module SnowmanIO module API class Users < Grape::API namespace :users do desc "User signup" params do requires :user, type: Hash do requires :name, type: String requires :password, type: String requires :email, type: String end end post do unless SnowmanIO.unpacked? user = User.create!(permitted_params[:user].to_h) { user: user } else status 400 { message: "SnowmanIO is unpacked already" } end end params do requires :token, type: String end post "check_invite" do { correct: !!( permitted_params[:token].present? && User.where(status: "wait_invite", invite_token: permitted_params[:token]).first ) } end params do requires :token, type: String requires :name, type: String requires :password, type: String end post "accept_invite" do if permitted_params[:token].present? && (user = User.where(status: "wait_invite", invite_token: permitted_params[:token]).first) user.update_attributes!( name: permitted_params[:name], password: permitted_params[:password], status: "active", invite_token: "" ) { user: user } else status 400 { message: "SnowmanIO bad accept_invite request" } end end desc "User Signin" params do requires :user, type: Hash do requires :email, type: String optional :password, type: String end end post "login" do email = permitted_params[:user][:email] password = permitted_params[:user][:password] if (user = User.where(email: email).first) && password.present? && user.authenticate(password) { token: user.authentication_token, email: user.email, user_id: user.id.to_s } else status 400 { message: "Wrong email or password" } end end params do requires :email, type: String end post "restore_password" do if user = User.where(email: permitted_params[:email]).first user.restore_password! {} else status 400 { message: "Unknown email" } end end params do requires :token, type: String requires :password, type: String end post "reset_password" do if permitted_params[:token].present? && (user = User.where(status: "active", restore_pass_token: permitted_params[:token]).first) user.update_attributes!( password: permitted_params[:password], restore_pass_token: "" ) { user: user } else status 400 { message: "SnowmanIO bad reset_password request" } end end desc "Follow user" post ":id/follow" do authenticate! user = User.find(params[:id]) current_user.follow!(user) user.touch current_user.touch { users: [current_user, user] } end desc "Unfollow user" post ":id/unfollow" do authenticate! user = User.find(params[:id]) current_user.unfollow!(user) user.touch current_user.touch { users: [current_user, user] } end post ":id/destroy" do authenticate! user = User.find(params[:id]) Extra::Meteor.model_destroy(User, user) { } end params do requires :email, type: String end post "invite" do authenticate! if User.where(email: permitted_params[:email]).empty? user = User.create!( email: permitted_params[:email], password: SecureRandom.hex, status: "wait_invite" ) user.invite!(current_user) { user: user } else status 400 { message: "wrong invite request" } end end post ":id/cancel_invite" do authenticate! user = User.where(status: "wait_invite").find(params[:id]) if user.invite_token.present? user.destroy { } else status 400 { message: "wrong invite cancel request" } end end post ":id/resend_invite" do authenticate! user = User.where(status: "wait_invite").find(params[:id]) if user.invite_token.present? user.invite!(current_user) { user: user } else status 400 { message: "wrong invite resend request" } end end params do requires :value, type: Boolean end post "profile/daily_report" do authenticate! current_user.update_attributes!(daily_report: permitted_params[:value]) { user: current_user } end params do requires :name, type: String end post "profile/update_name" do authenticate! current_user.update_attributes!(name: permitted_params[:name]) { user: current_user } end params do requires :email, type: String end post "profile/update_email" do authenticate! new_email = permitted_params[:email] if User.ne(_id: current_user._id).where(email: new_email).empty? current_user.update_attributes!(email: new_email) { user: current_user } else status 400 { message: "Duplicate email" } end end params do requires :password, type: String end post "profile/update_password" do authenticate! current_user.update_attributes!(password: permitted_params[:password]) { } end params do requires :token, type: String end post "check_pass_token" do { correct: !!( permitted_params[:token].present? && User.where(status: "active", restore_pass_token: permitted_params[:token]).first ) } end end end end end