Add users api route

app/routes/routes.js

@@ -8,6 +8,7 @@ var login = require('./login.js');
 var panel = require('./panel.js');
 var keys = require('./keys.js');
 var invites = require('./invites.js');
+var users = require('./users.js');
 
 var Key = require('../models/Key.js');
 
@@ -50,6 +51,7 @@ module.exports = function (app) {
     app.use('/api/auth', auth);
     app.use('/api/keys', requireLogin, keys);
     app.use('/api/invites', requireLogin, invites);
+    app.use('/api/users', requireLogin, users);
     app.use('/register', register);
     app.use('/login', login);
     app.use('/panel', requireLogin, panel);

app/routes/users.js

@@ -0,0 +1,33 @@
+var express = require('express');
+var router = express.Router();
+
+var User = require('../models/User.js');
+
+var requireScope = function (perm) {
+    return function(req, res, next) {
+        User.findOne({username: req.session.passport.user}, function(err, user) {
+            if (err) throw err;
+            if (user.scope.indexOf(perm) === -1)
+                res.status(400).json({'message': 'No permission.'});
+            else
+                next();
+        });
+    }
+};
+
+router.get('/get', requireScope('users.view'), function (req, res, next) {
+    var query = {};
+
+    if (req.body.username)
+        query.username = req.body.username;
+
+    User.find(query, function (err, users) {
+        if (err) {
+            next(err)
+        } else {
+            res.status(200).json(users);
+        }
+    })
+});
+
+module.exports = router;