feat: implement backend for auctions (#44)

Author: bambam955

backend/src/app.ts

@@ -5,6 +5,7 @@ import express, {
 } from 'express';
 import bodyParser from 'body-parser';
 import usersRouter from './routes/users.ts';
+import auctionsRouter from './routes/auctions.ts';
 import adminRouter from './routes/admin.ts';
 
 // Create the Express app.
@@ -32,6 +33,7 @@ app.use((req: Request, res: Response, next: NextFunction) => {
 
 // Set up the endpoints for user management.
 app.use('/api/v1/users', usersRouter);
+app.use('/api/v1/auctions', auctionsRouter);
 app.use('/api/v1/admin', adminRouter);
 
 // Add a default response for the root of the API.

backend/src/db/models/auction.ts

@@ -0,0 +1,27 @@
+import mongoose, { Schema } from 'mongoose';
+import type { InferSchemaType } from 'mongoose';
+
+// Create the DB schema for auctions.
+const auctionSchema = new Schema(
+  {
+    // Basic information about the auction.
+    // All of this should be set when the auction is created.
+    title: { type: String, required: true },
+    description: { type: String, required: true },
+    sellerId: { type: Schema.Types.ObjectId, ref: 'user', required: true },
+    minimumBid: { type: Number, required: true, default: 0 },
+    endDate: { type: Date, required: true, default: new Date() },
+
+    // This won't be filled in until the auction finishes.
+    buyerId: { type: Schema.Types.ObjectId, ref: 'user' },
+
+    // These fields are used for the feedback system.
+    expectedValue: { type: Number, default: 0 },
+  },
+  {
+    timestamps: true,
+  },
+);
+
+export const Auction = mongoose.model('auction', auctionSchema);
+export type AuctionDataType = InferSchemaType<typeof auctionSchema>;

backend/src/db/models/user.ts

@@ -2,20 +2,25 @@ import mongoose, { Schema } from 'mongoose';
 import type { InferSchemaType } from 'mongoose';
 
 // Create the DB schema for users.
-const userSchema = new Schema({
-  // No two accounts can have the same username, for obvious reasons.
-  username: { type: String, required: true, unique: true },
-  // The password will be encrypted.
-  password: { type: String, required: true },
+const userSchema = new Schema(
+  {
+    // No two accounts can have the same username, for obvious reasons.
+    username: { type: String, required: true, unique: true },
+    // The password will be encrypted.
+    password: { type: String, required: true },
 
-  //RBAC role for Admin user management such as locking accounts
-  role: { type: String, enum: ['user', 'admin'], default: 'user' },
-  locked: { type: Boolean, default: false },
-  canBeLocked: { type: Boolean, default: true }, // Certain accounts cannot be locked
+    //RBAC role for Admin user management such as locking accounts
+    role: { type: String, enum: ['user', 'admin'], default: 'user' },
+    locked: { type: Boolean, default: false },
+    canBeLocked: { type: Boolean, default: true }, // Certain accounts cannot be locked
 
-  // "Tokens" are fake money in the platform.
-  tokens: { type: Number, required: true, default: 0 },
-});
+    // "Tokens" are fake money in the platform.
+    tokens: { type: Number, required: true, default: 0 },
+  },
+  {
+    timestamps: true,
+  },
+);
 
 export const User = mongoose.model('user', userSchema);
 export type UserDataType = InferSchemaType<typeof userSchema>;

backend/src/routes/auctions.ts

@@ -0,0 +1,65 @@
+import express from 'express';
+import type { Request, Response } from 'express';
+import { requireAuth } from '../middleware/jwt.ts';
+import AuctionsService from '../services/auctions.ts';
+import {
+  createAuctionSchema,
+  updateAuctionSchema,
+} from 'treasure-trove-shared';
+
+const auctionsRouter = express.Router();
+
+// GET information about all auctions.
+auctionsRouter.get('/', requireAuth, async (_req: Request, res: Response) => {
+  try {
+    const auctions = await AuctionsService.getAllAuctions();
+    res.status(200).json(auctions);
+  } catch (error) {
+    console.error('Error fetching auctions:', error);
+    res.status(500).json({ error: 'Failed to fetch auctions' });
+  }
+});
+
+// GET information about the auction with the given ID.
+auctionsRouter.get('/:id', requireAuth, async (req: Request, res: Response) => {
+  try {
+    const auctionInfo = await AuctionsService.getAuctionById(req.params.id);
+    return res.status(200).json(auctionInfo);
+  } catch (error) {
+    console.error('Error fetching auction info:', error);
+    return res.status(404).json({ error: 'Auction not found' });
+  }
+});
+
+// POST endpoint to create a new auction.
+auctionsRouter.post('/', requireAuth, async (req: Request, res: Response) => {
+  try {
+    const validatedBody = createAuctionSchema.validateSync(req.body);
+    const auction = AuctionsService.createAuction(validatedBody);
+    // Use 201 when a POST request successfully creates a new resource on the server.
+    return res.status(201).json(auction);
+  } catch (error) {
+    console.error('Auction creation error:', error);
+    return res.status(400).json({
+      error: 'Failed to create auction',
+    });
+  }
+});
+
+// PUT endpoint to update information about an existing auction.
+auctionsRouter.put('/:id', requireAuth, async (req: Request, res: Response) => {
+  try {
+    const validatedBody = updateAuctionSchema.validateSync(req.body);
+    const auctionInfo = await AuctionsService.updateAuction(
+      req.params.id,
+      validatedBody,
+    );
+    return res.status(200).json(auctionInfo);
+  } catch (error) {
+    console.error('Error updating auction:', error);
+    // Use 400 when there is a bad request for some reason.
+    return res.status(400).json({ error: 'failed to update auction ' });
+  }
+});
+
+export default auctionsRouter;

