ydeng/csc309-team58
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Multiple changes, basic rental CRUD backend implemented.

Browse Source 
All responses are now in their own object with context name.

Added limit to user based recent results for matches.

Moved all code in endpoints inside try and catch.

Renamed authentication guard function.
This commit is contained in:
Harrison Deng 2022-04-05 11:50:35 -05:00
parent a7885ecf53
commit 8f96a2e5c9
8 changed files with 273 additions and 116 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
sports-matcher/server/controllers/matchController.js
View File

@ -1,5 +1,5 @@
import express from "express";
import { authenticationGuard } from "../middleware/authority.js";
import { requireAuthenticated } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js";
import matchModel from "../schemas/matchModel.js";
import sportModel from "../schemas/sportModel.js";
@ -18,7 +18,7 @@ MatchController.get("/search/:sport", needDatabase, async (req, res) => {
if (req.query.beforeDate) query.where("when").lte(req.query.beforeDate);
let queryResults = await query;
res.send({ queryResults });
res.send({ results: queryResults });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
@ -26,40 +26,43 @@ MatchController.get("/search/:sport", needDatabase, async (req, res) => {
});
MatchController.get("/recent/:limit?", needDatabase, async (req, res) => {
const user = req.user;
let limit = parseInt(req.params.limit);
if (!req.params.limit) limit = 10;
if (isNaN(limit)) {
console.log(typeof (limit));
res.status(400).send("Limit parameter is not a number.");
return;
}
if (isNaN(limit)) {
res.status(400).send("Limit parameter not a number.");
return;
}
if (limit > 50) {
res.status(400).send("Limit greater than maximum limit of 50.");
return;
}
let recent = null;
try {
let user = null;
if (req.session.userId) {
user = await userModel.findById(req.session.userId);
}
let limit = parseInt(req.params.limit);
if (!req.params.limit) limit = 10;
if (isNaN(limit)) {
console.log(typeof (limit));
res.status(400).send("Limit parameter is not a number.");
return;
}
if (isNaN(limit)) {
res.status(400).send("Limit parameter not a number.");
return;
}
if (limit > 50) {
res.status(400).send("Limit greater than maximum limit of 50.");
return;
}
let recent = null;
if (user) {
await user.populate("participatingMatches").populate("participatingMatches.participants").populate("participatingMatches.sport");
recent = user.participatingMatches;
await user.populate("participatingMatches");
recent = user.participatingMatches.slice(-limit);
} else {
recent = await matchModel.find().where("publicity").gte(2).limit(limit).sort({ createDate: -1 });
}
await recent.populate("members.$"); // Populates all references.
res.status(200).send({ recent: recent });
} catch (err) {
console.error(err);
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
// TODO: Check and improve error handling.
}
});
MatchController.post("/", needDatabase, authenticationGuard, async (req, res) => {
MatchController.post("/", needDatabase, requireAuthenticated, async (req, res) => {
try {
const userId = req.session.userId;
const user = await userModel.findById(userId);
@ -77,7 +80,7 @@ MatchController.post("/", needDatabase, authenticationGuard, async (req, res) =>
user.createdMatches.push(match._id);
user.participatingMatches.push(match._id);
await user.save();
res.status(201).send(match);
res.status(201).send({ createdMatch: match });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
@ -85,110 +88,129 @@ MatchController.post("/", needDatabase, authenticationGuard, async (req, res) =>
}
});
MatchController.patch("/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
MatchController.patch("/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
if (req.body._id) {
res.status(400).send("Cannot change ID of match.");
return;
}
if (req.body._id) {
res.status(400).send("Cannot change ID of match.");
return;
}
if (req.body.creator) {
res.status(400).send("Cannot change creator of match.");
return;
}
if (req.body.creator) {
res.status(400).send("Cannot change creator of match.");
return;
}
await match.updateOne(req.body);
res.status(200).send({ updatedMatch: match });
await match.updateOne(req.body);
res.status(200).send(match);
} catch (error) {
res.status(200).send("Internal server error.");
}
});
MatchController.delete("/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
MatchController.delete("/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
await match.deleteOne();
res.status(200).send("Deleted.");
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
await match.deleteOne();
res.status(200).send("Deleted.");
});
MatchController.get("/:id", needDatabase, async (req, res) => {
if (!req.params.id) {
res.status(404).send("Id must be provided to retrieve match");
return;
}
try {
if (!req.params.id) {
res.status(404).send("Id must be provided to retrieve match");
return;
}
const match = await matchModel.findById(req.params.id).populate("sport");
if (match) {
res.status(200).send(match);
res.status(200).send({ match: match });
} else {
res.status(404).send("Could not find match with ID: " + req.params.id);
}
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
// TODO: Develop the error handling.
// TODO: Improve the error handling.
}
});
MatchController.get("/join/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
const user = req.user;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
MatchController.get("/join/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const match = await matchModel.findById(req.params.id);
const user = req.user;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (user.participatingMatches.includes(match._id)) {
res.status(400).send("Already participating in match.");
return;
}
match.participants.push(user._id);
user.participatingMatches.push(match._id);
await match.save();
await user.save();
res.status(200).send("Joined.");
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
}
if (user.participatingMatches.includes(match._id)) {
res.status(400).send("Already participating in match.");
return;
}
match.participants.push(user._id);
user.participatingMatches.push(match._id);
await match.save();
await user.save();
res.status(200).send("Joined.");
});
MatchController.get("/leave/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
const user = req.user;
MatchController.get("/leave/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const match = await matchModel.findById(req.params.id);
const user = req.user;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (!user.participatingMatches.includes(match._id)) {
res.status(400).send("Not part of match.");
return;
}
const userIndex = match.participants.indexOf(user._id);
match.participants.splice(userIndex, 1);
await match.save();
const matchIndex = user.participatingMatches.indexOf(match._id);
user.participatingMatches.splice(matchIndex, 1);
await user.save();
res.status(200).send("Left match.");
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
}
if (!user.participatingMatches.includes(match._id)) {
res.status(400).send("Not part of match.");
return;
}
const userIndex = match.participants.indexOf(user._id);
match.participants.splice(userIndex, 1);
await match.save();
const matchIndex = user.participatingMatches.indexOf(match._id);
user.participatingMatches.splice(matchIndex, 1);
await user.save();
res.status(200).send("Left match.");
});
export default MatchController;

114
sports-matcher/server/controllers/rentalController.js Normal file
View File

@ -0,0 +1,114 @@
import express from "express";
import { requireAuthenticated } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js";
import rentalModel from "../schemas/rentalModel.js";
import userModel from "../schemas/userModel.js";
const rentalController = express.Router();
rentalController.post("/", needDatabase, requireAuthenticated, async (req, res) => {
try {
const user = req.user;
req.body.createDate = undefined;
req.body.creator = user._id;
const rental = new rentalModel(req.body);
await rental.save();
res.status(201).send({ createdRental: rental });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
}
});
rentalController.get("/:id", needDatabase, async (req, res) => {
try {
const rental = await rentalModel.findById(req.params.id).populate("creator");
res.status(200).send({ rental: rental });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
}
});
rentalController.get("/recent/:limit?", needDatabase, async (req, res) => {
try {
let user = null;
if (req.session.userId) {
user = await userModel.findById(req.session.userId);
}
let limit = parseInt(req.params.limit);
if (!req.params.limit) limit = 10;
if (isNaN(limit)) {
console.log(typeof (limit));
res.status(400).send("Limit parameter is not a number.");
return;
}
if (isNaN(limit)) {
res.status(400).send("Limit parameter not a number.");
return;
}
if (limit > 50) {
res.status(400).send("Limit greater than maximum limit of 50.");
return;
}
let recent = null;
if (user) {
await user.populate("createdRentals");
recent = user.createdRentals.slice(-limit);
} else {
recent = await rentalModel.find().limit(limit).sort({ createDate: -1 });
}
await recent.populate("members.$");
res.status(200).send({ recent: recent });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
}
});
rentalController.patch("/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const rental = await rentalModel.findById(req.params.id);
if (!rental) {
res.status(400).send("Invalid rental ID provided.");
return;
}
if (req.body._id) {
res.status(400).send("Cannot change ID of rental.");
return;
}
if (req.body.creator) {
res.status(400).send("Cannot change creator of rental.");
return;
}
if (req.user._id !== rental.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
await rental.updateOne(req.body);
res.status(200).send({ updated: rental });
} catch (error) {
console.error(error);
res.status(500).send("Internal server error.");
}
});
rentalController.delete("/:id", needDatabase, requireAuthenticated, async (req, res) => {
try {
const rental = await rentalModel.findById(req.params.id);
if (!rental) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (req.user._id !== rental.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
await rental.deleteOne();
res.status(200).send("Deleted.");
} catch (error) {
console.error(error);
res.status(500).send("Internal server error");
}
});

