· 6 years ago · Sep 29, 2019, 05:18 PM
1let beers = module.exports = require('express').Router();
2let tokenHelper = require('../token-helper');
3let jwt = require('jsonwebtoken');
4
5let secretKey = 'secretKey';
6let getBeersQuery = 'select b.*, count(l.beerId) as likes from beers b left join likes l on l.beerId = b.id group by b.id order by likes desc, b.id';
7
8/**
9 * Get beers (localhost:3000/beers)
10 * Token required
11 * The user can add multiple filters in Headers, ex: Key: Brewery, Value: BrewDog and Key: Minimum, Value: 7
12 * Available filters: Brewery, Category, Minimum, Maximum
13*/
14beers.get('', tokenHelper.verifyToken, function (req, res) {
15 jwt.verify(req.token, secretKey, (err, userInfo) => {
16 if (err) {
17 res.status(401).json({ error: "Invalid JWT" });
18 } else {
19 req.db.all(getBeersQuery, function (err, beers) {
20 if (beers) {
21 if (req.headers['brewery']) {
22 beers = beers.filter(filter => filter.brewery == req.headers['brewery']);
23 }
24 if (req.headers['category']) {
25 beers = beers.filter(filter => filter.category == req.headers['category']);
26 }
27 if (req.headers['minimum']) {
28 if (Number(req.headers['minimum']) > 0 && Number(req.headers['minimum']) <= 100) { //Value is number
29 beers = beers.filter(filter => filter.percentage > req.headers['minimum']);
30 } else {
31 res.status(404).json({ error: "Wrong minimum percentage filter type" });
32 return;
33 }
34 }
35 if (req.headers['maximum']) {
36 if (Number(req.headers['maximum']) > 0 && Number(req.headers['maximum']) <= 100) { //Value is number
37 beers = beers.filter(filter => filter.percentage < req.headers['maximum']);
38 } else {
39 res.status(404).json({ error: "Wrong maximum percentage filter type" });
40 return;
41 }
42 }
43 if (Object.keys(beers).length > 0) {
44 res.status(200).json(beers);
45 } else {
46 res.status(404).json({ error: "No such beers" });
47 }
48 } else {
49 res.status(404).json({ error: "No beers in the db" });
50 }
51 });
52 }
53 });
54});
55
56/**
57 * Create new beer, if the logged in user is an admin (localhost:3000/beers/new)
58 * Token required
59 * We expect the user to have a correct JSON structure
60 * We expect the user to have all required fields in the JSON body, ex: { "name": "Test", "percentage": 7, "brewery": "Test", "category": "Test" }
61 */
62beers.post('/new', tokenHelper.verifyToken, function (req, res) {
63 jwt.verify(req.token, secretKey, (err, userInfo) => {
64 if (err) {
65 res.status(401).json({ error: "Invalid JWT" });
66 } else if (userInfo[Object.keys(userInfo)[0]].level !== 9) { //Not admin
67 res.status(403).json({ error: "Unauthorized access" });
68 } if (Object.keys(req.body).length === 0) {
69 res.status(400).json({ error: "No body" });
70 } else if (req.body.name === '' && req.body.percentage === '' && req.body.brewery === '' && req.body.category === '') {
71 res.status(400).json({ error: "Empty fields" })
72 } else if (req.body.name === '') {
73 res.status(400).json({ error: "No name" })
74 } else if (req.body.percentage === '') {
75 res.status(400).json({ error: "No percentage" })
76 } else if (req.body.brewery === '') {
77 res.status(400).json({ error: "No brewery" })
78 } else if (req.body.category === '') {
79 res.status(400).json({ error: "No category" })
80 } else if (typeof req.body.name !== 'string') {
81 res.status(400).json({ error: "Wrong name type" })
82 } else if (typeof req.body.percentage !== 'number') {
83 res.status(400).json({ error: "Wrong percentage type" })
84 } else if (typeof req.body.brewery !== 'string') {
85 res.status(400).json({ error: "Wrong brewery type" })
86 } else if (typeof req.body.category !== 'string') {
87 res.status(400).json({ error: "Wrong category type" })
88 } else {
89 req.db.get('select * from beers where name=?', req.body.name, function (err, beer) {
90 if (beer) { //Beer already exits
91 res.status(400).json({ error: "Beer already exists" });
92 } else {
93 req.db.get('select id from beers order by id desc', function (err, beer) {
94 let lastBeerId;
95 if (beer) {
96 lastBeerId = beer.id;
97 lastBeerId++;
98 } else { //Db empty => new beer = first beer
