part 4d

Author: dhatGuy

part4/blog/app.js

@@ -1,12 +1,14 @@
 const express = require("express");
+require("express-async-errors");
 const app = express();
-require("express-async-error")
 const cors = require("cors");
 const mongoose = require("mongoose");
 const config = require("./utils/config");
 const blogRouter = require("./controllers/blog");
-const morgan = require("morgan")
-const middleware = require("./utils/middleware")
+const userRouter = require("./controllers/users");
+const morgan = require("morgan");
+const middleware = require("./utils/middleware");
+const loginRouter = require("./controllers/login");
 
 morgan.token("body", function (req, res) {
   return JSON.stringify(req.body);
@@ -25,7 +27,9 @@ app.use(
   morgan(":method :url :status :res[content-length] - :response-time ms :body")
 );
 app.use("/api/blogs", blogRouter);
-app.use(middleware.unknownEndpoint)
-app.use(middleware.errorHandler)
+app.use("/api/users", userRouter);
+app.use("/api/login", loginRouter);
+app.use(middleware.unknownEndpoint);
+app.use(middleware.errorHandler);
 
 module.exports = app;

part4/blog/controllers/blog.js

@@ -1,33 +1,57 @@
+require("dotenv").config();
 const blogRouter = require("express").Router();
 const Blog = require("../models/blog");
+const User = require("../models/user");
+const jwt = require("jsonwebtoken");
+const { tokenExtractor } = require("../utils/middleware");
 
 blogRouter
   .route("/")
   .get(async (req, res) => {
-    const blogs = await Blog.find({});
+    const blogs = await Blog.find({}).populate("user");
     res.json(blogs);
   })
-  .post(async (req, res) => {
+  .post(tokenExtractor, async (req, res) => {
     const { author, title, url, likes } = req.body;
 
+    const user = await User.findById(req.user);
+
     if (!title || !url) res.status(400).end();
 
     const blog = new Blog({
       author: author || "unknown",
       title,
       url,
       likes: likes || 0,
+      user: user._id,
     });
 
-    const result = await blog.save();
-    res.status(201).json(result);
+    const savedBlog = await blog.save();
+    user.blogs = [...user.blogs, savedBlog._id];
+    await user.save();
+    res.status(201).json(savedBlog);
   });
 
 blogRouter
   .route("/:id")
-  .delete(async (req, res) => {
-    await Blog.findByIdAndRemove(req.params.id);
-    res.status(204).end();
+  .get(async (req, res) => {
+    const blog = await Blog.findById(req.params.id);
+    if (blog) {
+      res.json(blog.toJSON());
+    } else {
+      res.status(404).end();
+    }
+  })
+  .delete(tokenExtractor, async (req, res) => {
+    const { user } = req;
+    const blog = await Blog.findById(req.params.id);
+
+    if (blog === null) return res.status(400).end();
+
+    if (blog.user.toString() === user) {
+      await Blog.findByIdAndRemove(req.params.id);
+      res.status(204).end();
+    }
   })
   .put(async (req, res) => {
     const updatedBlog = await Blog.findByIdAndUpdate(req.params.id, req.body, {

part4/blog/controllers/login.js

@@ -0,0 +1,29 @@
+require("dotenv").config();
+const router = require("express").Router();
+const jwt = require("jsonwebtoken");
+const bcrypt = require("bcrypt");
+const User = require("../models/user");
+
+router.route("/").post(async (req, res) => {
+  const { username, password } = req.body;
+
+  const user = await User.findOne({ username });
+  const verifyPassword =
+    user !== null && (await bcrypt.compare(password, user.passwordHash));
+
+  if (!(user && verifyPassword)) {
+    return res.status(401).json({
+      error: "invalid username or password",
+    });
+  }
+
+  const token = jwt.sign(
+    { username: user.username, id: user._id },
+    process.env.SECRET,
+    { expiresIn: "1hr" }
+  );
+
+  res.status(200).send({ token, username: user.username, name: user.name });
+});
+
+module.exports = router;

