Merge pull request #69 from acm-uic/createComment

Create comment endpoint

Author: Ajknight121

backend/.env

@@ -1,4 +1,5 @@
 PORT =
 MONGODB = 
-SECRET_KEY = 
+AT_SECRET_KEY = 
+RT_SECRET_KEY = 
 CLOUDINARY_CONFIG = 

backend/config.js

@@ -1,8 +1,9 @@
 import dotenv from "dotenv";
 dotenv.config({ path: ".env.local" });
 
-const SECRET_KEY = process.env.SECRET_KEY;
+const AT_SECRET_KEY = process.env.AT_SECRET_KEY;
+const RT_SECRET_KEY = process.env.RT_SECRET_KEY;
 const CLOUDINARY_CONFIG = JSON.parse(process.env.CLOUDINARY_CONFIG);
 const MONGODB = process.env.MONGODB;
 
-export { SECRET_KEY, CLOUDINARY_CONFIG, MONGODB };
+export { AT_SECRET_KEY, RT_SECRET_KEY, CLOUDINARY_CONFIG, MONGODB };

backend/controllers/comment.js

@@ -0,0 +1,39 @@
+import PostModel from "../models/post.js";
+import CommentModel from "../models/comment.js";
+
+const CommentControllers = {
+  createComment: async (req, res) => {
+    try {
+      // Get postId, body, and user transferred from req
+      const { postId, body } = req.body;
+      const { user } = req;
+      // Find post from postId
+      const crrPost = await PostModel.findById(postId);
+      //   If cannot find, throw an error
+      if (!crrPost) throw new Error("Cannot not find post!");
+      // Create a new comment
+      const newComment = await CommentModel.create({
+        author: user._id,
+        postId,
+        body,
+      });
+      // Send out the new comment and the userName of the author
+      res.status(201).send({
+        message: "Comment created successfully!",
+        success: true,
+        data: {
+          ...newComment.toObject(),
+          userName: user.userName,
+        },
+      });
+    } catch (error) {
+      res.status(404).send({
+        message: error.message,
+        success: false,
+        data: null,
+      });
+    }
+  },
+};
+
+export default CommentControllers;

backend/controllers/post.js

@@ -0,0 +1,45 @@
+import PostModel from "../models/post.js";
+import { handleFileUpload } from "../utils/upload.js";
+
+const PostControllers = {
+  createPost: async (req, res) => {
+    try {
+      const { user } = req;
+      const { title, body } = req.body;
+      const listFile = req.files;
+
+      const listMedia = [];
+
+      // If user upload files
+      for (const file of listFile) {
+        const response = await handleFileUpload(file);
+        if (!response.success) throw new Error(response.message);
+        listMedia.push(response.data);
+      }
+
+      const newPost = await PostModel.create({
+        author: user._id,
+        title,
+        body,
+        images: listMedia,
+      });
+
+      res.status(201).send({
+        message: "Post created successfully",
+        success: true,
+        data: {
+          ...newPost.toObject(),
+          userName: user.userName,
+        },
+      });
+    } catch (error) {
+      res.status(500).send({
+        message: error.message,
+        success: false,
+        data: null,
+      });
+    }
+  },
+};
+
+export default PostControllers;

backend/controllers/user.js

@@ -1,9 +1,9 @@
 import UserModel from "../models/user.js";
 import bcrypt from "bcrypt";
-import jwt from "jsonwebtoken";
-import { SECRET_KEY, CLOUDINARY_CONFIG } from "../config.js";
+import { CLOUDINARY_CONFIG } from "../config.js";
 import { v2 as cloudinary } from "cloudinary";
-import { handleAvatarUpload } from "../utils/avatarHandlers.js";
+import { handleFileUpload } from "../utils/upload.js";
+import { generateToken } from "../utils/token.js";
 
 cloudinary.config(CLOUDINARY_CONFIG);
 
@@ -34,8 +34,9 @@ const UserControllers = {
       };
       // Only add avatar if the user upload avatar file
       if (avatar) {
-        const response = await handleAvatarUpload(avatar, userPayload);
+        const response = await handleFileUpload(avatar);
         if (!response.success) throw new Error(response.message);
+        userPayload.avatar = response.data;
       }
 
       //   Create a new user
@@ -80,17 +81,35 @@ const UserControllers = {
       const user = {
         _id: crrUser._id,
         email: crrUser.email,
+        userName: crrUser.userName,
       };
 
-      const token = jwt.sign(user, SECRET_KEY, { expiresIn: 60 * 60 });
+      const accessToken = generateToken(
+        {
+          ...user,
+          typeToken: "AT",
+        },
+        "AT"
+      );
+
+      const refreshToken = generateToken(
+        {
+          ...user,
+          typeToken: "RT",
+        },
+        "RT"
+      );
 
       res.status(200).send({
         message: "User signs in successfully",
         success: true,
-        data: token,
+        data: {
+          accessToken,
+          refreshToken,
+        },
       });
     } catch (error) {
-      res.status(409).send({
+      res.status(400).send({
         message: error.message,
         success: false,
         data: null,
@@ -103,11 +122,6 @@ const UserControllers = {
       const { userName, email, bio } = req.body;
       const avatar = req.file;
 
-      // If the user doesn't update anything
-      if (!(userName || email || avatar || bio)) {
-        throw new Error("Please enter an updated field!");
-      }
-
       // Get the crrUser
       const crrUser = await UserModel.findById(user._id);
 
