dengzac/fritter-fixes.diff Secret

## fritter-fixes.diff
diff ../fritter-starter/api/index.ts api/index.ts
4d3
< import {engine} from 'express-handlebars';
6d4
< import path from 'path';
11,13c9,12
< import * as userValidator from '../user/middleware';
< import {userRouter} from '../user/router';
< import {freetRouter} from '../freet/router';
---
> import * as userValidator from '../server/user/middleware';
> import {userRouter} from '../server/user/router';
> import {freetRouter} from '../server/freet/router';
> import MongoStore from 'connect-mongo';
24c23
< mongoose
---
> const client = mongoose
28c27
<     const db = m.connection;
---
>     return m.connection.getClient();
31a31
>     throw new Error(err.message);
41,48d40
< // Declare the root directory
< app.use(express.static(path.join(__dirname, '../public')));
<
< // View engine setup
< app.engine('html', engine({extname: '.html', defaultLayout: false}));
< app.set('view engine', 'html');
< app.set('views', path.join(__dirname, '../public'));
<
61a54
> // https://www.npmjs.com/package/express-session#options
63c56
<   secret: '61040',
---
>   secret: '61040', // Should generate a real secret
65c58,64
<   saveUninitialized: false
---
>   saveUninitialized: false,
>   store: MongoStore.create({
>     clientPromise: client,
>     dbName: 'sessions',
>     autoRemove: 'interval',
>     autoRemoveInterval: 10 // Minutes
>   })
71,75d69
< // GET home page
< app.get('/', (req: Request, res: Response) => {
<   res.render('index');
< });
<
82c76,78
<   res.status(400).render('error');
---
>   res.status(404).json({
>     error: 'Page not found'
>   });
diff ../fritter-starter/freet/collection.ts server/freet/collection.ts
62c62
<     return FreetModel.find({authorId: author._id}).populate('authorId');
---
>     return FreetModel.find({authorId: author._id}).sort({dateModified: -1}).populate('authorId');
diff ../fritter-starter/freet/middleware.ts server/freet/middleware.ts
13,15c13
<       error: {
<         freetNotFound: `Freet with freet ID ${req.params.freetId} does not exist.`
<       }
---
>       error: `Freet with freet ID ${req.params.freetId} does not exist.`
diff ../fritter-starter/freet/model.ts server/freet/model.ts
1c1
< import type {Types, PopulatedDoc, Document} from 'mongoose';
---
> import type {Types} from 'mongoose';
diff ../fritter-starter/freet/router.ts server/freet/router.ts
21c21
<  * @name GET /api/freets?authorId=id
---
>  * @name GET /api/freets?author=username
23,25c23,25
<  * @return {FreetResponse[]} - An array of freets created by user with id, authorId
<  * @throws {400} - If authorId is not given
<  * @throws {404} - If no user has given authorId
---
>  * @return {FreetResponse[]} - An array of freets created by user with username, author
>  * @throws {400} - If author is not given
>  * @throws {404} - If no user has given author
31c31
<     // Check if authorId query parameter was supplied
---
>     // Check if author query parameter was supplied
107c107
<  * @name PUT /api/freets/:id
---
>  * @name PATCH /api/freets/:id
117c117
< router.put(
---
> router.patch(
diff ../fritter-starter/user/collection.ts server/user/collection.ts
70c70
<   static async updateOne(userId: Types.ObjectId | string, userDetails: any): Promise<HydratedDocument<User>> {
---
>   static async updateOne(userId: Types.ObjectId | string, userDetails: {password?: string; username?: string}): Promise<HydratedDocument<User>> {
73c73
<       user.password = userDetails.password as string;
---
>       user.password = userDetails.password;
77c77
<       user.username = userDetails.username as string;
---
>       user.username = userDetails.username;
diff ../fritter-starter/user/middleware.ts server/user/middleware.ts
2d1
< import {Types} from 'mongoose';
17,19c16
<         error: {
<           userNotFound: 'User session was not recognized.'
<         }
---
>         error: 'User session was not recognized.'
35,37c32
<       error: {
<         username: 'Username must be a nonempty alphanumeric string.'
<       }
---
>       error: 'Username must be a nonempty alphanumeric string.'
