chore(endpoints): secure all endpoints with jwt token

- create scripts to create db tables on local and production environment
chidimo · May 23, 2019 · fb75920 · fb75920
1 parent 58db41d
commit fb75920
Show file tree

Hide file tree

Showing 8 changed files with 180 additions and 108 deletions.
diff --git a/package.json b/package.json
@@ -17,7 +17,9 @@
         "lint": "./node_modules/.bin/eslint ./",
         "test": "set NODE_ENV=test&set DEBUG=test&set DBNAME=testdb&nyc --reporter=html --reporter=text --reporter=lcov mocha -r @babel/register -r should",
         "cover": "nyc report --reporter=text-lcov | coveralls",
-        "coverage": "nyc report --reporter=text-lcov | coveralls"
+        "coverage": "nyc report --reporter=text-lcov | coveralls",
+        "devtables": "set DEBUG=dev&set DBNAME=quick_credit&node --require @babel/register utils/createTables",
+        "herokutables": "node --require @babel/register utils/createTables"
     },
     "bugs": {
         "url": "https://github.com/chidimo/Quick-Credit/issues"

diff --git a/routes/index.js b/routes/index.js
@@ -26,20 +26,36 @@ router.post('/auth/signin',
     AuthController.signin
 );
 
-router.patch('/users/:id/verify', UsersController.verify_user);
-router.get(
-    '/users/:id/account-confirmation', UsersController.confirm_account);
-router.get('/users', UsersController.get_users);
-router.get('/users/:id', UsersController.get_user);
-router.get('/users?status=verified', UsersController.get_users);
+router.patch('/users/:id/verify',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.verify_user
+);
+router.get('/users/:id/account-confirmation',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.confirm_account
+);
+router.get('/users',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_users
+);
+router.get('/users/:id',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_user
+);
+router.get('/users?status=verified',
+    AuthenticationMiddleware.verifyToken,
+    UsersController.get_users
+);
 router.patch('/users/:id/update',
     UsersValidators.updateProfileValidator,
     UsersController.update_user_profile
 );
-router.get('/users/:id/photo/upload/', 
+router.get('/users/:id/photo/upload/',
+    AuthenticationMiddleware.verifyToken,
     UsersController.get_aws_signed_url
 );
 router.patch('/users/:id/photo/update',
+    AuthenticationMiddleware.verifyToken,
     UsersController.update_photo_url
 );
 router.post('/users/:email/reset_password',
@@ -49,25 +65,50 @@ router.post('/users/:email/reset_password',
 
 router.get('/loans',
     AuthenticationMiddleware.verifyToken,
-    LoansController.get_all_loans);
-router.get('/loans/:id', LoansController.get_loan);
-router.get(
-    '/loans?status=approved&repaid=false', LoansController.get_all_loans);
-router.get(
-    '/loans?status=approved&repaid=true', LoansController.get_all_loans);
+    LoansController.get_all_loans
+);
+router.get('/loans/:id',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_loan
+);
+router.get('/loans?status=approved&repaid=false',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_loans
+);
+router.get('/loans?status=approved&repaid=true',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_loans
+);
 router.post('/loans',
+    AuthenticationMiddleware.verifyToken,
     LoansValidators.validateAmount,
     LoansValidators.validateTenor,
-    LoansController.create_loan);
-router.patch('/loans/:id/approve', LoansController.approve_or_reject_loan);
-router.patch('/loans/:id/reject', LoansController.approve_or_reject_loan);
-router.get(
-    '/loans/:id/repayments', LoansController.loan_repayment_history
+    LoansController.create_loan
+);
+router.patch('/loans/:id/approve',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.approve_or_reject_loan
+);
+router.patch('/loans/:id/reject',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.approve_or_reject_loan
+);
+router.get('/loans/:id/repayments',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.loan_repayment_history
 );
 router.post('/loans/:id/repayment',
+    AuthenticationMiddleware.verifyToken,
     LoansValidators.validateRepayAmount,
-    LoansController.post_repayment);
-router.get('/repayments', LoansController.get_all_repayments);
-router.get('/repayments/:id', LoansController.get_repayment);
+    LoansController.post_repayment
+);
+router.get('/repayments',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_all_repayments
+);
+router.get('/repayments/:id',
+    AuthenticationMiddleware.verifyToken,
+    LoansController.get_repayment
+);
 
 export default router;
diff --git a/test/loans-spec.js b/test/loans-spec.js
@@ -6,8 +6,7 @@ import assert from 'assert';
 import app from '../app';
 
 import { test_logger } from '../utils/loggers';
-import createDB from '../utils/createDB';
-import clearDB from '../utils/clearDB';
+import { createDB, clearDB } from '../utils/localDbOps';
 
 const server = supertest.agent(app);
 

diff --git a/test/users-spec.js b/test/users-spec.js
@@ -5,8 +5,7 @@
 import supertest from 'supertest';
 import app from '../app';
 import { test_logger } from '../utils/loggers';
-import createDB from '../utils/createDB';
-import clearDB from '../utils/clearDB';
+import { createDB, clearDB } from '../utils/localDbOps';
 
