gus-code · NiverMtz · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
diff --git a/apps/api/.env b/apps/api/.env
@@ -1,3 +1,3 @@
-ACCESS_TOKEN_SECRET=[YOUR_ACCESS_TOKEN_SECRET_HERE]
-REFRESH_TOKEN_SECRET=[YOUR_REFRESH_TOKEN_SECRET_HERE]
-MONGO_URL=[YOUR_MONGO_CONNECTION_STRING_HERE]
+ACCESS_TOKEN_SECRET=62f7814ecb7bd8eed882d0c25403dd0b390dc07673ba3798ed22fc6db3e480750b8f9f6ee845e9e138c7047ecfd7d13c95d081821c1dd85333b53cedac0c7b24
+REFRESH_TOKEN_SECRET=3bcad700ce9c447d3fd5f1af746d5b597ed01ddb6884693ed38a2c7913b2bf3dd69b6c1e974a6d1760c076b55b6ff0c3d92b218faac728e3db31d0474b6888e0
+MONGO_URL=mongodb+srv://nivermartinez96:tSzduB9XoRg2oq1P@cluster0.bhfou.mongodb.net/?retryWrites=true&w=majority&appName=Cluster0
diff --git a/apps/api/README.md b/apps/api/README.md
@@ -21,7 +21,52 @@
 
 ## Challenges
 
-### Session *
+### Session 01
+
+- Create `route` for `posts` endpoint with the following methods:
+    - `GET /posts` Return an array of all the posts with status code 200
+    - `GET /posts/category/:category` Return an array of all the posts by category with status code 200
+    - `GET /posts/:id` Return a post by id with category object and each comment object in the array with status code 200
+    - `POST /posts` Create a new post and return the created post with status code 201
+    - `POST /posts/:id/comments` Create a comment inside the post and return the comment with status code 201
+    - `PATCH /posts/:id` Update post information and return the updated post with status code 200
+    - `DELETE /posts/:id` Delete the post and return the deleted post with status code 200 or 204 if you decide to not return anything
+    * *Add 404 validation where needed*
+
+- Post model
+    - id: string
+    - title: string
+    - image: string
+    - description: string
+    - category: string *Id of the category*
+    - comments: array *Array of comment ids*
+
+- Comment model
+    - id: string
+    - author: string
+    - content: string
+
+### Session 02
+
+- Refactor the code from last session to add a post controller
+
+### Session 03
+
+- N/A
+
+### Session 04
+
+- N/A
+
+### Session 05
+
+- Create MongoDB database
+- Connect to MongoDB database using mongoose
+- Create models for Post and Comment
+- Refactor the controller to retrieve information from database
+    - *Tip: Use `populate` method to get data from reference id*
+- **Extra**
+    - Remove post comments from database when you delete the post
 