part4/blog/controllers/users.js

@@ -0,0 +1,24 @@
+const router = require("express").Router();
+const User = require("../models/user");
+const bcrypt = require("bcrypt");
+
+router
+  .route("/")
+  .get(async (req, res) => {
+    const users = await User.find({}).populate("blogs");
+    res.json(users);
+  })
+  .post(async (req, res) => {
+    const salt = await bcrypt.genSalt(10);
+    const passwordHash = await bcrypt.hash(req.body.password, salt);
+
+    const newUser = new User({
+      ...req.body,
+      passwordHash,
+    });
+    const result = await newUser.save();
+
+    res.status(201).json(result);
+  });
+
+module.exports = router;

part4/blog/models/blog.js

@@ -6,6 +6,10 @@ const blogSchema = new mongoose.Schema({
   author: { type: String },
   url: { type: String },
   likes: { type: Number },
+  user: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: "User",
+  },
 });
 
 blogSchema.plugin(uniqueValidator);

part4/blog/models/user.js

@@ -0,0 +1,29 @@
+const mongoose = require("mongoose");
+const uniqueValidator = require("mongoose-unique-validator");
+
+const userSchema = new mongoose.Schema({
+  username: { type: String, unique: true },
+  passwordHash: String,
+  name: { type: String, minLength: 4 },
+  blogs: [
+    {
+      type: mongoose.Schema.Types.ObjectId,
+      ref: "Blog",
+    },
+  ],
+});
+
+userSchema.plugin(uniqueValidator, {
+  message: "Error, {PATH} already exist.",
+});
+userSchema.set("toJSON", {
+  transform: (document, returnedObject) => {
+    returnedObject.id = returnedObject._id.toString();
+    delete returnedObject._id;
+    delete returnedObject.__v;
+    // the passwordHash should not be revealed
+    delete returnedObject.passwordHash;
+  },
+});
+
+module.exports = mongoose.model("User", userSchema);

part4/blog/package.json

@@ -10,11 +10,13 @@
   "author": "Joseph Odunsi",
   "license": "MIT",
   "dependencies": {
+    "bcrypt": "^5.0.1",
     "cors": "^2.8.5",
     "cross-env": "^7.0.3",
     "dotenv": "^8.2.0",
     "express": "^4.17.1",
-    "express-async-error": "^0.0.2",
+    "express-async-errors": "^3.1.1",
+    "jsonwebtoken": "^8.5.1",
     "mongoose": "^5.12.5",
     "morgan": "^1.10.0",
     "supertest": "^6.1.3"

part4/blog/test/api.test.js

@@ -5,8 +5,20 @@ const Blog = require("../models/blog");
 const { initialBlogs, blogsInDb } = require("./test_helper");
 
 const api = supertest(app);
+let token;
 
-beforeEach(async() => {
+beforeAll(async () => {
+  await api
+    .post("/api/users")
+    .send({ username: "test", name: "test", password: "test" });
+
+  const response = await api
+    .post("/api/login")
+    .send({ username: "test", password: "test" });
+  token = response.body.token;
+});
+
+beforeEach(async () => {
   await Blog.deleteMany({});
   await Blog.insertMany(initialBlogs);
 });
@@ -17,7 +29,21 @@ test("get blogs", async () => {
     .expect(200)
     .expect("Content-Type", /application\/json/);
 
-  expect(response.body).toHaveLength(0);
+  expect(response.body).toHaveLength(initialBlogs.length);
+});
+
+test("should require authentication to save a blog", async () => {
+  const newBlog = {
+    title: "Type wars",
+    author: "Unknown",
+    url: "http://blog.cleancoder.com/uncle-bob/2016/05/01/TypeWars.html",
+    likes: 2,
+  };
+
+  await api.post("/api/blogs").send(newBlog).expect(401).expect("Unauthorized");
+
+  const res = await api.get("/api/blogs");
+  expect(res.body).toHaveLength(initialBlogs.length);
 });
 