 const server = supertest.agent(app);
 

diff --git a/utils/clearDB.js b/utils/clearDB.js
diff --git a/utils/createTables.js b/utils/createTables.js
@@ -0,0 +1,26 @@
+import pool from '../models/pool';
+import { dev_logger, test_logger } from './loggers';
+
+console.log("CREATING TALBES")
+
+import {
+    createUserTable,
+    createLoansTable,
+    createRepaymentsTable,
+} from './dbOps';
+
+const queries = [
+    createUserTable, createLoansTable, createRepaymentsTable,
+];
+
+export const createTables = async () => {
+    for (const query of queries) {
+        dev_logger(query);
+        test_logger(query);
+        await pool.query(query);
+    }
+};
+
+createTables();
+console.log('TABLES CREATED')
+export default createTables;
diff --git a/utils/createDB.js → utils/dbOps.js b/utils/createDB.js → utils/dbOps.js
@@ -1,8 +1,7 @@
-import pool from '../models/pool';
-import { dev_logger, test_logger } from './loggers';
 import hashPassword from './hashPassword';
 
-const createUserTable = `
+export const createUserTable = `
+    DROP TABLE IF EXISTS users;
     CREATE TABLE IF NOT EXISTS users (
         id SERIAL PRIMARY KEY,
         email VARCHAR NOT NULL UNIQUE,
@@ -15,24 +14,11 @@ const createUserTable = `
         status VARCHAR DEFAULT 'unverified',
         isadmin BOOLEAN DEFAULT false,
         mailverified BOOLEAN DEFAULT false
-    );
-`;
-
-const populateUserTable = `
-    INSERT INTO users(email, password, firstname, lastname, phone, address)
-    VALUES ('a@b.com', '${hashPassword('password')}', 'first', 'men', '080121515', '{"home": "iyaba", "office": "ring road"}'),
-    ('c@d.go', '${hashPassword('password')}', 'name', 'cat', '08151584151', '{"home": "london", "office": "NYC"}'),
-    ('me@yahoo.com', '${hashPassword('password')}', 'tayo', 'dele', '08012345678', '{"home": "ijebu","office": "ijegun"}'),
-    ('abc@gmail.com', '${hashPassword('password')}', 'what', 'is', '08012345678','{"home": "must","office": "not"}'),
-    ('name@chat.co', '${hashPassword('password')}', 'niger', 'tornadoes', '08012345678', '{"home": "niger","office": "niger"}'),
-    ('bcc@gmail.com', '${hashPassword('password')}', 'bcc', 'lions', '08012345678', '{"home": "gboko","office": "gboko"}'),
-    ('bbc@bbc.uk', '${hashPassword('password')}', 'bbc', 'broadcast', '08012345678', '{"home": "london","office": "uk"}'),
-    ('c@g.move', '${hashPassword('password')}', 'abc', 'def', '08012345678', '{"home": "shop","office": "home"}'),
-    ('an@dela.ng', '${hashPassword('password')}', 'and', 'ela', '08012345678', '{"home": "ikorodu","office": "lagos"}'),
-    ('soft@ware.eng', '${hashPassword('password')}', 'soft', 'eng', '08012345678', '{"home": "remote","office": "on-site"}');
+    )
 `;
 
-const createLoansTable = `
+export const createLoansTable = `
+    DROP TABLE IF EXISTS loans;
     CREATE TABLE IF NOT EXISTS loans (
         id SERIAL PRIMARY KEY,
         userid INT NOT NULL,
@@ -47,55 +33,59 @@ const createLoansTable = `
         paymentinstallment FLOAT NOT NULL
     );
 `;
-
-const populateLoansTable = `
-        INSERT INTO loans(userid, status, repaid, amount, tenor, interest, balance, paymentinstallment)
-        VALUES (1, 'approved', false, 50000, 12, 2500, 36999.35, 4375),
-        (2, 'approved', true, 100000, 12, 5000, 0, 8750),
-        (3, 'approved', false, 200000, 8, 10000, 200000, 26250),
-        (4, 'approved', false, 25000, 12, 1250, 24500, 2187.5),
-        (5, 'approved', false, 45000, 6, 2250, 26250, 7875),
-        (6, 'pending', false, 80000, 12, 4000, 8000, 7000),
-        (7, 'rejected', false, 60000, 6, 3000, 6000, 10500),
-        (8, 'approved', false, 125000, 12, 6250, 20000, 10937.5),
-        (9, 'rejected', false, 190000, 12, 9500, 19000, 16625),
-        (10, 'pending', false, 1000000, 12, 50000, 0, 87500);
-    `;
-
-const createRepaymentsTable = `
+
+export const createRepaymentsTable = `
+    DROP TABLE IF EXISTS repayments;
     CREATE TABLE IF NOT EXISTS repayments (
         id SERIAL PRIMARY KEY,
+        createdon TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
         loanid INT NOT NULL,
         adminid INT NOT NULL,
-        createdon TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
         amount FLOAT NOT NULL
     );
 `;
-const populateRepaymentsTable = `
-        INSERT INTO repayments(loanid, adminid, amount)
-        VALUES (1, 3, 4375),
-            (1, 3, 4375),
-            (2, 1, 26250),
-            (1, 2, 4375),
-            (3, 4, 2875),
-            (5, 8, 10500),
-            (4, 3, 4375),
-            (8, 1, 4375),
-            (8, 4, 4375),
-            (10, 8, 4375)
-    `;
 
