qiuxu/nest-project
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

deleteUser needs to check the userId

Browse Source
This commit is contained in:
秦秋旭 2023-02-23 10:13:50 +08:00
parent 167d2e096a
commit 97094b36b5
3 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/email/email.service.ts
View File

@ -1,4 +1,9 @@
import { ConflictException, Inject, Injectable } from '@nestjs/common' import {
ConflictException,
Inject,
Injectable,
NotFoundException,
} from '@nestjs/common'
import { securityConfig, SecurityConfig } from 'src/common/configs' import { securityConfig, SecurityConfig } from 'src/common/configs'
import { MailerService } from '@nestjs-modules/mailer' import { MailerService } from '@nestjs-modules/mailer'
import { JwtService } from '@nestjs/jwt' import { JwtService } from '@nestjs/jwt'
@ -22,21 +27,21 @@ export class EmailService {
) {} ) {}
async sendEmailToken(email: string, scene: EmailScene) { async sendEmailToken(email: string, scene: EmailScene) {
const user = await this.prismaService.user.findUnique({
where: { email },
})
switch (scene) { switch (scene) {
case EmailScene.register: case EmailScene.register:
const user = await this.prismaService.user.findUnique({ case EmailScene.updateEmail:
where: { email },
})
if (user) { if (user) {
throw new ConflictException(`邮箱${email}已注册`) throw new ConflictException(`邮箱${email}已注册`)
} }
break break
case EmailScene.updatePassword: case EmailScene.updatePassword:
case EmailScene.updateEmail:
case EmailScene.deleteUser: case EmailScene.deleteUser:
await this.prismaService.user.findUniqueOrThrow({ if (!user) {
where: { email }, throw new NotFoundException(`用户${email}不存在`)
}) }
break break
} }

7
src/users/users.controller.ts
View File

@ -43,8 +43,11 @@ export class UsersController {
@NeedAuth() @NeedAuth()
@ApiOperation({ summary: '删除用户' }) @ApiOperation({ summary: '删除用户' })
@Delete('me') @Delete('me')
async deleteUser(@Body() userData: DeleteUserDto) { async deleteUser(
return this.userService.deleteUser(userData) @Body() userData: DeleteUserDto,
@User('userId') userId: string,
) {
return this.userService.deleteUser(userData, userId)
} }
@ApiOperation({ summary: '修改密码' }) @ApiOperation({ summary: '修改密码' })

24
src/users/users.service.ts
View File

@ -42,22 +42,30 @@ export class UsersService {
return this.tokenService.generateTokens({ userId: user.id }) return this.tokenService.generateTokens({ userId: user.id })
} }
async deleteUser(userData: DeleteUserDto) { async deleteUser(userToDelete: DeleteUserDto, userId: string) {
await this.verifyEmail( await this.verifyEmail(
userData.email, userToDelete.email,
userData.token, userToDelete.token,
userData.verifyCode, userToDelete.verifyCode,
EmailScene.deleteUser, EmailScene.deleteUser,
) )
const user = await this.prismaService.user.findUnique({ const user = await this.prismaService.user.findUniqueOrThrow({
where: { email: userData.email }, where: { email: userToDelete.email },
}) })
const passwordValid = await bcrypt.compare(user.password, userData.password) if (user.id !== userId) {
throw new ForbiddenException()
}
const passwordValid = await bcrypt.compare(
user.password,
userToDelete.password,
)
if (!passwordValid) { if (!passwordValid) {
throw new ForbiddenException('Invalid password') throw new ForbiddenException('Invalid password')
} }
return this.prismaService.user.delete({ where: { email: userData.email } }) return this.prismaService.user.delete({
where: { email: userToDelete.email },
})
} }
async updatePassword(payload: UpdatePassword) { async updatePassword(payload: UpdatePassword) {