 test("save a blog", async () => {
@@ -26,10 +52,12 @@ test("save a blog", async () => {
     author: "Unknown",
     url: "http://blog.cleancoder.com/uncle-bob/2016/05/01/TypeWars.html",
     likes: 2,
+    user: token.id,
   };
 
   await api
     .post("/api/blogs")
+    .set("Authorization", `Bearer ${token}`)
     .send(newBlog)
     .expect(201)
     .expect("Content-Type", /application\/json/);
@@ -51,10 +79,12 @@ test("if the likes property is missing, default value to 0", async () => {
     title: "Type wars",
     author: "Unknown",
     url: "http://blog.cleancoder.com/uncle-bob/2016/05/01/TypeWars.html",
+    user: token.id,
   };
 
   const { body: savedBlog } = await api
     .post("/api/blogs")
+    .set("Authorization", `Bearer ${token}`)
     .send(newBlog)
     .expect(201)
     .expect("Content-Type", /application\/json/);
@@ -67,37 +97,58 @@ test("return bad request if title and url is missing", async () => {
     author: "John Doe",
   };
 
-  const response = await api.post("/api/blogs").send(newBlog);
+  const response = await api
+    .post("/api/blogs")
+    .set("Authorization", `Bearer ${token}`)
+    .send(newBlog);
   expect(response.statusCode).toBe(400);
 
-  const {body:blogs} = await api.get("/api/blogs")
-  expect(blogs).toHaveLength(initialBlogs.length)
+  const { body: blogs } = await api.get("/api/blogs");
+  expect(blogs).toHaveLength(initialBlogs.length);
 });
 
-test("confirm deletion of a blog", async()=>{
-  const blogsAtStart = await blogsInDb()
-  const blogToDelete = blogsAtStart[0]
+test("confirm deletion of a blog", async () => {
+  const blogsAtStart = await blogsInDb();
+  const newBlog = {
+    title: "Type wars",
+    author: "Unknown",
+    url: "http://blog.cleancoder.com/uncle-bob/2016/05/01/TypeWars.html",
+    user: token.id,
+  };
 
-  const response = await api.delete(`/api/blogs/${blogToDelete.id}`)
-  expect(response.status).toBe(204)
-  
-  const {body:blogsAtEnd} = await api.get("/api/blogs")
-  expect(blogsAtEnd).toHaveLength(initialBlogs.length - 1)
-  const contents = blogsAtEnd.map(blog => blog.title)
+  const { body: savedBlog } = await api
+    .post("/api/blogs")
+    .set("Authorization", `Bearer ${token}`)
+    .send(newBlog)
+    .expect(201)
+    .expect("Content-Type", /application\/json/);
+
+  const response = await api
+    .delete(`/api/blogs/${savedBlog.id}`)
+    .set("Authorization", `Bearer ${token}`);
+  expect(response.status).toBe(204);
+
+  const { body: blogsAtEnd } = await api.get("/api/blogs");
+  expect(blogsAtEnd).toHaveLength(blogsAtStart.length);
+  const contents = blogsAtEnd.map((blog) => blog.title);
 
-  expect(contents).not.toContain(blogToDelete.title)
-})
+  expect(contents).not.toContain(savedBlog.title);
+});
 
-test("update a blog", async()=>{
+test("update a blog", async () => {
   const blogsAtStart = await blogsInDb();
-  const {title, author, url, id} = blogsAtStart[0]
+  const { title, author, url, id } = blogsAtStart[0];
 
-  const blog = {title, url, author, likes: 30}
+  const blog = { title, url, author, likes: 30 };
 
-  const {body:updatedBlog} = await api.put(`/api/blogs/${id}`).send(blog).expect(200)
+  const { body: updatedBlog } = await api
+    .put(`/api/blogs/${id}`)
+    .set("Authorization", `Bearer ${token}`)
+    .send(blog)
+    .expect(200);
 
-  expect(updatedBlog.likes).toBe(30)
-})
+  expect(updatedBlog.likes).toBe(30);
+});
 
 afterAll(async (done) => {
   await mongoose.connection.close();