-const queries = [
-    createUserTable, createLoansTable, createRepaymentsTable,
-    populateUserTable, populateLoansTable, populateRepaymentsTable
-];
+export const populateUserTable = `
+    INSERT INTO users(email, password, firstname, lastname, phone, address)
+    VALUES ('a@b.com', '${hashPassword('password')}', 'first', 'men', '080121515', '{"home": "iyaba", "office": "ring road"}'),
+    ('c@d.go', '${hashPassword('password')}', 'name', 'cat', '08151584151', '{"home": "london", "office": "NYC"}'),
+    ('me@yahoo.com', '${hashPassword('password')}', 'tayo', 'dele', '08012345678', '{"home": "ijebu","office": "ijegun"}'),
+    ('abc@gmail.com', '${hashPassword('password')}', 'what', 'is', '08012345678','{"home": "must","office": "not"}'),
+    ('name@chat.co', '${hashPassword('password')}', 'niger', 'tornadoes', '08012345678', '{"home": "niger","office": "niger"}'),
+    ('bcc@gmail.com', '${hashPassword('password')}', 'bcc', 'lions', '08012345678', '{"home": "gboko","office": "gboko"}'),
+    ('bbc@bbc.uk', '${hashPassword('password')}', 'bbc', 'broadcast', '08012345678', '{"home": "london","office": "uk"}'),
+    ('c@g.move', '${hashPassword('password')}', 'abc', 'def', '08012345678', '{"home": "shop","office": "home"}'),
+    ('an@dela.ng', '${hashPassword('password')}', 'and', 'ela', '08012345678', '{"home": "ikorodu","office": "lagos"}'),
+    ('soft@ware.eng', '${hashPassword('password')}', 'soft', 'eng', '08012345678', '{"home": "remote","office": "on-site"}');
+`;
+
+export const populateLoansTable = `
+    INSERT INTO loans(userid, status, repaid, amount, tenor, interest, balance, paymentinstallment)
+    VALUES (1, 'approved', false, 50000, 12, 2500, 36999.35, 4375),
+    (2, 'approved', true, 100000, 12, 5000, 0, 8750),
+    (3, 'approved', false, 200000, 8, 10000, 200000, 26250),
+    (4, 'approved', false, 25000, 12, 1250, 24500, 2187.5),
+    (5, 'approved', false, 45000, 6, 2250, 26250, 7875),
+    (6, 'pending', false, 80000, 12, 4000, 8000, 7000),
+    (7, 'rejected', false, 60000, 6, 3000, 6000, 10500),
+    (8, 'approved', false, 125000, 12, 6250, 20000, 10937.5),
+    (10, 'pending', false, 1000000, 12, 50000, 0, 87500);
+`;
 
-const createDB = async () => {
-    for (const query of queries) {
-        dev_logger(query);
-        test_logger(query);
-        await pool.query(query);
-    }
-};
+export const populateRepaymentsTable = `
+    INSERT INTO repayments(loanid, adminid, amount)
+    VALUES (1, 3, 4375),
+        (1, 3, 4375),
+        (2, 1, 26250),
+        (1, 2, 4375),
+        (3, 4, 2875),
+        (5, 8, 10500),
+        (4, 3, 4375),
+        (8, 1, 4375),
+        (8, 4, 4375),
+        (10, 8, 4375)
+`;
 
-export default createDB;
+export const dropUsers = 'DROP TABLE users';
+export const dropLoans = 'DROP TABLE loans';
+export const dropRepayments = 'DROP TABLE repayments';
diff --git a/utils/localDbOps.js b/utils/localDbOps.js
@@ -0,0 +1,36 @@
+import pool from '../models/pool';
+import { dev_logger, test_logger } from './loggers';
+
+import {
+    createUserTable,
+    populateUserTable,
+    createLoansTable,
+    populateLoansTable,
+    createRepaymentsTable,
+    populateRepaymentsTable,
+    dropUsers,
+    dropLoans,
+    dropRepayments
+} from './dbOps';
+
+const setup = [
+    createUserTable, createLoansTable, createRepaymentsTable,
+    populateUserTable, populateLoansTable, populateRepaymentsTable
+];
+
+const cleanup = [ dropUsers, dropLoans, dropRepayments ];
+
+export const createDB = async () => {
+    for (const query of setup) {
+        dev_logger(query);
+        test_logger(query);
+        await pool.query(query);
+    }
+};
+
+export const clearDB = async () => {
+    for (const query of cleanup) {
+        dev_logger(query);
+        await pool.query(query);
+    }
+};