@@ -134,8 +148,9 @@ const UserControllers = {
         // If the names are different, replace with the new file
         if (newFileName !== currentFileName) {
           // Proceed with upload
-          const response = await handleAvatarUpload(avatar, updatedFields);
+          const response = await handleFileUpload(avatar);
           if (!response.success) throw new Error(response.message);
+          updatedFields.avatar = response.data;
           // Delete the old avatar from Cloudinary
           if (currentFileName) {
             await cloudinary.uploader.destroy(currentFileName);
@@ -155,7 +170,7 @@ const UserControllers = {
         data: updatedProfile,
       });
     } catch (error) {
-      res.status(400).send({
+      res.status(500).send({
         message: error.message,
         success: false,
         data: null,

backend/database/collections.js

@@ -1,5 +1,7 @@
 const Collections = {
-  users: "users",
+  users: "User",
+  posts: "Post",
+  comments: "Comment",
 };
 
 export default Collections;

backend/middlewares/auth.js

@@ -1,31 +1,73 @@
-import jwt from "jsonwebtoken";
-import { SECRET_KEY } from "../config.js";
+import { verifyToken } from "../utils/token.js";
 
 const AuthMiddlewares = {
-  validateToken: (req, res, next) => {
-    const authHeader = req.headers["authorization"];
-    if (authHeader) {
+  verifyAccessToken: (req, res, next) => {
+    try {
+      const authHeader = req.headers["authorization"];
+      if (!authHeader) throw new Error("Please enter token");
       // Split the access token from the bearer token
       const token = authHeader.split(" ")[1];
 
       // Validate the access token
-      jwt.verify(token, SECRET_KEY, (err, decoded) => {
-        if (err) {
-          res.status(401).send({
-            message: "Access token is invalid",
-            success: false,
-            data: null,
-          });
-        } else {
-          // Save user info into req,
-          // Req will be transferred to next handlers
-          req.user = decoded;
-          return next();
-        }
+      const data = verifyToken(token, "AT");
+      req.user = data;
+      return next();
+    } catch (error) {
+      let type = "";
+      let getMessage = "";
+      switch (error.message) {
+        case "invalid signature":
+          getMessage = "Cannot verify token";
+          type = "INVALID_TOKEN";
+          break;
+        case "jwt expired":
+          getMessage = "Token is expired";
+          type = "EXP_TOKEN";
+          break;
+        default:
+          getMessage = "Cannot authenticate user";
+          type = "UNAUTH";
+          break;
+      }
+      res.status(401).send({
+        message: getMessage,
+        type,
+        success: false,
+        data: null,
       });
-    } else {
+    }
+  },
+  verifyRefreshToken: (req, res, next) => {
+    try {
+      const authHeader = req.headers["authorization"];
+      if (!authHeader) throw new Error("Please enter token");
+      // Split the access token from the bearer token
+      const token = authHeader.split(" ")[1];
+
+      // Validate the access token
+      const data = verifyToken(token, "RT");
+      req.user = data;
+      return next();
+    } catch (error) {
+      let type = "";
+      let getMessage = "";
+      switch (error.message) {
+        case "invalid signature":
+          getMessage = "Cannot verify token";
+          type = "INVALID_TOKEN";
+          break;
+        case "jwt expired":
+          getMessage = "Token is expired";
+          type = "EXP_TOKEN";
+          break;
+        default:
+          getMessage = "Cannot authenticate user";
+          type = "UNAUTH";
+          break;
+      }
       res.status(401).send({
-        message: "Access token is missing",
+        message: getMessage,
+        type,
         success: false,
         data: null,
       });

backend/middlewares/comment.js

@@ -0,0 +1,22 @@
+const CommentMiddlewares = {
+  // Middleware for creating a comment
+  createComment: (req, res, next) => {
+    try {
+      // Ask for postId and comment body
+      const { postId, body } = req.body;
+      // If lack either, throw an error
+      if (!postId) throw new Error("Please enter postId!");
+      if (!body) throw new Error("Please enter your comment!");
+
+      return next();
+    } catch (error) {
+      res.status(400).send({
+        message: error.message,
+        success: false,
+        data: null,
+      });
+    }
+  },
+};
+
+export default CommentMiddlewares;

backend/middlewares/post.js

@@ -0,0 +1,22 @@
+const PostMiddlewares = {
+  // A middleware for creating a new post
+  createUser: (req, res, next) => {
+    try {
+      const { title, body } = req.body;
+      //   Throw error if missing title or body
+      if (!title) throw new Error("Please enter post title!");
+      if (!body) throw new Error("Please enter post body!");
+
+      return next();
+    } catch (error) {
+      res.status(400).send({
+        message: error.message,
+        success: false,
+        data: null,
+        error,
+      });
+    }
+  },
+};
+
+export default PostMiddlewares;

backend/middlewares/user.js

@@ -29,6 +29,25 @@ const UserMiddlewares = {
       if (!email) throw new Error("Please enter email!");
       if (!password) throw new Error("Please enter password!");
 
+      return next();
+    } catch (error) {
+      res.status(400).send({
+        message: error.message,
+        success: false,
+        data: null,
+      });
+    }
+  },
+  updateProfile: (req, res, next) => {
+    try {
+      const { userName, email, bio } = req.body;
+      const avatar = req.file;
+
+      // If the user doesn't update anything
+      if (!(userName || email || avatar || bio)) {
+        throw new Error("Please enter an updated field!");
+      }
+
       return next();
     } catch (error) {
       res.status(400).send({