Merge 8cdc450 into 66b51cf

andela · Jul 11, 2019 · bf9bdb1 · bf9bdb1
2 parents 66b51cf + 8cdc450
commit bf9bdb1
Show file tree

Hide file tree

Showing 13 changed files with 390 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -19,7 +19,7 @@ However, for the purpose of testing and configurations, one endpoint has been cr
 
 > create database to postgresql
 ```
-> createdb authorshavendb
+> createdb authorsHavenDb
 ```
 remember to change the password in config.js file for development
 

diff --git a/example.env b/example.env
@@ -1,17 +1,16 @@
 DATABASE_USERNAME_DEV="your-database-username"
 DATABASE_PASSWORD="your-database-password"
-DATABASE_PASSWORD_TEST="your-postgres-password-test"
-SECRET_JWT_KEY="your-own-secret-key"
+
 DATABASE_USERNAME_TEST="your-database-username-for-test"
+DATABASE_PASSWORD_TEST="your-postgres-password-test"
+
 SENDGRID_API_KEY="insert your send grid token"
-SECRET_JWT_KEY='write your secret key'
 SECRET_JWT_KEY="your-own-secret-key"
 SECRET_KEY="your-database-password"
-DATABASE_PASSWORD_TEST="password"
-DATABASE_USERNAME_TEST="postgres"
+
 HEROKU_DATABASE_USERNAME="heroku-database-username"
 HEROKU_SECRET_KEY="heroku-database-password"
 HEROKU_HOST="heroku-host"
 HEROKU_DATABASE="heroku-database-name"
-SendGridKey=""
 
+HOST="127.0.0.1:7000"
diff --git a/src/controllers/profileController.js b/src/controllers/profileController.js
@@ -0,0 +1,59 @@
+import model from '../db/models/index';
+
+const { Users } = model;
+
+/**
+ * profile controller
+ */
+class ProfileManager {
+/**
+   *
+   * @param {Object} req
+   * @param {Object} res
+   * @returns {Object} success user view profile
+   */
+  static async viewProfile(req, res) {
+    const user = await Users.findOne({ where: { username: req.params.username } });
+    if (user) {
+      user.hash = undefined;
+      return res.status(200).json({
+        profile: user
+      });
+    }
+    return res.status(404).json({
+      message: 'user with that email does not exist'
+    });
+  }
+
+  /**
+   *
+   * @param {Object} req
+   * @param {Object} res
+   * @returns {Object} success user update profile
+   */
+  static async updateProfile(req, res) {
+    try {
+      const {
+        email, username, image, bio, isVerified
+      } = req.body;
+      const user = await Users.findOne({ where: { username: req.params.username } });
+      const updated = await user.update({
+        email: email || user.email,
+        username: username || user.username,
+        image: image || user.image,
+        bio: bio || user.bio,
+        isVerified: isVerified || user.isVerified
+      });
+      updated.hash = undefined;
+      return res.status(200).json({
+        user: updated
+      });
+    } catch (error) {
+      return res.json({
+        error
+      });
+    }
+  }
+}
+
+export default ProfileManager;
diff --git a/src/controllers/userControllers.js b/src/controllers/userControllers.js
@@ -38,7 +38,6 @@ class UserManager {
         message: 'Thank you for registration, You should check your email for verification',
       });
     } catch (error) {
-      console.log(error);
       return res.status(409).json({
         message: 'user with the same email already exist'
       });

diff --git a/src/db/config/envirnoment.js b/src/db/config/envirnoment.js
@@ -15,10 +15,4 @@ envConfig.db_password_pro = process.env.HEROKU_SECRET_KEY;
 envConfig.db_host_pro = process.env.HEROKU_HOST;
 envConfig.db_database_pro = process.env.HEROKU_DATABASE;
 
-envConfig.send_grid_key = process.env.SendGridApiKey;
-envConfig.host = process.env.HOST;
-envConfig.token = process.env.SECRET_JWT_KEY;
-envConfig.email = process.env.EMAIL;
-envConfig.password = process.env.PASSWORD;
-
 export default envConfig;
diff --git a/src/db/models/users.js b/src/db/models/users.js
@@ -18,7 +18,7 @@ export default (sequelize, DataTypes) => {
       }
     },
     bio: DataTypes.STRING,
-    image: DataTypes.STRING,
+    image: DataTypes.BLOB('long'),
     favorites: [{
       type: DataTypes.STRING,
       allowNull: {

diff --git a/src/helpers/processToken.js b/src/helpers/processToken.js
@@ -12,7 +12,7 @@ class processToken {
    * @returns {object} token
    */
   static async signToken(payload) {
-    const token = await jwt.sign(payload, process.env.SECRET_JWT_KEY, { expiresIn: 60 });
+    const token = await jwt.sign(payload, process.env.SECRET_JWT_KEY, { expiresIn: '24h' });
     return token;
   }
 