 ## How to
 

diff --git a/apps/api/src/config/.gitkeep b/apps/api/src/config/.gitkeep
diff --git a/apps/api/src/config/corsConfig.ts b/apps/api/src/config/corsConfig.ts
@@ -0,0 +1,15 @@
+const allowedOrigins = ['http://localhost:4200', 'http://localhost:3000'];
+
+export const corsOptions = {
+  origin: (origin, callback) => {
+    // Note: origin will be undefined from same route in local development
+    if (allowedOrigins.indexOf(origin) !== -1 || !origin) {
+      callback(null, true);
+    } else {
+      callback(new Error('Not allowed by CORS'));
+    }
+  },
+  optionsSuccessStatus: 200
+};
+
+export default { corsOptions };
diff --git a/apps/api/src/controllers/.gitkeep b/apps/api/src/controllers/.gitkeep
diff --git a/apps/api/src/controllers/auth.ts b/apps/api/src/controllers/auth.ts
@@ -0,0 +1,97 @@
+import bcrypt from 'bcrypt';
+import jwt from 'jsonwebtoken';
+
+import { User } from '../models/user';
+
+const users: User[] = [];
+
+const register = async (req, res) => {
+  const { username, password } = req.body;
+
+  // Check that we have the correct payload
+  if (!username || !password) {
+    return res.status(400).json({
+      message: 'Username and password are required'
+    });
+  }
+
+  // Check that we don't have duplicates
+  const duplicate = users.find((u) => u.username === username);
+  if (duplicate) {
+    return res.status(409).json({ message: 'User already exist' });
+  }
+
+  try {
+    // Encrypt the password
+    const hashedPassword = await bcrypt.hash(password, 10);
+
+    // Store new user
+    users.push({ username, password: hashedPassword });
+
+    res.status(201).json({ message: 'User registered successfully' });
+  } catch (e) {
+    res.status(500).json({ message: e.message });
+  }
+};
+
+const login = async (req, res) => {
+  const { username, password } = req.body;
+
+  // Check that we have the correct payload
+  if (!username || !password) {
+    return res.status(400).json({
+      message: 'Username and password are required'
+    });
+  }
+
+  // Retrieve user
+  const user = users.find((u) => u.username === username);
+
+  // Check if we found the user and the password matches
+  if (!user || !(await bcrypt.compare(password, user.password))) {
+    return res.status(401).json({ message: 'Invalid credentials' });
+  }
+
+  // Generate access token and refresh token
+  const accessToken = jwt.sign({ username }, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '15m' });
+  const refreshToken = jwt.sign({ username }, process.env.REFRESH_TOKEN_SECRET, { expiresIn: '7d' });
+
+  // Save refresh token
+  res.cookie('refreshToken', refreshToken, {
+    httpOnly: true,
+    maxAge: 7 * 24 * 60 * 60 * 1000 // 7 days in milliseconds
+  });
+
+  res.json({ accessToken });
+};
+
+const refresh = (req, res) => {
+  // Get refresh token from cookies
+  const refreshToken = req.cookies.refreshToken;
+
+  if (!refreshToken) {
+    return res.status(401).json({ message: 'Unauthorized' });
+  }
+
+  jwt.verify(refreshToken, process.env.REFRESH_TOKEN_SECRET, (err, { username }) => {
+    if (err) {
+      // Invalid token
+      return res.status(403).json({ message: 'Forbidden' });
+    }
+
+    const accessToken = jwt.sign({ username }, process.env.ACCESS_TOKEN_SECRET, { expiresIn: '15m' });
+    res.json({ accessToken });
+  });
+};
+
+const logout = (req, res) => {
+  res.clearCookie('refreshToken');
+  res.json({ message: 'Logged out successfully' });
+};
+
+export default {
+  register,
+  login,
+  refresh,
+  logout
+};
diff --git a/apps/api/src/controllers/category.ts b/apps/api/src/controllers/category.ts
@@ -0,0 +1,100 @@
+import Category from '../models/category';
+
+// Get all categories
+const getCategories = async (req, res) => {
+  try {
+    const categories = await Category.find();
+    // Return all the categories with a 200 status code
+    res.status(200).json(categories);
+  } catch (error) {
+    const { message } = error;
+    res.status(500).json({ message });
+  }
+};
+
+// Get category by id
+const getCategoryById = async (req, res) => {
+  // Retrieve the id from the route params
+  const { id } = req.params;
+
+  try {
+    // Check if we have a category with that id
+    const category = await Category.findById(id);
+
+    if (!category) {
+      // If we don't find the category return a 404 status code with a message
+      return res.status(404).json({ message: 'Category not found' });
+      // Note: Remember that json method doesn't interrupt the workflow
+      // therefore is important to add a "return" to break the process
+    }
+    // Return the category with a 200 status code
+    res.status(200).json(category);
+  } catch (error) {
+    const { message } = error;
+    res.status(500).json({ message });
+  }
+};
+
+// Create category
+const createCategory = async (req, res) => {
+  try {
+    const category = await Category.create(req.body);
+    // Return the created category with a 201 status code
+    res.status(201).json(category);
+  } catch (error) {
+    const { message } = error;
+    res.status(500).json({ message });
+  }
+};
+
+// Update category
+const updateCategory = async (req, res) => {
+  // Retrieve the id from the route params
+  const { id } = req.params;
+
+  try {
+    // Check and update if we have a category with that id
+    const category = await Category.findByIdAndUpdate(id, req.body, { new: true });
+
+    // If we don't find the category return a 404 status code with a message
+    if (!category) {
+      return res.status(404).json({ message: 'Category not found' });
+    }
+
+    // Return the updated category with a 200 status code
+    res.status(200).json(category);
+  } catch (error) {
+    const { message } = error;
+    res.status(500).json({ message });
+  }
+};
+
+// Delete category
+const deleteCategory = async (req, res) => {
+  // Retrieve the id from the route params
+  const { id } = req.params;
+
+  try {
+    // Check and delete if we have a category with that id
+    const category = await Category.findByIdAndDelete(id);
+
+    // If we don't find the category return a 404 status code with a message
+    if (!category) {
+      return res.status(404).json({ message: 'Category not found' });
+    }
+
+    // Return a 200 status code
+    res.status(200).json(category);
+  } catch (error) {
+    const { message } = error;
+    res.status(500).json({ message });
+  }
+};
+
+export default {
+  getCategories,
+  getCategoryById,
+  createCategory,
+  updateCategory,
+  deleteCategory
+};