Merge pull request #66 from SoftwareEngineeringDaily/develop

Merging develop into master

Author: jasonify

.env.example .env.docker_example

@@ -0,0 +1,16 @@
+NODE_ENV=development
+PORT=4040
+JWT_SECRET=insert-random-secret-string-here
+
+MONGO_HOST=mongodb://localhost/express-mongoose-es6-rest-api-development
+MONGO_HOST_TEST=mongodb://localhost/express-mongoose-es6-rest-api-development-test
+MONGO_PORT=27017
+
+RACCOON_REDIS_URL=localhost
+RACCOON_REDIS_PORT=6379
+#RACCOON_REDIS_AUTH=
+
+DEBUG=express-mongoose-es6-rest-api:*
+
+FACEBOOK_ID=insert-facebook-app-id-here
+FACEBOOK_SECRET=insert-facebook-app-secret-here

.env.local_example

@@ -1,13 +1,21 @@
-## Set up
-  - Install and run a local redis client (docker coming soon)
-  - Install and run a local mongo client (docker coming soon)
-  - cp .env.example .env
-  - npm install or yarn install
-  - npm start or yarn start
+[![logo](https://i.imgur.com/3OtP3p8.png)](https://softwareengineeringdaily.com/)
+
+[![Build Status](https://travis-ci.org/SoftwareEngineeringDaily/software-engineering-daily-api.svg?branch=travis-fix)](https://travis-ci.org/SoftwareEngineeringDaily/software-engineering-daily-api)
+
+# SEDaily-API
+
+The backend services and API for the Software Engineering Daily [Android](https://github.com/SoftwareEngineeringDaily/SEDaily-Android), [iOS](https://github.com/SoftwareEngineeringDaily/se-daily-iOS), and [web front end](https://github.com/SoftwareEngineeringDaily/sedaily-front-end).
+
+## Set up (local)
+  - Install and run a local redis client
+  - Install and run a local mongo client 
+  - `cp .env.local_example .env`
+  - `npm install` or `yarn install`
+  - `npm start` or `yarn start`
   - check package.json for other builds
   - use curl or Postman to make requests
 
 
 ## Using Docker
+  - `cp .env.docker_example .env`
   - Run `docker-compose up`
-  

README.md

@@ -1,49 +1,37 @@
 import Joi from 'joi';
 
 export default {
-  // POST /api/users
-  createUser: {
-    body: {
-      username: Joi.string().required(),
-      mobileNumber: Joi.string().regex(/^[1-9][0-9]{9}$/).required()
-    }
-  },
-
   // UPDATE /api/users/:userId
   updateUser: {
     body: {
       username: Joi.string().required(),
-      mobileNumber: Joi.string().regex(/^[1-9][0-9]{9}$/).required()
+      name: Joi.string().required(),
+      bio: Joi.string().allow(''),
+      website: Joi.string().allow(''),
+      email: Joi.string().email().allow('')
     },
     params: {
       userId: Joi.string().hex().required()
     }
   },
-
-  // POST /api/users
-  createPost: {
-    body: {
-      username: Joi.string().required(),
-      mobileNumber: Joi.string().regex(/^[1-9][0-9]{9}$/).required()
-    }
-  },
-
-  // UPDATE /api/users/:userId
-  updatePost: {
+    // POST /api/auth/login
+  login: {
     body: {
       username: Joi.string().required(),
-      mobileNumber: Joi.string().regex(/^[1-9][0-9]{9}$/).required()
-    },
-    params: {
-      userId: Joi.string().hex().required()
+      password: Joi.string().required()
     }
   },
 