backend/src/services/auctions.ts

@@ -0,0 +1,73 @@
+import type {
+  AuctionInfo,
+  CreateAuctionInfo,
+  UpdateAuctionInfo,
+} from '@shared/auctions.ts';
+import { Auction, type AuctionDataType } from '../db/models/auction.ts';
+
+class AuctionsService {
+  // Fetch information about all auctions in the database.
+  static async getAllAuctions(): Promise<AuctionInfo[]> {
+    const auctions = await Auction.find({});
+    return auctions.map((a) =>
+      AuctionsService.parseAuctionInfo(a._id.toString(), a),
+    );
+  }
+
+  // Fetch information about a particular auction.
+  static async getAuctionById(auctionId: string): Promise<AuctionInfo> {
+    const auction = await Auction.findById(auctionId);
+    if (!auction) throw new Error('could not find auction!');
+    return this.parseAuctionInfo(auctionId, auction);
+  }
+
+  // Create a new auction.
+  static async createAuction(
+    auctionInfo: CreateAuctionInfo,
+  ): Promise<AuctionInfo> {
+    const auction = new Auction({
+      title: auctionInfo.title,
+      description: auctionInfo.description,
+      sellerId: auctionInfo.sellerId,
+      minimumBid: auctionInfo.minimumBid,
+      endDate: auctionInfo.endDate,
+      expectedValue: auctionInfo.expectedValue,
+    });
+    await auction.save();
+    return this.parseAuctionInfo(auction._id.toString(), auction);
+  }
+
+  // Update information about an existing auction.
+  static async updateAuction(
+    auctionId: string,
+    newAuction: Partial<UpdateAuctionInfo>,
+  ): Promise<AuctionInfo> {
+    const auction = await Auction.findById(auctionId);
+    if (!auction) throw new Error('could not update auction!');
+    auction.set(newAuction);
+    await auction.save();
+
+    return this.parseAuctionInfo(auctionId, auction);
+  }
+
+  // This function is used for taking an auction DB document and converting it to
+  // a usable interface.
+  static parseAuctionInfo(
+    auctionId: string,
+    auction: AuctionDataType,
+  ): AuctionInfo {
+    return {
+      id: auctionId,
+      title: auction.title,
+      description: auction.description,
+      sellerId: auction.sellerId.toString(),
+      minimumBid: auction.minimumBid,
+      endDate: auction.endDate,
+      buyerId: auction.buyerId?.toString(),
+      expectedValue: auction.expectedValue,
+      createdDate: auction.createdAt,
+    };
+  }
+}
+
+export default AuctionsService;

frontend/src/api/admin.ts

@@ -3,6 +3,7 @@ import type { FullUserInfo } from '@shared/users.ts';
 import { apiRoute, jwtHeaders } from './utils';
 
 class AdminApi {
+  // Retrieve information about all users.
   static async getAllUsers(token: string): Promise<FullUserInfo[]> {
     const res = await fetch(apiRoute('admin/users'), {
       method: 'GET',
@@ -20,6 +21,8 @@ class AdminApi {
     return await res.json();
   }
 
+  // Lock out a user's account.
+  // Locked users will not be able to log in.
   static async lockUser(id: string, token: string): Promise<void> {
     const res = await fetch(apiRoute(`admin/users/${id}/lock`), {
       method: 'POST',
@@ -35,6 +38,7 @@ class AdminApi {
     }
   }
 
+  // Unlock a user's account.
   static async unlockUser(id: string, token: string): Promise<void> {
     const res = await fetch(apiRoute(`admin/users/${id}/unlock`), {
       method: 'POST',

frontend/src/api/auctions.ts

@@ -0,0 +1,89 @@
+/// <reference types="vite/client" />
+
+import { apiRoute, jwtHeaders } from './utils';
+import {
+  AuctionInfo,
+  auctionInfoSchema,
+  CreateAuctionInfo,
+  UpdateAuctionInfo,
+} from '@shared/auctions.ts';
+
+class AuctionsApi {
+  // Retrieve information about all auctions.
+  static async getAllAuctions(token: string): Promise<AuctionInfo[]> {
+    const res = await fetch(apiRoute('auctions'), {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...jwtHeaders(token),
+      },
+    });
+
+    if (!res.ok) throw new Error('failed to fetch auctions');
+
+    // Use the defined schema to validate the response.
+    // This also takes care of converting the date strings to Date objects.
+    const rawBody: AuctionInfo[] = await res.json();
+    const body = rawBody.map((a) => auctionInfoSchema.validateSync(a));
+    return body;
+  }
+
+  // Retrieve information about a specific auction.
+  static async getAuctionInfo(id: string, token: string): Promise<AuctionInfo> {
+    const res = await fetch(apiRoute(`auctions/${id}`), {
+      method: 'GET',
+      headers: {
+        'Content-Type': 'application/json',
+        ...jwtHeaders(token),
+      },
+    });
+
+    if (!res.ok) throw new Error('failed to fetch auction');
+
+    // Use the defined schema to validate the response.
+    // This also takes care of converting the date strings to a Date.
+    const rawBody = await res.json();
+    const body = auctionInfoSchema.validateSync(rawBody);
+    return body;
+  }
+
+  // Create a new auction.
+  // If successful, the information about the new auction will be returned.
+  static async createAuction(
+    createAuctionInfo: CreateAuctionInfo,
+    token: string,
+  ): Promise<AuctionInfo> {
+    const res = await fetch(apiRoute('auctions'), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json', ...jwtHeaders(token) },
+      body: JSON.stringify(createAuctionInfo),
+    });
+    if (!res.ok) throw new Error('failed to create auction');
+    const rawBody = await res.json();
+    const body = auctionInfoSchema.validateSync(rawBody);
+    return body;
+  }
+
+  // Update information about an existing auction.
+  // If successful, the auction's updated information will be returned.
+  static async updateAuction(
+    id: string,
+    auctionInfo: Partial<UpdateAuctionInfo>,
+    token: string,
+  ): Promise<AuctionInfo> {
+    const res = await fetch(apiRoute(`auctions/${id}`), {
+      method: 'PUT',
+      headers: {
+        'Content-Type': 'application/json',
+        ...jwtHeaders(token),
+      },
+      body: JSON.stringify(auctionInfo),
+    });
+    if (!res.ok) throw new Error('failed to update auction');
+    const rawBody = await res.json();
+    const body = auctionInfoSchema.validateSync(rawBody);
+    return body;
+  }
+}
+
+export default AuctionsApi;

frontend/src/api/users.ts

@@ -8,12 +8,10 @@ import type {
 } from '@shared/users.ts';
 import { apiRoute, jwtHeaders } from './utils';
 
-// This class defines frontend API methods for the backend database.
 class UserApi {
   // Register a new user account, which requires just a username and password.
   // If successful, the new user's info will be returned.
   static async signup(auth: UserCredentials): Promise<RegularUserInfo> {
-    // Send request to create account.
     const res = await fetch(apiRoute('users/signup'), {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
@@ -29,7 +27,6 @@ class UserApi {
   // Log in to an existing user account with a username and password.
   // If successful, the authentication info from the backend will be returned.
   static async login(auth: UserCredentials): Promise<AuthInfo> {
-    // Send request to log in.
     const res = await fetch(apiRoute('users/login'), {
       method: 'POST',
       headers: { 'Content-Type': 'application/json' },
@@ -59,6 +56,7 @@ class UserApi {
     return await res.json();
   }
 
+  // Update information about an existing user.
   static async updateUser(
     id: string,
     user: Partial<FullUserInfo>,

shared/src/auctions.ts

@@ -0,0 +1,33 @@
+import * as yup from 'yup';
+
+// These are the only fields of an auction that can be updated after an auction is created.
+const updateAuctionSchema = yup.object({
+  title: yup.string().required(),
+  description: yup.string().required(),
+  buyerId: yup.string(),
+});
+// Creating an auction requires the above fields plus these additional ones.
+// These fields cannot be updated after the auction is created.
+const createAuctionSchema = updateAuctionSchema.concat(
+  yup.object({
+    sellerId: yup.string().required(),
+    minimumBid: yup.number().required().min(0),
+    endDate: yup.date().required(),
+    expectedValue: yup.number().min(0),
+  }),
+);
+
+// When the backend returns information about an auction, it includes
+// all of the above fields plus the auction ID.
+const auctionInfoSchema = createAuctionSchema.concat(
+  yup.object({
+    id: yup.string().required(),
+    createdDate: yup.date().required(),
+  }),
+);
+
+export type UpdateAuctionInfo = yup.InferType<typeof updateAuctionSchema>;
+export type CreateAuctionInfo = yup.InferType<typeof createAuctionSchema>;
+export type AuctionInfo = yup.InferType<typeof auctionInfoSchema>;
+
+export { updateAuctionSchema, createAuctionSchema, auctionInfoSchema };