Note routes
parent
456f48157a
commit
cb092b7f91
|
@ -1,17 +1,18 @@
|
||||||
const mongoose = require('mongoose');
|
const mongoose = require('mongoose');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
// TODO: verify auth
|
module.exports = (req, res, next) => {
|
||||||
|
|
||||||
module.exports = (req, res) => {
|
|
||||||
const NoteModel = mongoose.model('Note');
|
const NoteModel = mongoose.model('Note');
|
||||||
|
|
||||||
const Note = new NoteModel({ title: req.body.title, text: req.body.text });
|
const { user } = jwt.decode(req.headers.authorization);
|
||||||
|
|
||||||
|
const Note = new NoteModel({ title: req.body.title, text: req.body.text, user: user.id });
|
||||||
|
|
||||||
Note.save((err) => {
|
Note.save((err) => {
|
||||||
if (err) {
|
if (err) {
|
||||||
return res.status(400).json({ success: false, msg: 'Title and text must not be blank.' });
|
return next({ status: 400, error: [err] });
|
||||||
}
|
}
|
||||||
|
|
||||||
return res.status(200).json(Note);
|
return res.status(201).json(Note);
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,19 +1,26 @@
|
||||||
const mongoose = require('mongoose');
|
const mongoose = require('mongoose');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
// TODO: verify auth
|
module.exports = (req, res, next) => {
|
||||||
// TODO: verify owner
|
|
||||||
|
|
||||||
module.exports = (req, res) => {
|
|
||||||
const NoteModel = mongoose.model('Note');
|
const NoteModel = mongoose.model('Note');
|
||||||
|
|
||||||
NoteModel.findOneAndDelete({ _id: req.params.id }, (err, note) => {
|
const { user } = jwt.decode(req.headers.authorization);
|
||||||
if (err) return res.status(500).send(err);
|
|
||||||
if (!note) return res.status(404).json({ message: 'Note does not exists.' });
|
NoteModel.findOne({ _id: req.params.id }, (err, note) => {
|
||||||
|
if (err) return next({ status: 500, error: [err] });
|
||||||
|
if (!note) return next({ status: 404, message: 'Note does not exists.' });
|
||||||
|
|
||||||
|
if (note.user.toString() !== user.id) {
|
||||||
|
return next({ status: 403, message: 'Access forbidden.' });
|
||||||
|
}
|
||||||
|
|
||||||
|
note.delete();
|
||||||
|
|
||||||
const response = {
|
const response = {
|
||||||
|
success: true,
|
||||||
message: 'Note successfully deleted',
|
message: 'Note successfully deleted',
|
||||||
};
|
};
|
||||||
|
|
||||||
return res.status(200).send(response);
|
return res.status(204).send(response);
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
|
@ -5,6 +5,10 @@ const create = require('./create');
|
||||||
const update = require('./update');
|
const update = require('./update');
|
||||||
const remove = require('./delete');
|
const remove = require('./delete');
|
||||||
|
|
||||||
|
const CreateValidation = require.main.require('./app/validation/note/create');
|
||||||
|
const UpdateValidation = require.main.require('./app/validation/note/update');
|
||||||
|
const Authentication = require.main.require('./app/validation/auth');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @api {get} /note/:id Get note
|
* @api {get} /note/:id Get note
|
||||||
* @apiName GetNotes
|
* @apiName GetNotes
|
||||||
|
@ -15,25 +19,21 @@ const remove = require('./delete');
|
||||||
* @apiSuccess {string} title Title of the note.
|
* @apiSuccess {string} title Title of the note.
|
||||||
* @apiSuccess {string} text Text of the note.
|
* @apiSuccess {string} text Text of the note.
|
||||||
*/
|
*/
|
||||||
note.get('/:id', single);
|
note.get('/:id', Authentication, single);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @api {post} /note Create note
|
* @api {post} /note Create note
|
||||||
* @apiName CreateNote
|
* @apiName CreateNote
|
||||||
* @apiGroup Note
|
* @apiGroup Note
|
||||||
|
* @apiHeaderExample {json} Header-Example:
|
||||||
|
* {
|
||||||
|
* "Authorization": "<Access_Token>"
|
||||||
|
* }
|
||||||
*
|
*
|
||||||
* @apiSuccess {Object} Object Created note.
|
* @apiSuccess {string} title Title of the note.
|
||||||
|
* @apiSuccess {string} text Text of the note.
|
||||||
*/
|
*/
|
||||||
note.post('/', create);
|
note.post('/', Authentication, CreateValidation, create);
|
||||||
|
|
||||||
/**
|
|
||||||
* @api {delete} /note/:id Delete note
|
|
||||||
* @apiName DeleteNote
|
|
||||||
* @apiGroup Note
|
|
||||||
*
|
|
||||||
* @apiParam {String} id Note unique ID.