-  // POST /api/auth/login
-  login: {
+  // POST /api/auth/register
+  register: {
     body: {
       username: Joi.string().required(),
-      password: Joi.string().required()
+      password: Joi.string().required(),
+      // Should be required once mobile apps get updated:
+      name: Joi.string(),
+      bio: Joi.string().allow(''),
+      website: Joi.string().allow(''),
+      email: Joi.string().email().allow('')
     }
   }
 };

config/param-validation.js

@@ -6,8 +6,8 @@
   "main": "index.js",
   "private": false,
   "engines": {
-    "node": ">=4.8.0",
-    "npm": ">=2.15.11"
+    "node": "6.11.1",
+    "npm": "5.5.1"
   },
   "scripts": {
     "launch": "npm run build && node dist/index.js",

package.json

@@ -5,7 +5,7 @@ import config from '../../config/config';
 import passport from 'passport';
 import FacebookTokenStrategy from 'passport-facebook-token';
 import User from '../models/user.model';
-
+import _ from 'lodash';
 
 passport.serializeUser(function(user, done){
   done(null, user._id);
@@ -110,8 +110,10 @@ function register(req, res, next) {
       }
 
       const newUser = new User();
-      newUser.username = username;
-      newUser.password = newUser.generateHash(password);
+      newUser.password = User.generateHash(password);
+      // We assign a set of "approved fields"
+      const newValues = _.pick(req.body, User.updatableFields);
+      Object.assign(newUser, newValues);
 
       return newUser.save();
     })

server/controllers/auth.controller.js

@@ -1,40 +1,44 @@
+import APIError from '../helpers/APIError';
+import httpStatus from 'http-status';
 import User from '../models/user.model';
+import _ from 'lodash';
 
 /**
  * Load user and append to req.
  */
 function load(req, res, next, id) {
   User.get(id)
     .then((user) => {
-      req.user = user; // eslint-disable-line no-param-reassign
+      delete user.password;
+      req.userLoaded = user; // eslint-disable-line no-param-reassign
       return next();
     })
     .catch(e => next(e));
 }
-
 /**
- * Get user
+ * Get currently logged in user
  * @returns {User}
  */
-function get(req, res) {
-  return res.json(req.user);
+function me(req, res, next) {
+  User.get(req.user._id)
+    .then((user) => {
+      user.password = null;
+      return res.json(user);
+    })
+    .catch(e => {
+      return next(err);
+    });
 }
 
+// TODO: maybe a quick version of me that only loads a shallow verison of
+// user id
+
 /**
- * Create new user
- * @property {string} req.body.username - The username of user.
- * @property {string} req.body.mobileNumber - The mobileNumber of user.
+ * Get user
  * @returns {User}
  */
-function create(req, res, next) {
-  const user = new User({
-    username: req.body.username,
-    mobileNumber: req.body.mobileNumber
-  });
-
-  user.save()
-    .then(savedUser => res.json(savedUser))
-    .catch(e => next(e));
+function get(req, res) {
+  return res.json(req.userLoaded);
 }
 
 /**
@@ -44,37 +48,33 @@ function create(req, res, next) {
  * @returns {User}
  */
 function update(req, res, next) {
-  const user = req.user;
-  user.username = req.body.username;
-  user.mobileNumber = req.body.mobileNumber;
-
-  user.save()
-    .then(savedUser => res.json(savedUser))
-    .catch(e => next(e));
-}
-
-/**
- * Get user list.
- * @property {number} req.query.skip - Number of users to be skipped.
- * @property {number} req.query.limit - Limit number of users to be returned.
- * @returns {User[]}
- */
-function list(req, res, next) {
-  const { limit = 50, skip = 0 } = req.query;
-  User.list({ limit, skip })
-    .then(users => res.json(users))
-    .catch(e => next(e));
-}
-
-/**
- * Delete user.
- * @returns {User}
- */
-function remove(req, res, next) {
-  const user = req.user;
-  user.remove()
-    .then(deletedUser => res.json(deletedUser))
-    .catch(e => next(e));
-}
+  const user = req.userLoaded;
+  const username = req.body.username;
+  // We gotta check a few things:
+  // First we make sure we are the actual user we are modifying.
+  if(!req.user || user._id != req.user._id) {
+    let err = new APIError('Not enough  permissions to modify that user.', httpStatus.UNAUTHORIZED, true); //eslint-disable-line
+    return next(err);
+  }
+  // Next we are making sure the username doens't already exist:
+  User.findOne({ username })
+  .exec()
+  .then((_user) => {
+    if (_user && _user.id != user.id) {
+      let err = new APIError('User already exists.', httpStatus.UNAUTHORIZED, true); //eslint-disable-line
+      return next(err);
+    }
+    // Using _.pick to only get a few properties:
+    // otherwise user can set themselves to verified, etc :)
+    const newValues = _.pick(req.body, User.updatableFields);
+    Object.assign(user, newValues);
+    delete user.password;
+    user.save();
+    delete user.password; // Why doesn't this work?
+    user.password = null;
+    res.json(user);
+  })
+  .catch(e => next(e));
+  }
 