4
sports-matcher/server/controllers/sportController.js
View File

@ -1,12 +1,12 @@
import express from "express";
import { authenticationGuard } from "../middleware/authority.js";
import { requireAuthenticated } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js";
import sportModel from "../schemas/sportModel.js";
import userModel from "../schemas/userModel.js";
const SportController = express.Router();
SportController.post("/", needDatabase, authenticationGuard, async (req, res) => {
SportController.post("/", needDatabase, requireAuthenticated, async (req, res) => {
const user = await userModel.findById(req.session.userId);
try {
if (user.accessLevel <= 2) {

10
sports-matcher/server/controllers/userController.js
View File

@ -1,5 +1,5 @@
import express from "express";
import { authenticationGuard } from "../middleware/authority.js";
import { requireAuthenticated } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js";
import userModel from "../schemas/userModel.js";
import User from "../schemas/userModel.js";
@ -34,7 +34,7 @@ UserController.post("/login", needDatabase, async (req, res) => {
}
});
UserController.get("/logout", authenticationGuard, (req, res) => {
UserController.get("/logout", requireAuthenticated, (req, res) => {
req.session.destroy((err) => {
if (err) {
console.error(err);
@ -50,7 +50,7 @@ UserController.get("/logout", authenticationGuard, (req, res) => {
});
});
UserController.get("/:id?", needDatabase, authenticationGuard, async (req, res) => {
UserController.get("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {
@ -66,7 +66,7 @@ UserController.get("/:id?", needDatabase, authenticationGuard, async (req, res)
res.status(200).send(user);
});
UserController.patch("/:id?", needDatabase, authenticationGuard, async (req, res) => {
UserController.patch("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {
@ -114,7 +114,7 @@ UserController.patch("/:id?", needDatabase, authenticationGuard, async (req, res
/* TODO: Implement middleware for removing users.
UserController.delete("/:id?", needDatabase, authenticationGuard, async (req, res) => {
UserController.delete("/:id?", needDatabase, requireAuthenticated, async (req, res) => {
let user = null;
if (req.params.id) {
if (req.user.accessLevel > 2) {

6
sports-matcher/server/middleware/authority.js
View File

@ -17,7 +17,7 @@ if (process.env.NODE_ENV === "production") {
}
export const userSession = session(sessionConf);
export async function authenticationGuard(req, res, next) {
export async function requireAuthenticated(req, res, next) {
if (req.session.userId) {
req.user = await userModel.findById(req.session.userId);
next();
@ -26,7 +26,3 @@ export async function authenticationGuard(req, res, next) {
return;
}
}
// TODO: Authentication
// TODO: Identity
// TODO: Authority

3
sports-matcher/server/schemas/modelNameRegister.js
View File

@ -1,5 +1,6 @@
export default {
Match: "match",
User: "user",
Sport: "sport"
Sport: "sport",
Rental: "rental",
};

23
sports-matcher/server/schemas/rentalModel.js Normal file
View File

@ -0,0 +1,23 @@
import mongoose from "mongoose";
import modelNameRegister from "./modelNameRegister";
const Types = mongoose.Schema.Types;
const rentalSchema = new mongoose.Schema({
title: { type: String, required: true, trim: true },
rate: { type: String, required: true, trim: true },
description: { type: String, required: true },
contact: { type: String, required: true },
createDate: { type: Date, required: true, default: Date.now },
creator: { type: Types.ObjectId, ref: modelNameRegister.User }
});
rentalSchema.pre("remove", async function (next) {
const rental = this;
const rentalInd = rental.creator.createdRentals.indexOf(rental._id);
rental.creator.createdRentals.splice(rentalInd, 1);
await rental.save();
next();
});
export default mongoose.model(modelNameRegister.Rental, rentalSchema);

1
sports-matcher/server/schemas/userModel.js
View File

@ -29,6 +29,7 @@ const userSchema = new mongoose.Schema({
},
createdMatches: { type: [{ type: Types.ObjectId, ref: modelNameRegister.Match }], required: true, default: [] },
participatingMatches: { type: [{ type: Types.ObjectId, ref: modelNameRegister.Match }], required: true, default: [] },
createdRentals: { type: [{ type: Types.ObjectId, ref: modelNameRegister.Rental }], required: true, default: [] },
emailPublicity: { type: Number, required: true, default: 0 },
bioPublicity: { type: Boolean, required: true, default: false },
phonePublicity: { type: Boolean, required: true, default: false },