99 lastBeerId = 1;
100 }
101 req.db.prepare('insert into beers (id, name, percentage, brewery, category) values (?, ?, ?, ?, ?)').run(lastBeerId, req.body.name, req.body.percentage, req.body.brewery, req.body.category);
102 req.db.all(getBeersQuery, function (err, beers) {
103 res.status(201).json(beers);
104 });
105 });
106 }
107 });
108 }
109 });
110});
111
112/**
113 * Delete beer, if the logged in user is an admin (localhost:3000/beers/delete/:id, ex: localhost:3000/beers/delete/1)
114 * Token required
115 */
116beers.post('/delete/:id', tokenHelper.verifyToken, function (req, res) {
117 jwt.verify(req.token, secretKey, (err, userInfo) => {
118 if (err) {
119 res.status(401).json({ error: "Invalid JWT" });
120 } else if (userInfo[Object.keys(userInfo)[0]].level !== 9) { //Not admin
121 res.status(403).json({ error: "Unauthorized access" });
122 } else {
123 req.db.get('select * from beers where id=?', req.params.id, function (err, beer) {
124 if (beer) {
125 req.db.prepare('delete from beers where id=?').run(req.params.id);
126 res.status(200).json({ status: "Beer deleted" });
127 } else {
128 res.status(404).json({ error: "No such beer" });
129 }
130 });
131 }
132 });
133});
134
135/**
136 * Like beer (localhost:3000/beers/like/:id, ex: localhost:3000/beers/like/1)
137 * Token required
138 */
139beers.post('/like/:id', tokenHelper.verifyToken, function (req, res) {
140 jwt.verify(req.token, secretKey, (err, userInfo) => {
141 if (err) {
142 res.status(401).json({ error: "Invalid JWT" });
143 } else {
144 req.db.get('select * from beers where id=?', req.params.id, function (err, beer) {
145 if (beer) {
146 req.db.get('select * from likes where userName=? and beerId=?', userInfo[Object.keys(userInfo)[0]].name, req.params.id, function (err, like) {
147 if (like) {
148 res.status(400).json({ status: "Beer already liked" });
149 } else {
150 req.db.prepare('insert into likes (userName, beerId) values (?, ?)').run(userInfo[Object.keys(userInfo)[0]].name, req.params.id);
151 res.status(200).json({ status: "Beer liked" });
152 }
153 });
154 } else {
155 res.status(404).json({ error: "No such beer" });
156 }
157 });
158 }
159 });
160});
161
162/**
163 * Unlike beer (localhost:3000/beers/like/:id, ex: localhost:3000/beers/like/1)
164 * Token required
165 */
166beers.post('/unlike/:id', tokenHelper.verifyToken, function (req, res) {
167 jwt.verify(req.token, secretKey, (err, userInfo) => {
168 if (err) {
169 res.status(401).json({ error: "Invalid JWT" });
170 } else {
171 req.db.get('select * from beers where id=?', req.params.id, function (err, beer) {
172 if (beer) {
173 req.db.get('select * from likes where userName=? and beerId=?', userInfo[Object.keys(userInfo)[0]].name, req.params.id, function (err, like) {
174 if (like) {
175 req.db.prepare('delete from likes where userName=? and beerId=?').run(userInfo[Object.keys(userInfo)[0]].name, req.params.id);
176 res.status(200).json({ status: "Beer unliked" });
177 } else {
178 res.status(400).json({ error: "Beer not liked" });
179 }
180 });
181 } else {
182 res.status(404).json({ error: "No such beer" });
183 }
184 });
185 }
186 });
187});
188
189/**
190 * Get liked beers by a user (localhost:3000/beers/:userName/likes, ex: localhost:3000/beers/user/likes)
191 * Token required
192 */
193beers.get('/:userName/likes', tokenHelper.verifyToken, function (req, res) {
194 jwt.verify(req.token, secretKey, (err, userInfo) => {
195 if (err) {
196 res.status(401).json({ error: "Invalid JWT" });
197 } else {
198 req.db.get('select * from users where name =?', req.params.userName, function (err, user) {
199 if (user) { //User exists
200 req.db.get('select * from likes where userName=?', req.params.userName, function (err, like) {
201 if (like) { //User liked at least a beer
202 req.db.all('select * from beers where id in (select beerId from likes where userName = ?)', req.params.userName, function (err, beers) {
203 res.status(200).json(beers);
204 });
205 } else {
206 res.status(404).json({ error: "No liked beers" });
207 }
208 });
209 } else {
210 res.status(404).json({ error: "No such user" });
211 }
212 });
213 }
214 });
215});