Skip to content

SUMMA-16: CommentService Frontend implementation #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BengeeL merged 10 commits into from
Jun 6, 2025
Merged

SUMMA-16: CommentService Frontend implementation #125

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
f0354e8
Fix backend routes
BengeeL May 29, 2025
a3ffbb9
Content comment remove request removed since it should be managed by …
BengeeL May 29, 2025
064bb0a
Comment Service implementation
BengeeL May 29, 2025
f40cc68
Improve Toast notification implementation
BengeeL May 29, 2025
24b6efb
Fix the console log to send toast notifications
BengeeL May 29, 2025
d894abc
Merge branch 'dev' into SUMMA-16
BengeeL May 29, 2025
1021ad1
Fix Comment routes to include the contentId
BengeeL Jun 2, 2025
34341e6
Merge branch 'dev' into SUMMA-16
BengeeL Jun 2, 2025
e564057
Fix the routing to use content route
BengeeL Jun 2, 2025
162167f
Add missing UI update after comment added
BengeeL Jun 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions backend/src/app.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import path from "path";

// Import routes
import userRoutes from './modules/user/routes/user.routes';
import commentRoutes from './modules/comment/routes/comment.routes';
import contentRoutes from './modules/content/routes/content.routes';
import subscriptionRoutes from './modules/subscription/routes/subscription.routes';
import notificationRoutes from './modules/notification/routes/notification.routes';
Expand Down Expand Up @@ -53,7 +52,6 @@ app.get("/health", (req, res) => {

// API routes
app.use("/user", userRoutes);
app.use("/comment", commentRoutes);
app.use("/content", contentRoutes);
app.use("/subscription", subscriptionRoutes);
app.use("/notification", notificationRoutes);
Expand Down
105 changes: 0 additions & 105 deletions backend/src/modules/comment/controllers/comment.controller.ts
View file
Open in desktop

This file was deleted.

18 changes: 0 additions & 18 deletions backend/src/modules/comment/routes/comment.routes.ts
View file
Open in desktop

This file was deleted.

118 changes: 118 additions & 0 deletions backend/src/modules/content/controllers/comment.controller.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
import {
createComment,
deleteComment,
deletePost,
getAllComments,
getComment,
updateComment,
} from "../services/comment.service";
import { ContentService } from "../services/content.service";
import { Request, Response } from "express";
import { getUser } from "../../user/services/user.service";

export async function createCommentController(
req: Request,
res: Response
): Promise<void> {
const { post_id } = req.params;
const { owner_id, text } = req.body;
try {
const response = await getUser(owner_id);
const creation = await createComment(
post_id,
owner_id,
text,
response?.username
);
res.status(201).json({ message: "Comment created successfully", creation });
} catch (error) {
console.log(error);
console.log(post_id, owner_id, text);
res.status(500).json({ error: error });
Comment on lines +29 to +31
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove console.log statements for production.

Multiple console.log statements are present throughout the file. These should be removed or replaced with proper logging for production environments.

Consider using a proper logging library like Winston or implementing a centralized logging service instead of console.log statements.

Also applies to: 44-44, 58-58, 74-74, 93-93, 116-116

🤖 Prompt for AI Agents 
In backend/src/modules/content/controllers/comment.controller.ts around lines
29-31 and also lines 44, 58, 74, 93, and 116, remove all console.log statements
as they are not suitable for production. Replace them with calls to a proper
logging library such as Winston or a centralized logging service to ensure
consistent and configurable logging. Initialize and use the logger to record
errors and important information instead of using console.log.

}
}

export async function getCommentByIdController(req: Request, res: Response) {
const { post_id, comment_id } = req.params;
try {
const comment = await getComment(post_id, comment_id);
console.log(comment);
if (comment) res.status(200).json(comment);
else res.status(404).json(null);
} catch (error) {
res.status(500).json({ error: "Failed to fetch comment" });
console.log(error);
}
}

export async function updateCommentController(req: Request, res: Response) {
const { post_id, comment_id, user_id } = req.params;
const comment = await getComment(post_id, comment_id);
if (comment?.owner_id == user_id) {
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Critical: Use strict equality for authorization checks.

Using loose equality (==) for user ID comparison can lead to security vulnerabilities due to type coercion. An attacker could potentially bypass authorization by exploiting JavaScript's type conversion rules.

