ydeng/sports-matcher
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added U and D endpoints.

Browse Source
This commit is contained in:
Harrison Deng 2022-04-04 22:50:26 -05:00
parent ba566040b1
commit 7dd862e134
4 changed files with 176 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
sports-matcher/server/controllers/matchController.js
View File

@ -46,7 +46,6 @@ MatchController.get("/recent/:limit?", needDatabase, async (req, res) => {
} }
}); });
// TODO: delete, update match.
MatchController.post("/", needDatabase, authenticationGuard, async (req, res) => { MatchController.post("/", needDatabase, authenticationGuard, async (req, res) => {
try { try {
const userId = req.session.userId; const userId = req.session.userId;
@ -73,6 +72,47 @@ MatchController.post("/", needDatabase, authenticationGuard, async (req, res) =>
} }
}); });
MatchController.patch("/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
if (req.body._id) {
res.status(400).send("Cannot change ID of match.");
return;
}
if (req.body.creator) {
res.status(400).send("Cannot change creator of match.");
return;
}
await match.updateOne(req.body);
res.status(200).send(match);
});
MatchController.delete("/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (req.user._id !== match.creator && req.user.accessLevel < 3) {
res.status(401).send("Not authorized.");
return;
}
await match.deleteOne();
});
MatchController.get("/:matchId", needDatabase, async (req, res) => { MatchController.get("/:matchId", needDatabase, async (req, res) => {
if (!req.params.matchId) { if (!req.params.matchId) {
res.status(404).send("Id must be provided to retrieve match"); res.status(404).send("Id must be provided to retrieve match");
@ -91,4 +131,51 @@ MatchController.get("/:matchId", needDatabase, async (req, res) => {
} }
}); });
MatchController.get("/join/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
const user = req.user;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (user.participatingMatches.includes(match._id)) {
res.status(400).send("Already participating in match.");
return;
}
match.participants.push(user._id);
user.participatingMatches.push(match._id);
await match.save();
await user.save();
res.status(200).send("Joined.");
});
MatchController.get("/leave/:id", needDatabase, authenticationGuard, async (req, res) => {
const match = await matchModel.findById(req.params.id);
const user = req.user;
if (!match) {
res.status(400).send("Invalid match ID provided.");
return;
}
if (!user.participatingMatches.includes(match._id)) {
res.status(400).send("Not part of match.");
return;
}
const userIndex = match.participants.indexOf(user._id);
match.participants.splice(userIndex, 1);
await match.save();
const matchIndex = user.participatingMatches.indexOf(match._id);
user.participatingMatches.splice(matchIndex, 1);
await user.save();
res.status(200).send("Left match.");
});
export default MatchController; export default MatchController;