52,54c47
<       error: {
<         password: 'Password must be a nonempty string.'
<       }
---
>       error: 'Password must be a nonempty string.'
88c81,82
<   const user = await UserCollection.findOneByUsername(req.body.username);
---
>   if (req.body.username !== undefined) { // If username is not being changed, skip this check
>     const user = await UserCollection.findOneByUsername(req.body.username);
90,94c84,91
<   // If the current session user wants to change their username to one which matches
<   // the current one irrespective of the case, we should allow them to do so
<   if (!user || (user?._id.toString() === req.session.userId)) {
<     next();
<     return;
---
>     // If the current session user wants to change their username to one which matches
>     // the current one irrespective of the case, we should allow them to do so
>     if (user && (user?._id.toString() !== req.session.userId)) {
>       res.status(409).json({
>         error: 'An account with this username already exists.'
>       });
>       return;
>     }
97,101c94
<   res.status(409).json({
<     error: {
<       username: 'An account with this username already exists.'
<     }
<   });
---
>   next();
110,112c103
<       error: {
<         auth: 'You must be logged in to complete this action.'
<       }
---
>       error: 'You must be logged in to complete this action.'
diff ../fritter-starter/user/router.ts server/user/router.ts
10a11,31
>  * Get the signed in user
>  * TODO: may need better route and documentation
>  * (so students don't accidentally delete this when copying over)
>  *
>  * @name GET /api/users/session
>  *
>  * @return - currently logged in user, or null if not logged in
>  */
> router.get(
>   '/session',
>   [],
>   async (req: Request, res: Response) => {
>     const user = await UserCollection.findOneByUserId(req.session.userId);
>     res.status(200).json({
>       message: 'Your session info was found successfully.',
>       user: user ? util.constructUserResponse(user) : null
>     });
>   }
> );
>
> /**
100c121
<  * @name PUT /api/users
---
>  * @name PATCH /api/users
109c130
< router.put(
---
> router.patch(
	diff ../fritter-starter/api/index.ts api/index.ts
	4d3
	< import {engine} from 'express-handlebars';
	6d4
	< import path from 'path';
	11,13c9,12
	< import * as userValidator from '../user/middleware';
	< import {userRouter} from '../user/router';
	< import {freetRouter} from '../freet/router';
	---
	> import * as userValidator from '../server/user/middleware';
	> import {userRouter} from '../server/user/router';
	> import {freetRouter} from '../server/freet/router';
	> import MongoStore from 'connect-mongo';
	24c23
	< mongoose
	---
	> const client = mongoose
	28c27
	< const db = m.connection;
	---
	> return m.connection.getClient();
	31a31
	> throw new Error(err.message);
	41,48d40
	< // Declare the root directory
	< app.use(express.static(path.join(__dirname, '../public')));
	<
	< // View engine setup
	< app.engine('html', engine({extname: '.html', defaultLayout: false}));
	< app.set('view engine', 'html');
	< app.set('views', path.join(__dirname, '../public'));
	<
	61a54
	> // https://www.npmjs.com/package/express-session#options
	63c56
	< secret: '61040',
	---
	> secret: '61040', // Should generate a real secret
	65c58,64
	< saveUninitialized: false
	---
	> saveUninitialized: false,
	> store: MongoStore.create({
	> clientPromise: client,
	> dbName: 'sessions',
	> autoRemove: 'interval',
	> autoRemoveInterval: 10 // Minutes
	> })
	71,75d69
	< // GET home page
	< app.get('/', (req: Request, res: Response) => {
	< res.render('index');
	< });
	<
	82c76,78
	< res.status(400).render('error');
	---
	> res.status(404).json({
	> error: 'Page not found'
	> });
	diff ../fritter-starter/freet/collection.ts server/freet/collection.ts
	62c62
	< return FreetModel.find({authorId: author._id}).populate('authorId');
	---
	> return FreetModel.find({authorId: author._id}).sort({dateModified: -1}).populate('authorId');
	diff ../fritter-starter/freet/middleware.ts server/freet/middleware.ts
	13,15c13
	< error: {
