Merge 1197f03 into de5f505

akhilome · Oct 1, 2018 · 32009ef · 32009ef
2 parents de5f505 + 1197f03
commit 32009ef
Show file tree

Hide file tree

Showing 8 changed files with 289 additions and 17 deletions.
diff --git a/package.json b/package.json
@@ -12,7 +12,8 @@
     "purge-db": "echo 'DROP DATABASE IF EXISTS fastfoodfast;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast;' | psql -U postgres",
     "setup-schema": "psql -U postgres fastfoodfast < ./server/db/schema.sql",
     "config-db": "npm run purge-db && npm run setup-schema",
-    "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres"
+    "setup-testdb": "echo 'DROP DATABASE IF EXISTS fastfoodfast_test;' | psql -U postgres && echo 'CREATE DATABASE fastfoodfast_test;' | psql -U postgres",
+    "seed-db": "psql -U postgres fastfoodfast < ./server/db/seed.sql"
   },
   "engines": {
     "node": "8.12.0"

diff --git a/server/controllers/orderController.js b/server/controllers/orderController.js
@@ -1,5 +1,6 @@
 import orders from '../db/orders';
 import Order from '../models/Order';
+import pool from '../db/config';
 
 class OrderController {
   static getAllOrders(req, res) {
@@ -56,6 +57,35 @@ class OrderController {
       order: orders[orderIndex],
     });
   }
+
+  static async getAllUserOrders(req, res) {
+    const { id } = req.params;
+
+    if (Number.isNaN(Number(id))) {
+      return res.status(400).json({
+        status: 'error',
+        message: 'invalid user id',
+      });
+    }
+
+    if (Number(id) !== req.userId) {
+      return res.status(403).json({
+        status: 'error',
+        message: 'you\'re not allowed to do that',
+      });
+    }
+
+    try {
+      const userOrders = (await pool.query('SELECT * FROM orders WHERE author=$1', [id])).rows;
+      return res.status(200).json({
+        status: 'success',
+        message: 'orders fetched successfully',
+        orders: userOrders,
+      });
+    } catch (error) {
+      return res.status(500).json({ error });
+    }
+  }
 }
 
 export default OrderController;
diff --git a/server/db/seed.sql b/server/db/seed.sql
@@ -0,0 +1,20 @@
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Tasty Prawns', 
+  'https://i.imgur.com/mTHYwlc.jpg', 
+  1250
+);
+
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Turkey Wings', 
+  'https://i.imgur.com/Bfn1CxC.jpg', 
+  950
+);
+
+INSERT INTO menu(food_name, food_image, price)
+VALUES(
+  'Chicken Wings', 
+  'https://i.imgur.com/z490cis.jpg', 
+  850
+);
diff --git a/server/index.js b/server/index.js
@@ -3,6 +3,7 @@ import bodyParser from 'body-parser';
 import dotenv from 'dotenv';
 import router from './routes/routes';
 import authRouter from './routes/authRouter';
+import ordersRouter from './routes/ordersRouter';
 
 dotenv.config();
 const app = express();
@@ -17,8 +18,10 @@ app.use(bodyParser.json());
 app.use(bodyParser.urlencoded({ extended: false }));
 
 app.use('/api/v1', router);
+// Orders routes
+app.use('/api/v1', ordersRouter);
 // Auth routes
-app.use('/api/v1/auth/', authRouter);
+app.use('/api/v1/auth', authRouter);
 
 app.listen(process.env.PORT);
 

diff --git a/server/routes/ordersRouter.js b/server/routes/ordersRouter.js
@@ -0,0 +1,9 @@
+import { Router } from 'express';
+import AuthHandler from '../middleware/authHandler';
+import OrderController from '../controllers/orderController';
+
+const router = new Router();
+
+router.get('/users/:id/orders', AuthHandler.authorize, OrderController.getAllUserOrders);
+
+export default router;
diff --git a/tests/routes/auth.spec.js b/tests/routes/auth.spec.js
@@ -3,13 +3,13 @@ import 'chai/register-should';
 import chaiHttp from 'chai-http';
 import dirtyChai from 'dirty-chai';
 import app from '../../server/index';
-import { seedData, populateTables, populateUsersTable } from '../seed/seed';
+import { seedData, emptyTables, populateUsersTable } from '../seed/seed';
 
 chai.use(chaiHttp);
 chai.use(dirtyChai);
 
 describe('POST /auth/signup', () => {
-  before(populateTables);
+  before(emptyTables);
 
   it('should signup a valid user successfully', (done) => {
     chai.request(app)
@@ -100,7 +100,7 @@ describe('POST /auth/signup', () => {
 });
 
 describe('POST /auth/login', () => {
-  beforeEach(populateTables);
+  beforeEach(emptyTables);
   beforeEach(populateUsersTable);
 
   it('should sign an existing user in', (done) => {

diff --git a/tests/routes/orders.spec.js b/tests/routes/orders.spec.js
@@ -0,0 +1,100 @@
+import chai from 'chai';
+import 'chai/register-should';
+import chaiHttp from 'chai-http';
+import dirtyChai from 'dirty-chai';
+
+import app from '../../server/index';
+import pool from '../../server/db/config';
+import {
+  seedData,
+  emptyTablesPromise,
+  populateUsersTablePromise,
+  populateMenuTablePromise,
+  populateOrdersTablePromise,
+  generateValidToken,
+} from '../seed/seed';
+
+chai.use(chaiHttp);
+chai.use(dirtyChai);
+
+describe('GET /users/<userId>/orders', () => {
+  beforeEach(async () => {
+    await emptyTablesPromise;
+    await populateMenuTablePromise;
+    await populateUsersTablePromise;
+    await populateOrdersTablePromise;
+  });
+  const { validUser, validUserTwo } = seedData.users;
+
+  it('should successfully get all orders for specified user', (done) => {
+    chai.request(app)
+      .get(`/api/v1/users/${validUser.id}/orders`)
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(200);
+        res.body.should.have.all.keys(['status', 'message', 'orders']);
+        res.body.orders.should.be.an('array');
+        done();
+      });
+  });
+
+  it('should return a 401 if user isn\'t authenticated', (done) => {
+    chai.request(app)
+      .get(`/api/v1/users/${validUser.id}/orders`)
+      .set('x-auth', '')
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(401);
+        res.body.should.have.all.keys(['status', 'message']);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+
+  it('should only return orders placed by specified user', (done) => {
+    chai.request(app)
+      .get(`/api/v1/users/${validUser.id}/orders`)
+      .set('x-auth', generateValidToken(validUser))
+      .end(async (err, res) => {
+        if (err) done(err);
+
+        try {
+          const orderCount = (await pool.query('SELECT * FROM orders WHERE author=$1', [validUser.id])).rowCount;
+          res.body.orders.length.should.eql(orderCount);
+          done();
+        } catch (error) {
+          done(error);
+        }
+      });
+  });
+
+  it('should return a 403 if user tries to get orders not placed by them', (done) => {
+    chai.request(app)
+      .get(`/api/v1/users/${validUserTwo.id}/orders`)
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(403);
+        res.body.status.should.eql('error');
+        done();
+      });
+  });
+
+  it('should return a 400 if specified user id is not a number', (done) => {
+    chai.request(app)
+      .get('/api/v1/users/dontdothis/orders')
+      .set('x-auth', generateValidToken(validUser))
+      .end((err, res) => {
+        if (err) done(err);
+
+        res.status.should.eql(400);
+        res.body.status.should.eql('error');
+        res.body.message.should.eql('invalid user id');
+        done();
+      });
+  });
+});