Note routes

pull/1/head
sundowndev 2018-11-15 19:28:33 +01:00
parent 456f48157a
commit cb092b7f91
5 changed files with 83 additions and 58 deletions

View File

@ -1,17 +1,18 @@
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
// TODO: verify auth module.exports = (req, res, next) => {
module.exports = (req, res) => {
const NoteModel = mongoose.model('Note'); const NoteModel = mongoose.model('Note');
const Note = new NoteModel({ title: req.body.title, text: req.body.text }); const { user } = jwt.decode(req.headers.authorization);
const Note = new NoteModel({ title: req.body.title, text: req.body.text, user: user.id });
Note.save((err) => { Note.save((err) => {
if (err) { if (err) {
return res.status(400).json({ success: false, msg: 'Title and text must not be blank.' }); return next({ status: 400, error: [err] });
} }
return res.status(200).json(Note); return res.status(201).json(Note);
}); });
}; };

View File

@ -1,19 +1,26 @@
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
// TODO: verify auth module.exports = (req, res, next) => {
// TODO: verify owner
module.exports = (req, res) => {
const NoteModel = mongoose.model('Note'); const NoteModel = mongoose.model('Note');
NoteModel.findOneAndDelete({ _id: req.params.id }, (err, note) => { const { user } = jwt.decode(req.headers.authorization);
if (err) return res.status(500).send(err);
if (!note) return res.status(404).json({ message: 'Note does not exists.' }); NoteModel.findOne({ _id: req.params.id }, (err, note) => {
if (err) return next({ status: 500, error: [err] });
if (!note) return next({ status: 404, message: 'Note does not exists.' });
if (note.user.toString() !== user.id) {
return next({ status: 403, message: 'Access forbidden.' });
}
note.delete();
const response = { const response = {
success: true,
message: 'Note successfully deleted', message: 'Note successfully deleted',
}; };
return res.status(200).send(response); return res.status(204).send(response);
}); });
}; };

View File

@ -5,6 +5,10 @@ const create = require('./create');
const update = require('./update'); const update = require('./update');
const remove = require('./delete'); const remove = require('./delete');
const CreateValidation = require.main.require('./app/validation/note/create');
const UpdateValidation = require.main.require('./app/validation/note/update');
const Authentication = require.main.require('./app/validation/auth');
/** /**
* @api {get} /note/:id Get note * @api {get} /note/:id Get note
* @apiName GetNotes * @apiName GetNotes
@ -15,25 +19,21 @@ const remove = require('./delete');
* @apiSuccess {string} title Title of the note. * @apiSuccess {string} title Title of the note.
* @apiSuccess {string} text Text of the note. * @apiSuccess {string} text Text of the note.
*/ */
note.get('/:id', single); note.get('/:id', Authentication, single);
/** /**
* @api {post} /note Create note * @api {post} /note Create note
* @apiName CreateNote * @apiName CreateNote
* @apiGroup Note * @apiGroup Note
* @apiHeaderExample {json} Header-Example:
* {
* "Authorization": "<Access_Token>"
* }
* *
* @apiSuccess {Object} Object Created note. * @apiSuccess {string} title Title of the note.
* @apiSuccess {string} text Text of the note.
*/ */
note.post('/', create); note.post('/', Authentication, CreateValidation, create);
/**
* @api {delete} /note/:id Delete note
* @apiName DeleteNote
* @apiGroup Note
*
* @apiParam {String} id Note unique ID.
*/
note.delete('/:id', remove);
/** /**
* @api {put} /note/:id Update note * @api {put} /note/:id Update note
@ -42,8 +42,31 @@ note.delete('/:id', remove);
* *
* @apiParam {String} id Note unique ID. * @apiParam {String} id Note unique ID.
* *
* @apiSuccess {Object} Object Updated note. * @apiSuccess {string} title Title of the note.
* @apiSuccess {string} text Text of the note.
*/ */
note.put('/:id', update); note.put('/:id', Authentication, UpdateValidation, update);
/**
* @api {delete} /note/:id Delete note
* @apiName DeleteNote
* @apiGroup Note
* @apiSuccessExample {json} Success-Response:
* HTTP/1.1 200 OK
* {
* "success": true,
* "message": "Note successfully deleted."
* }
* @apiErrorExample {json} Error-Response:
* HTTP/1.1 403 Not Found
* {
* "success": false,
* "message": "Access forbidden.",
* "errors": []
* }
*
* @apiParam {String} id Note unique ID.
*/
note.delete('/:id', Authentication, remove);
module.exports = note; module.exports = note;

View File

@ -1,21 +1,20 @@
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
// TODO: verify owner module.exports = (req, res, next) => {
module.exports = (req, res) => {
const NoteModel = mongoose.model('Note'); const NoteModel = mongoose.model('Note');
const { user } = jwt.decode(req.headers.authorization);
NoteModel.findOne({ _id: req.params.id }) NoteModel.findOne({ _id: req.params.id })
.lean() .lean()
.exec() .exec()
.then((result) => { .then((note) => {
if (result === null) { if (note.user.toString() !== user.id) {
res.status(404).json({ success: false, msg: 'Note does not exists.' }); return next({ status: 403, message: 'Access forbidden.' });
} }
res.status(200).json(result); return res.status(200).json(note);
}) })
.catch(() => { .catch(() => next({ status: 404, message: 'Note does not exists.' }));
res.status(404).json({ success: false, msg: 'Note does not exists.' });
});
}; };

View File

@ -1,28 +1,23 @@
const mongoose = require('mongoose'); const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
// TODO: verify auth module.exports = (req, res, next) => {
// TODO: verify owner
module.exports = (req, res) => {
const NoteModel = mongoose.model('Note'); const NoteModel = mongoose.model('Note');
NoteModel.findOneAndUpdate( const { user } = jwt.decode(req.headers.authorization);
// the id of the item to find
{ _id: req.params.id },
// the change to be made. Mongoose will smartly combine your existing NoteModel.findOne({ _id: req.params.id }, (err, note) => {
// document with this change, which allows for partial updates too if (err) return next({ status: 500, error: [err] });
req.body, if (!note) return next({ status: 404, message: 'Note does not exists.' });
// an option that asks mongoose to return the updated version if (note.user.toString() !== user.id) {
// of the document instead of the pre-updated one. return next({ status: 403, message: 'Access forbidden.' });
{ new: true }, }
// the callback function note.title = req.body.title || note.title;
(err, note) => { note.text = req.body.text || note.text;
// Handle any possible database errors note.save();
if (err) return res.status(500).send(err);
return res.json(note); return res.status(200).send(note);
}, });
);
}; };