	< freetNotFound: `Freet with freet ID ${req.params.freetId} does not exist.`
	< }
	---
	> error: `Freet with freet ID ${req.params.freetId} does not exist.`
	diff ../fritter-starter/freet/model.ts server/freet/model.ts
	1c1
	< import type {Types, PopulatedDoc, Document} from 'mongoose';
	---
	> import type {Types} from 'mongoose';
	diff ../fritter-starter/freet/router.ts server/freet/router.ts
	21c21
	< * @name GET /api/freets?authorId=id
	---
	> * @name GET /api/freets?author=username
	23,25c23,25
	< * @return {FreetResponse[]} - An array of freets created by user with id, authorId
	< * @throws {400} - If authorId is not given
	< * @throws {404} - If no user has given authorId
	---
	> * @return {FreetResponse[]} - An array of freets created by user with username, author
	> * @throws {400} - If author is not given
	> * @throws {404} - If no user has given author
	31c31
	< // Check if authorId query parameter was supplied
	---
	> // Check if author query parameter was supplied
	107c107
	< * @name PUT /api/freets/:id
	---
	> * @name PATCH /api/freets/:id
	117c117
	< router.put(
	---
	> router.patch(
	diff ../fritter-starter/user/collection.ts server/user/collection.ts
	70c70
	< static async updateOne(userId: Types.ObjectId \| string, userDetails: any): Promise<HydratedDocument<User>> {
	---
	> static async updateOne(userId: Types.ObjectId \| string, userDetails: {password?: string; username?: string}): Promise<HydratedDocument<User>> {
	73c73
	< user.password = userDetails.password as string;
	---
	> user.password = userDetails.password;
	77c77
	< user.username = userDetails.username as string;
	---
	> user.username = userDetails.username;
	diff ../fritter-starter/user/middleware.ts server/user/middleware.ts
	2d1
	< import {Types} from 'mongoose';
	17,19c16
	< error: {
	< userNotFound: 'User session was not recognized.'
	< }
	---
	> error: 'User session was not recognized.'
	35,37c32
	< error: {
	< username: 'Username must be a nonempty alphanumeric string.'
	< }
	---
	> error: 'Username must be a nonempty alphanumeric string.'
	52,54c47
	< error: {
	< password: 'Password must be a nonempty string.'
	< }
	---
	> error: 'Password must be a nonempty string.'
	88c81,82
	< const user = await UserCollection.findOneByUsername(req.body.username);
	---
	> if (req.body.username !== undefined) { // If username is not being changed, skip this check
	> const user = await UserCollection.findOneByUsername(req.body.username);
	90,94c84,91
	< // If the current session user wants to change their username to one which matches
	< // the current one irrespective of the case, we should allow them to do so
	< if (!user \|\| (user?._id.toString() === req.session.userId)) {
	< next();
	< return;
	---
	> // If the current session user wants to change their username to one which matches
	> // the current one irrespective of the case, we should allow them to do so
	> if (user && (user?._id.toString() !== req.session.userId)) {
	> res.status(409).json({
	> error: 'An account with this username already exists.'
	> });
	> return;
	> }
	97,101c94
	< res.status(409).json({
	< error: {
	< username: 'An account with this username already exists.'
	< }
	< });
	---
	> next();
	110,112c103
	< error: {
	< auth: 'You must be logged in to complete this action.'
	< }
	---
	> error: 'You must be logged in to complete this action.'
	diff ../fritter-starter/user/router.ts server/user/router.ts
	10a11,31
	> * Get the signed in user
	> * TODO: may need better route and documentation
	> * (so students don't accidentally delete this when copying over)
	> *
	> * @name GET /api/users/session
	> *
	> * @return - currently logged in user, or null if not logged in
	> */
	> router.get(
	> '/session',
	> [],
	> async (req: Request, res: Response) => {
	> const user = await UserCollection.findOneByUserId(req.session.userId);
	> res.status(200).json({
	> message: 'Your session info was found successfully.',
	> user: user ? util.constructUserResponse(user) : null
	> });
	> }
	> );
	>
	> /**
	100c121
	< * @name PUT /api/users
	---
	> * @name PATCH /api/users
	109c130
	< router.put(
	---
	> router.patch(