|
|
||||||
*/
|
|
||||||
note.delete('/:id', remove);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @api {put} /note/:id Update note
|
* @api {put} /note/:id Update note
|
||||||
|
@ -42,8 +42,31 @@ note.delete('/:id', remove);
|
||||||
*
|
*
|
||||||
* @apiParam {String} id Note unique ID.
|
* @apiParam {String} id Note unique ID.
|
||||||
*
|
*
|
||||||
* @apiSuccess {Object} Object Updated note.
|
* @apiSuccess {string} title Title of the note.
|
||||||
|
* @apiSuccess {string} text Text of the note.
|
||||||
*/
|
*/
|
||||||
note.put('/:id', update);
|
note.put('/:id', Authentication, UpdateValidation, update);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @api {delete} /note/:id Delete note
|
||||||
|
* @apiName DeleteNote
|
||||||
|
* @apiGroup Note
|
||||||
|
* @apiSuccessExample {json} Success-Response:
|
||||||
|
* HTTP/1.1 200 OK
|
||||||
|
* {
|
||||||
|
* "success": true,
|
||||||
|
* "message": "Note successfully deleted."
|
||||||
|
* }
|
||||||
|
* @apiErrorExample {json} Error-Response:
|
||||||
|
* HTTP/1.1 403 Not Found
|
||||||
|
* {
|
||||||
|
* "success": false,
|
||||||
|
* "message": "Access forbidden.",
|
||||||
|
* "errors": []
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* @apiParam {String} id Note unique ID.
|
||||||
|
*/
|
||||||
|
note.delete('/:id', Authentication, remove);
|
||||||
|
|
||||||
module.exports = note;
|
module.exports = note;
|
||||||
|
|
|
@ -1,21 +1,20 @@
|
||||||
const mongoose = require('mongoose');
|
const mongoose = require('mongoose');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
// TODO: verify owner
|
module.exports = (req, res, next) => {
|
||||||
|
|
||||||
module.exports = (req, res) => {
|
|
||||||
const NoteModel = mongoose.model('Note');
|
const NoteModel = mongoose.model('Note');
|
||||||
|
|
||||||
|
const { user } = jwt.decode(req.headers.authorization);
|
||||||
|
|
||||||
NoteModel.findOne({ _id: req.params.id })
|
NoteModel.findOne({ _id: req.params.id })
|
||||||
.lean()
|
.lean()
|
||||||
.exec()
|
.exec()
|
||||||
.then((result) => {
|
.then((note) => {
|
||||||
if (result === null) {
|
if (note.user.toString() !== user.id) {
|
||||||
res.status(404).json({ success: false, msg: 'Note does not exists.' });
|
return next({ status: 403, message: 'Access forbidden.' });
|
||||||
}
|
}
|
||||||
|
|
||||||
res.status(200).json(result);
|
return res.status(200).json(note);
|
||||||
})
|
})
|
||||||
.catch(() => {
|
.catch(() => next({ status: 404, message: 'Note does not exists.' }));
|
||||||
res.status(404).json({ success: false, msg: 'Note does not exists.' });
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,28 +1,23 @@
|
||||||
const mongoose = require('mongoose');
|
const mongoose = require('mongoose');
|
||||||
|
const jwt = require('jsonwebtoken');
|
||||||
|
|
||||||
// TODO: verify auth
|
module.exports = (req, res, next) => {
|
||||||
// TODO: verify owner
|
|
||||||
|
|
||||||
module.exports = (req, res) => {
|
|
||||||
const NoteModel = mongoose.model('Note');
|
const NoteModel = mongoose.model('Note');
|
||||||
|
|
||||||
NoteModel.findOneAndUpdate(
|
const { user } = jwt.decode(req.headers.authorization);
|
||||||
// the id of the item to find
|
|
||||||
{ _id: req.params.id },
|
|
||||||
|
|
||||||
// the change to be made. Mongoose will smartly combine your existing
|
NoteModel.findOne({ _id: req.params.id }, (err, note) => {
|
||||||
// document with this change, which allows for partial updates too
|
if (err) return next({ status: 500, error: [err] });
|
||||||
req.body,
|
if (!note) return next({ status: 404, message: 'Note does not exists.' });
|
||||||
|
|
||||||
// an option that asks mongoose to return the updated version
|
if (note.user.toString() !== user.id) {
|
||||||
// of the document instead of the pre-updated one.
|
return next({ status: 403, message: 'Access forbidden.' });
|
||||||
{ new: true },
|
}
|
||||||
|
|
||||||
// the callback function
|
note.title = req.body.title || note.title;
|
||||||
(err, note) => {
|
note.text = req.body.text || note.text;
|
||||||
// Handle any possible database errors
|
note.save();
|
||||||
if (err) return res.status(500).send(err);
|
|
||||||
return res.json(note);
|
return res.status(200).send(note);
|
||||||
},
|
});
|
||||||
);
|
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue