feat(order-history): implement user order history route

- add more tests for GET /users/<userId>/orders - implement GET /users/<userId>/orders route to make all tests pass - add seed menu script for database [Finishes #160869959]
akhilome · Oct 1, 2018 · 1197f03 · 1197f03
1 parent 8fdde7d
commit 1197f03
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -12,7 +12,8 @@
     "purge-db": "echo 'DROP DATABASE IF EXISTS fastfoodfast;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast;' | psql -U postgres",
     "setup-schema": "psql -U postgres fastfoodfast < ./server/db/schema.sql",
     "config-db": "npm run purge-db && npm run setup-schema",
-    "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres"
+    "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres",
+    "seed-db": "psql -U postgres fastfoodfast < ./server/db/seed.sql"
   },
   "engines": {
     "node": "8.12.0"

diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
@@ -1,5 +1,6 @@
 import orders from '../db/orders';
 import Order from '../models/Order';
+import pool from '../db/config';
 
 class OrderController {
   static getAllOrders(req, res) {
@@ -56,6 +57,35 @@ class OrderController {
       order: orders[orderIndex],
     });
   }
+
+  static async getAllUserOrders(req, res) {
+    const { id } = req.params;
+
+    if (Number.isNaN(Number(id))) {
+      return res.status(400).json({
+        status: 'error',
+        message: 'invalid user id',
+      });
+    }
+
+    if (Number(id) !== req.userId) {
+      return res.status(403).json({
+        status: 'error',
+        message: 'you\'re not allowed to do that',
+      });
+    }
+
+    try {
+      const userOrders = (await pool.query('SELECT * FROM orders WHERE author=$1', [id])).rows;
+      return res.status(200).json({
+        status: 'success',
+        message: 'orders fetched successfully',
+        orders: userOrders,
+      });
+    } catch (error) {
+      return res.status(500).json({ error });
+    }
+  }
 }
 
 export default OrderController;
diff --git a/server/db/seed.sql b/server/db/seed.sql
@@ -0,0 +1,20 @@
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Tasty Prawns', 
+  'https://i.imgur.com/mTHYwlc.jpg', 
+  1250
+);
+
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Turkey Wings', 
+  'https://i.imgur.com/Bfn1CxC.jpg', 
+  950
+);
+
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Chicken Wings', 
+  'https://i.imgur.com/z490cis.jpg', 
+  850
+);
diff --git a/server/index.js b/server/index.js
@@ -3,6 +3,7 @@ import bodyParser from 'body-parser';
 import dotenv from 'dotenv';
 import router from './routes/routes';
 import authRouter from './routes/authRouter';
+import ordersRouter from './routes/ordersRouter';
 
 dotenv.config();
 const app = express();
@@ -17,8 +18,10 @@ app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 
 app.use('/api/v1', router);
+// Orders routes
+app.use('/api/v1', ordersRouter);
 // Auth routes
-app.use('/api/v1/auth/', authRouter);
+app.use('/api/v1/auth', authRouter);
 
 app.listen(process.env.PORT);
 

diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js
@@ -0,0 +1,9 @@
+import { Router } from 'express';
+import AuthHandler from '../middleware/authHandler';
+import OrderController from '../controllers/orderController';
+
+const router = new Router();
+
+router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
+
+export default router;
diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
@@ -24,7 +24,7 @@ describe('GET /users/<userId>/orders', () => {
     await populateUsersTablePromise;
     await populateOrdersTablePromise;
   });
-  const { validUser } = seedData.users;
+  const { validUser, validUserTwo } = seedData.users;
 
   it('should successfully get all orders for specified user', (done) => {
     chai.request(app)
@@ -70,4 +70,31 @@ describe('GET /users/<userId>/orders', () => {
         }
       });
   });
+
+  it('should return a 403 if user tries to get orders not placed by them', (done) => {
+    chai.request(app)
+      .get(`/api/v1/users/${validUserTwo.id}/orders`)
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(403);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+
+  it('should return a 400 if specified user id is not a number', (done) => {
+    chai.request(app)
+      .get('/api/v1/users/dontdothis/orders')
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.status.should.eql('error');
+        res.body.message.should.eql('invalid user id');
+        done();
+      });
+  });
 });