backend revamp: users

src/api/index.ts

@@ -1,195 +1,161 @@
-import { Router } from 'express';
+import { Router } from 'express';
-import { createSessionFromCodeAndProvider } from './auth';
+import { createSessionFromCodeAndProvider } from '../auth';
-import {
+import { getGroupByID, getPoolByID, getPoolsWithUser } from '../data';
-	getGroupByID,
+import { GroupModel, PoolModel } from '../models';
-	getPoolByID,
+
-	getPoolsWithUser,
+import * as user from './user';
-	getUserByID,
+
-} from './data';
+export const router = Router();
-import { GroupModel, PoolModel } from './models';
+
-
+router.use('/user', user.router);
-export const router = Router();
+
-
+router.get('/pool', async (req, res) => {
-router.get('/user', async (req, res) => {
+	if (typeof req.query.poolID != 'string') {
-	if (typeof req.query.userID != 'string') {
+		return;
-		return;
+	}
-	}
+
-
+	let poolID = req.query.poolID;
-	let userID = req.query.userID;
+	let pool = await getPoolByID(poolID);
-	if (userID === '@me') {
+
-		userID = req.session.accountID;
+	if (pool) {
-	}
+		res.json({ status: 'success', data: pool });
-
+	} else {
-	let user = await getUserByID(userID);
+		res.json({ status: 'error', error: 'not_found' });
-
+	}
-	if (user) {
+});
-		res.json({ status: 'success', data: user });
+
-	} else {
+router.post('/pool', (req, res) => {
-		res.json({ status: 'error', error: 'not_found' });
+	if (req.session.accountID == null) {
-	}
+		res.status(401);
-});
+		return res.json({ status: 'error', error: 'need_login' });
-
+	}
-router.patch('/user', (req, res) => {
+
-	// if (!(req.body.userID in users)) {
+	const userID = req.session.accountID;
-	// 	res.json({ status: 'error', error: 'user not found' });
+	const {
-	// } else {
+		capacity,
-	// 	let user = users[req.body.userID];
+		description,
-	// 	user.username = req.body.username;
+		direction,
-	// 	user.first_name = req.body.first_name;
+		end_time,
-	// 	user.last_name = req.body.last_name;
+		group_id,
-	// 	res.json({ status: 'success' });
+		start_time,
-	// }
+		title,
-});
+		type,
-
+	} = req.body;
-router.delete('/user', (req, res) => {});
+
-
+	const pool = new PoolModel();
-router.get('/pool', async (req, res) => {
+	Object.assign(pool, {
-	if (typeof req.query.poolID != 'string') {
+		author_id: userID,
-		return;
+		capacity,
-	}
+		description,
-
+		direction,
-	let poolID = req.query.poolID;
+		status: 'pending',
-	let pool = await getPoolByID(poolID);
+		title,
-
+		type,
-	if (pool) {
+		participant_ids: [],
-		res.json({ status: 'success', data: pool });
+		comments: [],
-	} else {
+		create_time: new Date().toISOString(),
-		res.json({ status: 'error', error: 'not_found' });
+		update_time: new Date().toISOString(),
-	}
+		group_id,
-});
+	});
-
+
-router.post('/pool', (req, res) => {
+	pool
-	if (req.session.accountID == null) {
+		.save()
-		res.status(401);
+		.then((pool) => {
-		return res.json({ status: 'error', error: 'need_login' });
+			res.json({ status: 'success', id: pool._id });
-	}
+		})
-
+		.catch((err) => {
-	const userID = req.session.accountID;
+			console.error('Error when creating a pool:', err);
-	const {
+			res.json({ status: 'error' });
-		capacity,
+		});
-		description,
+});
-		direction,
+
-		end_time,
+router.get('/group', async (req, res) => {
-		group_id,
+	if (typeof req.query.groupID != 'string') {
-		start_time,
+		return res.json({ status: 'error' });
-		title,
+	}
-		type,
+
-	} = req.body;
+	let groupID = req.query.groupID;
-
+	let group = await getGroupByID(groupID);
-	const pool = new PoolModel();
+
-	Object.assign(pool, {
+	if (group) {
-		author_id: userID,
+		res.json({ status: 'success', data: group });
-		capacity,
+	} else {
-		description,
+		res.json({ status: 'error', error: 'not_found' });
-		direction,
+	}
-		status: 'pending',
+});
-		title,
+
-		type,
+router.get('/group_pools', async (req, res) => {
-		participant_ids: [],
+	if (typeof req.query.groupID != 'string') {
-		comments: [],
+		res.json({ status: 'error', error: 'need_group_id' });
-		create_time: new Date().toISOString(),
+		return;
-		update_time: new Date().toISOString(),
+	}
-		group_id,
+
-	});
+	let groupID = req.query.groupID;
-
+	let pools = await PoolModel.find({ group_id: groupID }).exec();
-	pool
+
-		.save()
+	res.json({ status: 'success', data: pools });
-		.then((pool) => {
+});
-			res.json({ status: 'success', id: pool._id });
+
-		})
+router.post('/join_pool', async (req, res) => {
-		.catch((err) => {
+	if (!req.session.accountID) {
-			console.error('Error when creating a pool:', err);
+		return res.json({ status: 'error', error: 'need_login' });
-			res.json({ status: 'error' });
+	} else {
-		});
+		let poolID = req.body.id;
-});
+		let userID = req.session.accountID;
-
+
-router.get('/group', async (req, res) => {
+		await PoolModel.findByIdAndUpdate(poolID, {
-	if (typeof req.query.groupID != 'string') {
+			$addToSet: { participant_ids: userID },
-		return res.json({ status: 'error' });
+		}).exec();
-	}
+
-
+		res.json({ status: 'success' });
-	let groupID = req.query.groupID;
+	}
-	let group = await getGroupByID(groupID);
+});
-
+
-	if (group) {
+router.post('/group', (req, res) => {
-		res.json({ status: 'success', data: group });
+	if (req.session.accountID == null) {
-	} else {
+		res.status(401);
-		res.json({ status: 'error', error: 'not_found' });
+		return res.json({ status: 'error', error: 'need_login' });
-	}
+	}
-});
+
-
+	const userID = req.session.accountID;
-router.get('/group_pools', async (req, res) => {
+	const name = req.body.name;
-	if (typeof req.query.groupID != 'string') {
+
-		res.json({ status: 'error', error: 'need_group_id' });
+	const group = new GroupModel();
-		return;
+	group.set('name', name);
-	}
+	group.set('creator_id', userID);
-
+	group
-	let groupID = req.query.groupID;
+		.save()
-	let pools = await PoolModel.find({ group_id: groupID }).exec();
+		.then((group) => {
-
+			res.json({ status: 'success', id: group._id });
-	res.json({ status: 'success', data: pools });
+		})
-});
+		.catch((err) => {
-
+			console.error('Error when creating a group:', err);
-router.post('/join_pool', async (req, res) => {
+			res.json({ status: 'error' });
-	if (!req.session.accountID) {
+		});
-		return res.json({ status: 'error', error: 'need_login' });
+});
-	} else {
+
-		let poolID = req.body.id;
+router.get('/my_pools', async (req, res) => {
-		let userID = req.session.accountID;
+	if (req.session.accountID == null) {
-
+		res.status(401);
-		await PoolModel.findByIdAndUpdate(poolID, {
+		return res.json({ status: 'error', error: 'need_login' });
-			$addToSet: { participant_ids: userID },
+	}
-		}).exec();
+	let pools = await getPoolsWithUser(req.session.accountID);
-
+	if (pools) {
-		res.json({ status: 'success' });
+		res.json({ status: 'success', data: pools });
-	}
+	} else {
-});
+		res.json({ status: 'error', error: 'not_found' });
-
+	}
-router.post('/group', (req, res) => {
+});
-	if (req.session.accountID == null) {
+
-		res.status(401);
+router.post('/create_session', (req, res) => {
-		return res.json({ status: 'error', error: 'need_login' });
+	const { code, provider } = req.body;
-	}
+	console.log('Creating session: code =', code, 'provider =', provider);
-
+	createSessionFromCodeAndProvider(code, provider)
-	const userID = req.session.accountID;
+		.then((token) => {
-	const name = req.body.name;
+			res.json({ status: 'success', token });
-
+		})
-	const group = new GroupModel();
+		.catch((error) => {
-	group.set('name', name);
+			console.error('Error when creating session:', error);
-	group.set('creator_id', userID);
+			res.json({ status: 'error' });
-	group
+		});
-		.save()
+});
-		.then((group) => {
-			res.json({ status: 'success', id: group._id });
-		})
-		.catch((err) => {
-			console.error('Error when creating a group:', err);
-			res.json({ status: 'error' });
-		});
-});
-
-router.get('/my_pools', async (req, res) => {
-	if (req.session.accountID == null) {
-		res.status(401);
-		return res.json({ status: 'error', error: 'need_login' });
-	}
-	let pools = await getPoolsWithUser(req.session.accountID);
-	if (pools) {
-		res.json({ status: 'success', data: pools });
-	} else {
-		res.json({ status: 'error', error: 'not_found' });
-	}
-});
-
-router.post('/create_session', (req, res) => {
-	const { code, provider } = req.body;
-	console.log('Creating session: code =', code, 'provider =', provider);
-	createSessionFromCodeAndProvider(code, provider)
-		.then((token) => {
-			res.json({ status: 'success', token });
-		})
-		.catch((error) => {
-			console.error('Error when creating session:', error);
-			res.json({ status: 'error' });
-		});
-});

