router.get("/api/get-profile", async function (req, res) { var { token } = req.headers; try { let decoded = await jwt.verifyEx(token, secretKey); let username = decoded.username; let result = await User.findOne({ username }).exec(); if (result == null) return res.status(400).send('Your token is invalid!') res.status(200).send({ fullname: result.fullname }); } catch (e) { return res.status(500).send(serializeError(e)); } });
router.post("/api/set-profile", async function (req, res) { var { token } = req.headers; var { fullname } = req.body; try { let decoded = await jwt.verifyEx(token, secretKey); let username = decoded.username; let result = await User.findOne({ username }).exec(); if (result == null) return res.status(400).send('Your token is invalid!') if (fullname == null || fullname.length < 8) return res.status(400).send('Your full name cannot be less than 8 characters!'); result.fullname = fullname; await User.updateOne({ username }, { fullname }).exec(); res.status(200).send('Successfully change profile'); } catch (e) { return res.status(500).send(serializeError(e)); } });
router.post('/api/change-password', async function (req, res) { var { token } = req.headers; var { oldPassword, newPassword } = req.body; try { let decoded = await jwt.verifyEx(token, secretKey); let validateResult = validatePasswordForm(req.body); if (validateResult.ok != true) return res.status(400).send(validateResult.message); let username = decoded.username; let result = await User.findOne({ username }).exec(); if (result == null) return res.status(400).send('Your token is invalid!') let isPasswordRight = bcrypt.compare(oldPassword, result.password); if (isPasswordRight == false) return res.status(400).send("Incorrect username or password!"); await User.updateOne({ username }, { password: await bcrypt.hash(newPassword, await bcrypt.genSalt()), }).exec(); res.status(200).send('Successfully change password'); } catch (e) { return res.status(500).send(serializeError(e)); } });