-export default { load, get, create, update, list, remove };
+export default {load, get, me, update};

server/controllers/user.controller.js

@@ -1,19 +1,17 @@
 
 import Promise from 'bluebird';
-import mongoose  from 'mongoose';
+import mongoose, {Schema} from 'mongoose';
 import moment from 'moment';
 import httpStatus from 'http-status';
 import APIError from '../helpers/APIError';
 import Vote from './vote.model';
 
-// TODO
-// import mongoose {Schema}  from 'mongoose';
 
 //
 /**
  * Comment Schema
  */
-const CommentSchema = new mongoose.Schema({
+const CommentSchema = new Schema({
   id: String,
   content: {
     type: String,
@@ -24,11 +22,11 @@ const CommentSchema = new mongoose.Schema({
     default: Date.now
   },
   post: {
-    type: mongoose.Schema.Types.ObjectId,
+    type: Schema.Types.ObjectId,
     ref: 'Post'
   },
   author: {
-    type: mongoose.Schema.Types.ObjectId,
+    type: Schema.Types.ObjectId,
     ref: 'User'
   }
 });

server/models/comment.model.js

@@ -10,10 +10,31 @@ import APIError from '../helpers/APIError';
 const UserSchema = new mongoose.Schema({
   username: {
     type: String,
-    required: true
+    // , required: true // Should be requied since it is also validated
   },
   password: {
     type: String
+    // TODO: Should be required.
+  },
+  name: {
+    type: String
+    // , required: true // Should be requied but need to update all clients
+  },
+  avatarUrl: {
+    type: String
+  },
+  bio: {
+    type: String
+  },
+  website: {
+    type: String
+  },
+  verified: {
+    type: Boolean,
+    default: false
+  },
+  email: {
+    type: String
   },
   facebook: {
     id: {
@@ -52,10 +73,6 @@ const UserSchema = new mongoose.Schema({
  * Methods
  */
 UserSchema.method({
-  generateHash: function generateHash(password) {
-    return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
-  },
-
   validPassword: function validPassword(password) {
     return bcrypt.compareSync(password, this.password);
   },
@@ -82,6 +99,10 @@ UserSchema.statics = {
       });
   },
 
+  generateHash: function generateHash(password) {
+    return bcrypt.hashSync(password, bcrypt.genSaltSync(8), null);
+  },
+
   /**
    * List users in descending order of 'createdAt' timestamp.
    * @param {number} skip - Number of users to be skipped.
@@ -94,7 +115,8 @@ UserSchema.statics = {
       .skip(+skip)
       .limit(+limit)
       .exec();
-  }
+  },
+  updatableFields: ['username','website','bio', 'name','email']
 };
 
 /**

server/models/user.model.js

@@ -13,7 +13,7 @@ router.route('/login')
   .post(validate(paramValidation.login), authCtrl.login);
 
 router.route('/register')
-  .post(validate(paramValidation.login), authCtrl.register);
+  .post(validate(paramValidation.register), authCtrl.register);
 
 /** GET /api/auth/random-number - Protected route,
  * needs token returned by the above as header. Authorization: Bearer {token} */