From 1197f0304670858f4332149806604b96d36d1f9b Mon Sep 17 00:00:00 2001 From: Kizito Akhilome Date: Mon, 1 Oct 2018 19:15:35 +0100 Subject: [PATCH] feat(order-history): implement user order history route - add more tests for GET /users//orders - implement GET /users//orders route to make all tests pass - add seed menu script for database [Finishes #160869959] --- package.json | 3 ++- server/controllers/orderController.js | 30 +++++++++++++++++++++++++++ server/db/seed.sql | 20 ++++++++++++++++++ server/index.js | 5 ++++- server/routes/ordersRouter.js | 9 ++++++++ tests/routes/orders.spec.js | 29 +++++++++++++++++++++++++- 6 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 server/db/seed.sql create mode 100644 server/routes/ordersRouter.js diff --git a/package.json b/package.json index 97bc9d5..af4a020 100644 --- a/package.json +++ b/package.json @@ -12,7 +12,8 @@ "purge-db": "echo 'DROP DATABASE IF EXISTS fastfoodfast;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast;' | psql -U postgres", "setup-schema": "psql -U postgres fastfoodfast < ./server/db/schema.sql", "config-db": "npm run purge-db && npm run setup-schema", - "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres" + "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres", + "seed-db": "psql -U postgres fastfoodfast < ./server/db/seed.sql" }, "engines": { "node": "8.12.0" diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js index 5a594e9..67dcb5a 100644 --- a/server/controllers/orderController.js +++ b/server/controllers/orderController.js @@ -1,5 +1,6 @@ import orders from '../db/orders'; import Order from '../models/Order'; +import pool from '../db/config'; class OrderController { static getAllOrders(req, res) { @@ -56,6 +57,35 @@ class OrderController { order: orders[orderIndex], }); } + + static async getAllUserOrders(req, res) { + const { id } = req.params; + + if (Number.isNaN(Number(id))) { + return res.status(400).json({ + status: 'error', + message: 'invalid user id', + }); + } + + if (Number(id) !== req.userId) { + return res.status(403).json({ + status: 'error', + message: 'you\'re not allowed to do that', + }); + } + + try { + const userOrders = (await pool.query('SELECT * FROM orders WHERE author=$1', [id])).rows; + return res.status(200).json({ + status: 'success', + message: 'orders fetched successfully', + orders: userOrders, + }); + } catch (error) { + return res.status(500).json({ error }); + } + } } export default OrderController; diff --git a/server/db/seed.sql b/server/db/seed.sql new file mode 100644 index 0000000..e8b5ce6 --- /dev/null +++ b/server/db/seed.sql @@ -0,0 +1,20 @@ +INSERT INTO menu(food_name, food_image, price) +VALUES( + 'Tasty Prawns', + 'https://i.imgur.com/mTHYwlc.jpg', + 1250 +); + +INSERT INTO menu(food_name, food_image, price) +VALUES( + 'Turkey Wings', + 'https://i.imgur.com/Bfn1CxC.jpg', + 950 +); + +INSERT INTO menu(food_name, food_image, price) +VALUES( + 'Chicken Wings', + 'https://i.imgur.com/z490cis.jpg', + 850 +); diff --git a/server/index.js b/server/index.js index affcafa..eb41189 100644 --- a/server/index.js +++ b/server/index.js @@ -3,6 +3,7 @@ import bodyParser from 'body-parser'; import dotenv from 'dotenv'; import router from './routes/routes'; import authRouter from './routes/authRouter'; +import ordersRouter from './routes/ordersRouter'; dotenv.config(); const app = express(); @@ -17,8 +18,10 @@ app.use(bodyParser.json()); app.use(bodyParser.urlencoded({ extended: false })); app.use('/api/v1', router); +// Orders routes +app.use('/api/v1', ordersRouter); // Auth routes -app.use('/api/v1/auth/', authRouter); +app.use('/api/v1/auth', authRouter); app.listen(process.env.PORT); diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js new file mode 100644 index 0000000..7936d32 --- /dev/null +++ b/server/routes/ordersRouter.js @@ -0,0 +1,9 @@ +import { Router } from 'express'; +import AuthHandler from '../middleware/authHandler'; +import OrderController from '../controllers/orderController'; + +const router = new Router(); + +router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders); + +export default router; diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js index 4af1beb..df28fd6 100644 --- a/tests/routes/orders.spec.js +++ b/tests/routes/orders.spec.js @@ -24,7 +24,7 @@ describe('GET /users//orders', () => { await populateUsersTablePromise; await populateOrdersTablePromise; }); - const { validUser } = seedData.users; + const { validUser, validUserTwo } = seedData.users; it('should successfully get all orders for specified user', (done) => { chai.request(app) @@ -70,4 +70,31 @@ describe('GET /users//orders', () => { } }); }); + + it('should return a 403 if user tries to get orders not placed by them', (done) => { + chai.request(app) + .get(`/api/v1/users/${validUserTwo.id}/orders`) + .set('x-auth', generateValidToken(validUser)) + .end((err, res) => { + if (err) done(err); + + res.status.should.eql(403); + res.body.status.should.eql('error'); + done(); + }); + }); + + it('should return a 400 if specified user id is not a number', (done) => { + chai.request(app) + .get('/api/v1/users/dontdothis/orders') + .set('x-auth', generateValidToken(validUser)) + .end((err, res) => { + if (err) done(err); + + res.status.should.eql(400); + res.body.status.should.eql('error'); + res.body.message.should.eql('invalid user id'); + done(); + }); + }); });