src/api/user.ts

@@ -0,0 +1,43 @@
+import { Router } from 'express';
+import { GroupModel, PoolModel, UserModel } from '../models';
+import requireApiAuth from '../requireApiAuth';
+import { ObjectID } from 'mongodb';
+
+export const router = Router();
+
+router.use(requireApiAuth);
+
+router.get('/@me/groups', async (req, res) => {
+	let userID = req.session.accountID;
+	let groups = await GroupModel.find({
+		member_ids: { $all: [userID] },
+	});
+
+	res.json({ status: 'success', data: groups });
+});
+
+router.get('/@me/pools', async (req, res) => {
+	let userID = req.session.accountID;
+	let pools = await PoolModel.find({
+		participant_ids: { $all: [userID] },
+	}).exec();
+
+	res.json({ status: 'success', data: pools });
+});
+
+router.get('/@me', async (req, res) => {
+	let user = await UserModel.findById(
+		new ObjectID(req.session.accountID)
+	).exec();
+
+	res.json({ status: 'success', data: user });
+});
+
+router.get('/:userID', async (req, res) => {
+	let userID = req.params.userID;
+	let user = await UserModel.findById(new ObjectID(userID)).exec();
+	let data = user.toJSON();
+	delete data['email'];
+
+	res.json({ status: 'success', data });
+});

src/index.ts

@@ -16,7 +16,7 @@ else console.log('DB connected successfully');
 import bodyParser from 'body-parser';
 import cors from 'cors';
 import express from 'express';
-import * as api from './api';
+import * as api from './api/index';
 import { sessionMiddleware } from './sessionMiddleware';
 
 const app = express();

src/requireApiAuth.ts

@@ -0,0 +1,12 @@
+import { RequestHandler } from 'express';
+
+const requireApiAuth: RequestHandler = (req, res, next) => {
+	if (req.session?.accountID == null) {
+		res.status(401);
+		res.json({ error: 'unauthorized' });
+	} else {
+		next();
+	}
+};
+
+export default requireApiAuth;