: Attributes,
	});
	} catch (error) {
	errorResponse(error, res);
	}
	} catch (error) {
	errorResponse(error, res);
	}
	};

	/**
	* @function Removes user privilege as admin and update the db
	* @param {*} req http request object
	* const { userId } = req.params;
	* const { accessToken } = req.query;
	* @param {*} res http response object
	* @returns {object} response object with status code
	*/
	const removeAdminPrivilege = async (req, res) => {
	const { userId, email } = req.query;

	try {
	const { $response } = await auth
	.adminRemoveUserFromGroup({
	GroupName: "admins",
	UserPoolId: userPoolId,
	Username: email,
	})
	.promise();

	if ($response.error) {
	errorResponse($response.error, res);
	}

	const params = {
	TableName: USERS_TABLE,
	ReturnValues: "ALL_NEW",
	Key: {
	userId,
	},
	UpdateExpression: "set isAdmin = :a",
	ExpressionAttributeValues: {
	":a": false,
	},
	};
	try {
	const { $response: dbRes, Attributes } = await db.update(params);

	if (dbRes.error) {
	errorResponse(dbRes.error, res);
	}

	return res.status(OK).send({
	status: "success",
	data: Attributes,
	});
	} catch (error) {
	errorResponse(error, res);
	}
	} catch (error) {
	errorResponse(error, res);
	}
	};

	/**
	* @function Func Gets all the users in the database
	* @param {object} req http request object
	* @param {object} res http response object
	*/
	const getAllUsers = async (req, res) => {
	var params = {
	TableName: USERS_TABLE,
	};

	// invoke the scanning
	let { Items, LastEvaluatedKey, $response: dbRes } = await db.scan(params);

	if (dbRes.error) {
	errorResponse(dbRes.error, res);
	}

	// continue scanning if we have more items, because
	// scan can retrieve a maximum of 1MB of data
	if (typeof LastEvaluatedKey != "undefined") {
	params.ExclusiveStartKey = LastEvaluatedKey;
	Items = [...Items, ...(await db.scan(params)).Items];
	}

	return res.status(OK).send({
	status: "success",
	data: Items,
	});
	};

	/**
	* deletes the user in the pool and move the user to deleted user table
	* @param {object} req http request object
	* const { email, userId } = req.body;
	* @param {object} res http response object
	*/
	const deleteUser = async (req, res) => {
	const { email, userId } = req.body;

	const params = {
	TableName: USERS_TABLE,
	Key: {
	userId: userId,
	},
	};

	const params2 = {
	TableName: DELETED_USERS_TABLE,
	Key: {
	userId,
	},
	};

	try {
	const { $response } = await auth
	.adminDeleteUser({ UserPoolId: "sample userpool id", Username: email })
	.promise();

	if ($response.error) {
	errorResponse($response.error, res);
	}

	const { $response: getRes, Item } = await db.get(params);
	if (getRes.error) {
	errorResponse(getRes.error, res);
	}
	if (Item !== undefined) {
	params2["Item"] = Item;

	await db.put(params2);
	const { $response: dbRes, Attributes } = await db.delete(params);

	if (dbRes.error) {
	errorResponse(dbRes.error, res);
	}

	return res.status(OK).send({
	status: "success",
	data: {
	...Attributes,
	},
	});
	} else {
	errorResponse({ error: "Item is not found in the db" }, res);
	}
	} catch (error) {
	errorResponse(error, res);
	}
	};

	/**
	* Function that enables and disables the user in the user pool.
	* Disabled users cannot login
	* @param {object} req http request object
	* const { email, status } = req.body;
	* @param {object} res http response object
	*/
	const disableOrEnableUser = async (req, res) => {
	const { email, status } = req.body;
	try {
	const { $response } =
	status === "enable"
	? await auth
	.adminEnableUser({
	UserPoolId: "us-east-2_yw8hUaHPM",
	Username: email,
	})
	.promise()
	: await auth
	.adminDisableUser({
	UserPoolId: "us-east-2_yw8hUaHPM",
	Username: email,
	})
	.promise();

	if ($response.error) {
	errorResponse($response.error, res);
	}

	return res.status(OK).send({
	status: "success",
	data: {},
	});
	} catch (error) {
	errorResponse(error, res);
	}
	};

	module.exports = {
	createAdmin,
	removeAdminPrivilege,
	getAllUsers,
	deleteUser,
	disableOrEnableUser,
	};