137
sports-matcher/server/controllers/userController.js
View File

@ -1,6 +1,7 @@
import express from "express"; import express from "express";
import { authenticationGuard } from "../middleware/authority.js"; import { authenticationGuard } from "../middleware/authority.js";
import { needDatabase } from "../middleware/database.js"; import { needDatabase } from "../middleware/database.js";
import userModel from "../schemas/userModel.js";
import User from "../schemas/userModel.js"; import User from "../schemas/userModel.js";
const UserController = express.Router(); const UserController = express.Router();
@ -49,84 +50,88 @@ UserController.get("/logout", authenticationGuard, (req, res) => {
}); });
}); });
UserController.get("/email/:userId?", needDatabase, authenticationGuard, async (req, res) => { UserController.get("/:id?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId; let user = null;
const curUser = await User.findById(req.session.userId); if (req.params.id) {
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (req.user.accessLevel > 2) {
if (selUser.email.public || curUser._id === selUser._id || curUser.accessLevel > 2) { user = await userModel.findById(req.params.id);
res.status(200).send({ email: selUser.email }); } else {
res.status(401).send("Unauthorized.");
return;
}
} else { } else {
res.status(401).send("Could not authenticate request."); user = req.user;
} }
user.password = undefined;
res.status(200).send(user);
}); });
UserController.get("/firstName/:userId?", needDatabase, authenticationGuard, async (req, res) => { UserController.patch("/:id?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId; let user = null;
const curUser = await User.findById(req.session.userId); if (req.params.id) {
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); if (req.user.accessLevel > 2) {
if (selUser.firstName.public || curUser._id === selUser._id || curUser.accessLevel > 2) { user = await userModel.findById(req.params.id);
res.status(200).send({ firstName: selUser.firstName }); } else {
res.status(401).send("Unauthorized.");
return;
}
} else { } else {
res.status(401).send("Could not authenticate request."); user = req.user;
} }
if (req.body._id) {
res.status(400).send("Cannot change user ID.");
return;
}
if (req.body.createdMatches) {
res.status(400).send("Cannot directly change the list of created matches.");
return;
}
if (req.body.password) {
res.status(400).send("Cannot directly change user password.");
return;
}
if (req.body.participatingMatches) {
res.status(400).send("Cannot directly change the list of participating matches.");
return;
}
if (req.body.joinDate) {
res.status(400).send("Cannot change the join date.");
return;
}
if (req.body.accessLevel && req.user.accessLevel < 3) {
res.status(401).send("Unauthorized to change the access level of this user.");
return;
}
await user.updateOne(req.body);
res.status(200).send("Updated.");
}); });
UserController.get("/lastName/:userId?", needDatabase, authenticationGuard, async (req, res) => { /* TODO: Implement middleware for removing users.
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId); UserController.delete("/:id?", needDatabase, authenticationGuard, async (req, res) => {
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId); let user = null;
if (selUser.lastName.public || curUser._id === selUser._id || curUser.accessLevel > 2) { if (req.params.id) {
res.status(200).send({ email: selUser.lastName }); if (req.user.accessLevel > 2) {
user = await userModel.findById(req.params.id);
} else {
res.status(401).send("Unauthorized.");
return;
}
} else { } else {
res.status(401).send("Could not authenticate request."); user = req.user;
} }
await user.deleteOne();
res.status(200).send("Deleted user.");
}); });
UserController.get("/phone/:userId?", needDatabase, authenticationGuard, async (req, res) => { */
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.phone.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ phone: selUser.phone });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/participatingMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (selUser.participatingMatches.public || curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ participatingMatches: selUser.participatingMatches });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/joinDate/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ joinDate: selUser.joinDate });
} else {
res.status(401).send("Could not authenticate request.");
}
});
UserController.get("/createdMatches/:userId?", needDatabase, authenticationGuard, async (req, res) => {
if (!req.params.userId) req.params.userId = req.session.userId;
const curUser = await User.findById(req.session.userId);
const selUser = req.session.userId === req.params.userId ? curUser : await User.findById(req.params.userId);
if (curUser._id === selUser._id || curUser.accessLevel > 2) {
res.status(200).send({ createdMatches: selUser.createdMatches });
} else {
res.status(401).send("Could not authenticate request.");
}
});
// TODO: Finish update requests using put.
UserController.post("/", needDatabase, async (req, res) => { UserController.post("/", needDatabase, async (req, res) => {
try { try {

6
sports-matcher/server/middleware/authority.js
View File

@ -1,6 +1,7 @@
import MongoStore from "connect-mongo"; import MongoStore from "connect-mongo";
import session from "express-session"; import session from "express-session";
import { mongooseDbName, mongoURI } from "../database/mongoose.js"; import { mongooseDbName, mongoURI } from "../database/mongoose.js";
import userModel from "../schemas/userModel.js";
const sessionConf = { const sessionConf = {
secret: process.env.SESSION_SECRET || "super duper secret string.", secret: process.env.SESSION_SECRET || "super duper secret string.",
cookie: { cookie: {
@ -16,11 +17,12 @@ if (process.env.NODE_ENV === "production") {
} }
export const userSession = session(sessionConf); export const userSession = session(sessionConf);
export function authenticationGuard(req, res, next) { export async function authenticationGuard(req, res, next) {
if (req.session.userId) { if (req.session.userId) {
req.user = await userModel.findById(req.session.userId);
next(); next();
} else { } else {
res.sendStatus(401); res.status(401).send("Not authorized.");
return; return;
} }
} }

13
sports-matcher/server/schemas/matchModel.js
View File

@ -24,4 +24,17 @@ const matchSchema = new mongoose.Schema({
createDate: { type: Date, required: true, default: Date.now } createDate: { type: Date, required: true, default: Date.now }
}); });
matchSchema.pre("remove", function (next) {
const match = this;
match.populate("creator").populate("participants");
match.participants.forEach(participant => {
const index = participant.participatingMatches.indexOf(match._id);
participant.participatingMatches.splice(index, 1);
});
match.creator.createdMatches.splice(match.creator.createdMatches.indexOf(match._id), 1);
next();
});
export default mongoose.model(ModelNameRegister.Match, matchSchema); export default mongoose.model(ModelNameRegister.Match, matchSchema);