Apply this fix:

-  if (comment?.owner_id == user_id) {
+  if (comment?.owner_id === user_id) {
-  if (comment?.owner_id == user_id) {
+  if (comment?.owner_id === user_id) {

Also applies to: 68-68

🤖 Prompt for AI Agents 
In backend/src/modules/content/controllers/comment.controller.ts at lines 51 and
68, replace the loose equality operator (==) with the strict equality operator
(===) for user ID comparisons to prevent security risks from type coercion.
Update both instances to use === to ensure type-safe authorization checks.

const updatedComment = req.body;
try {
await updateComment(post_id, comment_id, updatedComment);
res.status(200).json({ message: "Comment updated successfully" });
} catch (error) {
res.status(500).json({ error: "Failed to update comment" });
console.log(error);
}
} else {
res.status(401).json({ error: "You do not have permission to try this." });
}
}

export async function deleteCommentController(req: Request, res: Response) {
const { post_id, comment_id, user_id } = req.params;
const comment = await getComment(post_id, comment_id);
if (comment?.owner_id == user_id) {
try {
await deleteComment(post_id, comment_id);
res.status(200).json({ message: "Comment deleted successfully" });
} catch (error) {
res.status(500).json({ error: error });
console.log(error);
}
} else {
res.status(401).json({ error: "You do not have permission to try this." });
}
}

export async function deletePostController(req: Request, res: Response) {
const { post_id, user_id } = req.params;
const post = await ContentService.getContent(post_id);
const creator_id = post?.creatorUID;
if (creator_id == user_id) {
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Jun 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Critical: Use strict equality for authorization checks.

Same security issue with loose equality in the post deletion authorization check.

Apply this fix:

-  if (creator_id == user_id) {
+  if (creator_id === user_id) {
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if (creator_id == user_id) {
if (creator_id === user_id) {
🤖 Prompt for AI Agents 
In backend/src/modules/content/controllers/comment.controller.ts at line 85,
replace the loose equality operator (==) with the strict equality operator (===)
in the authorization check comparing creator_id and user_id. This ensures
type-safe comparison and improves security by preventing unintended type
coercion during the check.

try {
await deletePost(post_id);
res
.status(200)
.json({ message: "Post (entire comment tree) deleted successfully" });
} catch (error) {
res.status(500).json({ error: error + " " + post_id });
console.log(error);
}
} else {
res.status(401).json({ error: "You do not have permission to try this." });
}
}

export async function getCommentsByPostController(
req: Request,
res: Response
): Promise<void> {
const { post_id } = req.params;
try {
const comments = await getAllComments(post_id);

if (Object.keys(comments).length > 0) {
res.status(200).json(comments);
} else {
res.status(200).json(null);
}
} catch (error) {
console.error("Error fetching comments:", error);
res.status(500).json({ error: "Failed to fetch comments" });
console.log("GET ALL COMMENTS ERROR: ", error);
}
}
0 ...c/modules/comment/models/comment.model.ts → ...c/modules/content/models/comment.model.ts
View file
Open in desktop
File renamed without changes.
46 changes: 46 additions & 0 deletions backend/src/modules/content/routes/comment.routes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
import { Router } from "express";
import {
updateCommentController,
createCommentController,
deleteCommentController,
getCommentsByPostController,
getCommentByIdController,
} from "../controllers/comment.controller";
import { authenticateToken } from "../../../shared/middleware/auth";

const commentRouter = Router();

// Post routes
commentRouter.post(
"/:contentId/comment",
authenticateToken,
createCommentController
);

// Get routes
commentRouter.get(
"/:contentId/comments",
authenticateToken,
getCommentsByPostController
);
commentRouter.get(
"/:contentId/comment/:commentId",
authenticateToken,
getCommentByIdController
);

// Put routes
commentRouter.put(
"/:contentId/comment/:commentId",
authenticateToken,
updateCommentController
);

// Delete routes
commentRouter.delete(
"/:contentId/comment/:commentId",
authenticateToken,
deleteCommentController
);

export default commentRouter;
8 changes: 7 additions & 1 deletion backend/src/modules/content/routes/content.routes.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,17 @@
import { Router } from "express";
import { ContentController } from "../controllers/content.controller";
import commentRouter from "./comment.routes";

const contentRoutes = Router();

contentRoutes.post("/", ContentController.createContent); // Create new content
contentRoutes.post("/uploadThumbnail", ContentController.uploadThumbnail); // Upload thumbnail

contentRoutes.get("/feed/trending", ContentController.getTrendingContent); // Get trending content
contentRoutes.get("/feed/creators/:userId", ContentController.getRelatedContentCreators); // Get related content creators
contentRoutes.get(
"/feed/creators/:userId",
ContentController.getRelatedContentCreators
); // Get related content creators
contentRoutes.get("/feed/:userId", ContentController.getPersonalizedContent); // Get personalized content
contentRoutes.get("/related/:contentId", ContentController.getRelatedContent); // Get related content

Expand Down Expand Up @@ -49,4 +53,6 @@ contentRoutes.post(
ContentController.unshareContent
); // Unshare content

contentRoutes.use("/", commentRouter);

export default contentRoutes;
2 changes: 1 addition & 1 deletion ...dules/comment/services/comment.service.ts → ...dules/content/services/comment.service.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import { ref, get, set, remove, update, child, push } from "firebase/database";
import { Comment } from "../models/comment.model";
import { pushNotification } from "../../notification/services/notification.service";
import { Notification } from "../../notification/models/notification.model";
import { ContentService } from "../../content/services/content.service";
import { ContentService } from "./content.service";

export async function createComment(
post_id: string,
Expand Down
Loading