Patrick-HongYun-Project3-Backend#52
Conversation
…migration, model, seeder. also added auth0 initial setup before controllers and routers
…l as well. created primary seed data
…Name and amended createdAt to created_at and updatedAts. rewrote router and controller classes. added scripts in packagejson.
… building and room data to frontend
Created add items controller and routes
Add controller method to add new building and associated rooms.
Added logic for adding new items and also auth backend
added new logic to add new items if it exist already
…emoved consumed column and adjusted the Cart_Line_Items table to below Room_Items table
…me an optional field in user model
…ry as sequelize cannot handle complex equations
Add route and controller method to get room items
Add user logic to backend
…a user is a part of, create buildingUser row when creating new building
No conflicting files, to remove commented code before presentation.
…rinfo after logging in
Show only relevant buildings to current user
amended the usercontroller migrations and seeder for retreival of use…
Main building
…he user has access to
Only show items that is in the user's building
Update readme
Deployconfig
| @@ -1,3 +1,5 @@ | |||
| # Rocket Academy Coding Bootcamp: Project 3 Backend | |||
There was a problem hiding this comment.
Could really provide a bit more info here guys. How about what the BE really does, and what about setting up the local db for dev environment, including environment variables necessary etc?
| ENV PATH=/usr/local/node/bin:$PATH | ||
| ARG NODE_VERSION=16.15.1 | ||
|
|
||
| RUN apt-get update; apt install -y curl python-is-python3 pkg-config build-essential && \ |
There was a problem hiding this comment.
Do we really need python to build a node project? Seems a bit overkill. I am pretty sure there must be an easier way
| @@ -0,0 +1,18 @@ | |||
| require("dotenv").config(); | |||
There was a problem hiding this comment.
Do we need this file if we got the .ts file?
| @@ -0,0 +1,111 @@ | |||
| { | |||
| "compilerOptions": { | |||
| /* Visit https://aka.ms/tsconfig to read more about this file */ | |||
| app.use(checkJwt, itemsRouter); | ||
| app.use(checkJwt, buildingsRouter); | ||
| app.use(checkJwt, cartRouter); | ||
| app.use(checkJwt, dashRouter); | ||
| app.use(checkJwt, usersrouter); |
There was a problem hiding this comment.
if you are using checkJwt on every router, why not just make a generic app.use(checkJwt), just like with cors? That would avoid repetition here
| async updateUser(req: Request, res: Response) { | ||
| const { email, name, id, photoUrl } = req.body; | ||
| try { | ||
| const output = await User.findOrCreate({ | ||
| where: { email: email }, | ||
| defaults: { | ||
| auth_id: id, | ||
| email: email, | ||
| name: name, | ||
| profile_img_url: photoUrl, | ||
| }, | ||
| }); | ||
| return res.json(output); | ||
| } catch (err) { | ||
| return res.status(400).json({ error: true, msg: (err as Error).message }); | ||
| } | ||
| } |
There was a problem hiding this comment.
Since I only saw you use checkJwt, I almost would assume the following:
- I have an account on your app and can authenticate with my token to the BE request
- I can copy the token from my browser into postman and make a request to your BE
- I don't type in my email into the request body (which I can find by updating my own user profile), but another email
- I can update another user's profile
So, even if the user has a token, we should still make sure that the token and the updated User, are the same user. So we need to actually deconstruct the token to extract the email address of the user and compare to the request body. Just a small security loophole I can think of here
|
|
||
| module.exports = { | ||
| async up(queryInterface: QueryInterface, Sequelize: typeof DataTypes) { | ||
| await queryInterface.createTable("Users", { |
There was a problem hiding this comment.
As previously stated, do multiple files per each database change. Lumping into one file, I would highly discourage
| modelName: "Building", | ||
| underscored: true, | ||
| }) | ||
| export class Building extends Model<BuildingAttributes> { |
| tableName: "Items", | ||
| underscored: true, | ||
| }) | ||
| export class Item extends Model<ItemAttributes> { |
| modelName: "Room", | ||
| underscored: true, | ||
| }) | ||
| export class Room extends Model<RoomAttributes> { |
| rooms.map(async (obj: RoomAttributes) => { | ||
| const newRoom = { ...obj }; | ||
| newRoom["building_id"] = newBuilding.id; | ||
| await Room.create(newRoom, { transaction: t }); |
There was a problem hiding this comment.
you should collect the rooms into an array, and then run bulkCreate
3 participants
No description provided.