@@ -22,7 +22,7 @@ class processToken {
    * @returns {object} verified token
    */
   static async verifyToken(token) {
-    const verifyToken = await jwt.verify(token, process.env.SECRET_JWT_KEY, { expiresIn: 60 });
+    const verifyToken = await jwt.verify(token, process.env.SECRET_JWT_KEY, { expiresIn: '24h' });
     return verifyToken;
   }
 }

diff --git a/src/middlewares/isAuth.js b/src/middlewares/isAuth.js
@@ -0,0 +1,43 @@
+import processToken from '../helpers/processToken';
+
+/**
+ * authenticate user
+ */
+class isAuth {
+  /**
+   *
+   * @param {object} req
+   * @param {object} res
+   * @param {object} next
+   * @returns {object} user details
+   */
+  static async hasToken(req, res, next) {
+    const { token } = req.headers;
+    if (!token) {
+      return res.status(401).json({
+        message: 'unauthorized'
+      });
+    }
+    next();
+  }
+
+  /**
+   *
+   * @param {object} req
+   * @param {object} res
+   * @param {object} next
+   * @returns {object} user details
+   */
+  static async isOwner(req, res, next) {
+    const { token } = req.headers;
+    const { username } = await processToken.verifyToken(token);
+    if (username !== req.params.username) {
+      return res.status(403).json({
+        message: 'Forbidden access'
+      });
+    }
+    next();
+  }
+}
+
+export default isAuth;
diff --git a/src/routes/api/index.js b/src/routes/api/index.js
@@ -1,9 +1,10 @@
 import express from 'express';
-
 import users from './users';
+import profiles from './profiles';
 
 const router = express.Router();
 
 router.use('/api', users);
+router.use('/api', profiles);
 
 export default router;
diff --git a/src/routes/api/profiles.js b/src/routes/api/profiles.js
@@ -0,0 +1,10 @@
+import express from 'express';
+import profileController from '../../controllers/profileController';
+import isAuth from '../../middlewares/isAuth';
+
+const router = express.Router();
+
+router.get('/profile/:username', isAuth.hasToken, profileController.viewProfile);
+router.put('/profiles/:username', isAuth.hasToken, isAuth.isOwner, profileController.updateProfile);
+
+export default router;
diff --git a/src/routes/api/users.js b/src/routes/api/users.js
@@ -5,6 +5,7 @@ import logout from '../../middlewares/logout';
 
 const { logoutToken } = logout;
 
+
 const router = express.Router();
 
 router.post('/verification', userController.verification);

diff --git a/swagger.json b/swagger.json
@@ -93,6 +93,36 @@
           "type": "text"
         }
       }
+    },
+    "view-profile": {
+      "required": [
+        "username",
+        "token"
+      ],
+      "properties": {
+        "username": {
+          "type": "string"
+        },
+        "token": {
+          "type": "string"
+        }
+      }
+    },
+    "update-profile": {
+      "properties": {
+        "username": {
+          "type": "string"
+        },
+        "email": {
+          "type": "string"
+        },
+        "image": {
+          "type": "string"
+        },
+        "bio": {
+          "type": "string"
+        }
+      }
     }
   },
     "paths": {
@@ -201,6 +231,81 @@
         }
       }
     },
+    "/api/profile/{username}": {
+      "get": {
+        "tags": [
+          "view profile"
+        ],
+        "description": "A user can view his or her profile and that of other users",
+        "parameters": [
+          {
+            "name": "username",
+            "in": "path",
+            "description": "A user can view his or her profile and that of other users by specifing the username",
+            "require": true
+          },
+          {
+            "name": "token",
+            "in": "header",
+            "description": "Token to authorized user",
+            "require": true
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "user profile fetched successfully",
+            "schema": {
+              "$ref": "#/definitions/view-profile"
+            }
+          }
+        }
+      }
+    },
+    "/api/profiles/{username}": {
+      "put": {
+        "tags": [
+          "update profile"
+        ],
+        "description": "A user can update his or her profile and that of other users",
+        "parameters": [
+          {
+            "name": "username",
+            "in": "path",
+            "description": "A user can update his or her profile and that of other users by specifing the username",
+            "require": true
+          },
+          {
+            "name": "token",
+            "in": "header",
+            "description": "Token to authorized user",
+            "require": true
+          },
+          {
+            "name": "body",
+            "in": "body",
+            "description": "A user can update his or her profile and that of other users",
+            "require": true,
+            "schema": {
+              "$ref": "#/definitions/update-profile"
+            }
+          }
+        ],
+        "produces": [
+          "application/json"
+        ],
+        "responses": {
+          "200": {
+            "description": "user profile updated successfully",
+            "schema": {
+              "$ref": "#/definitions/update-profile"
+            }
+          }
+        }
+      }
+    },
     "/api/users/login": {
       "post": {
         "tags": [