complete api challenge

Author: corps21

src/app.js

@@ -18,4 +18,15 @@ import { notFound } from './middlewares/notFound.middleware.js';
  */
 export function createApp() {
   // Your code here
+  const app = express()
+
+  app.use(express.json())
+
+  app.get("/health", (_,res) => res.send({ok: true}))
+  app.use("/api/auth", authRoutes)
+  app.use("/api/users", userRoutes)
+  app.use(notFound)
+  app.use(errorHandler)
+
+  return app
 }

src/controllers/auth.controller.js

@@ -14,6 +14,18 @@ import { signToken } from '../utils/jwt.js';
 export async function register(req, res, next) {
   try {
     // Your code here
+
+    const {name, email, password} = req.body
+    const isUserAlreadyExist = await User.findOne({email})
+
+    if(isUserAlreadyExist) {
+      res.status(409).json({error: {message: "Email already exists"}})
+    } else {
+      const user = (await User.create({name, email, password})).toObject()
+      delete user.password
+
+      res.status(201).json({user})
+    }
   } catch (error) {
     next(error);
   }
@@ -33,6 +45,17 @@ export async function register(req, res, next) {
 export async function login(req, res, next) {
   try {
     // Your code here
+    const {email, password} = req.body
+    const user = await User.findOne({email}).select("+password")
+    if(!user) return res.status(401).json({error: {message: "Invalid credentials"}})
+    const isPasswordCorrect = await bcrypt.compare(password, user.password)
+    if(!isPasswordCorrect) return res.status(401).json({error: {message: "Invalid credentials"}})
+    
+    const token = signToken( { userId: user._id, email: user.email, role: user.role } )
+    const userCopy = user.toObject()
+    delete userCopy.password
+
+    return res.status(200).json({token, user: userCopy})
   } catch (error) {
     next(error);
   }
@@ -47,6 +70,7 @@ export async function login(req, res, next) {
 export async function me(req, res, next) {
   try {
     // Your code here
+    return res.status(200).json({user: req.user})
   } catch (error) {
     next(error);
   }

src/controllers/user.controller.js

@@ -9,6 +9,8 @@ import { User } from '../models/user.model.js';
 export async function listUsers(req, res, next) {
   try {
     // Your code here
+    const users = await User.find()
+    return res.status(200).json({users})
   } catch (error) {
     next(error);
   }
@@ -25,6 +27,12 @@ export async function listUsers(req, res, next) {
 export async function getUser(req, res, next) {
   try {
     // Your code here
+    const userId = req.params?.id
+    const user = await User.findById(userId)
+    if(!user) {
+      return res.status(404).json({error: {message: "User not found"}})
+    }
+    return res.status(200).json({user})
   } catch (error) {
     next(error);
   }
@@ -41,6 +49,13 @@ export async function getUser(req, res, next) {
 export async function deleteUser(req, res, next) {
   try {
     // Your code here
+    const userId = req.params?.id
+    const user = await User.findById(userId)
+    if(!user) {
+      return res.status(404).json({error: {message: "User not found"}})
+    } 
+    await user.deleteOne()
+    return res.status(200).json({message: "User deleted successfully"})
   } catch (error) {
     next(error);
   }

src/db/connect.js

@@ -9,4 +9,6 @@ import mongoose from 'mongoose';
  */
 export async function connectDB(uri) {
   // Your code here
+  if(!uri) throw new Error("MongoDB URI is required")
+  return await mongoose.connect(uri)
 }

src/middlewares/auth.middleware.js

@@ -18,6 +18,21 @@ import { verifyToken } from '../utils/jwt.js';
 export async function authenticate(req, res, next) {
   try {
     // Your code here
+    if(!req.headers?.authorization || !req.headers?.authorization.startsWith("Bearer")) {
+      return res.status(401).json({error: {message: "No token provided"}})
+    }
+
+    const token = req.headers.authorization.split(" ")[1]
+    try {
+      const decoded = verifyToken(token)
+      const user = await User.findById(decoded.userId)
+      if(!user) return res.status(401).json({error: {message: "Invalid token"}})
+      req.user = user
+  } catch (error) {
+    return res.status(401).json({error: {message: "Invalid token"}})
+  } finally {
+    next()
+  }
   } catch (error) {
     return res.status(401).json({ error: { message: 'Invalid token' } });
   }

src/middlewares/error.middleware.js

@@ -10,4 +10,11 @@
  */
 export function errorHandler(error, req, res, next) {
   // Your code here
+  if(error.name === 'ValidationError') {
+    res.status(400).json({error: {message: error.message}})
+  } else if(error.code === 11000) {
+    res.status(409).json({error: {message: "Email already axists"}})
+  } else {
+    res.status(500).json({error: {message: error.message}})
+  }
 }

src/middlewares/notFound.middleware.js

@@ -5,4 +5,5 @@
  */
 export function notFound(req, res) {
   // Your code here
+  return res.status(404).json({error: {message: "Route not found"}})
 }

src/middlewares/role.middleware.js

@@ -15,5 +15,13 @@
 export function requireRole(...roles) {
   return (req, res, next) => {
     // Your code here
+    const user = req?.user
+    if(!user) {
+      return res.status(401).json({error: {message: "Not authenticated"}})
+    }
+    if(!roles.some((role) => role === req.user?.role)) {
+      return res.status(403).json({error: {message: "Forbidden"}})
+    }
+    next()
   };
 }

src/models/user.model.js

@@ -18,9 +18,36 @@ import bcrypt from 'bcryptjs';
 const userSchema = new mongoose.Schema(
   {
     // Your schema fields here
+    name: {
+      type: String,
+      required:true,
+      trim:true,
+      minLength:2,
+      maxLength: 50
+    },
+    email: {
+      type: String,
+      required:true,
+      unique:true,
+      lowercase:true,
+      trim:true,
+      match: /^[^\s@]+@[^\s@]+\.[^\s@]+$/
+    },
+    password: {
+      type: String,
+      minLength:6,
+      select:false,
+      required:true
+    },
+    role: {
+      type:String,
+      enum: ["user", "admin"],
+      default: "user"
+    }
   },
   {
     // Schema options here
+    timestamps:true
   }
 );
 
@@ -41,4 +68,12 @@ const userSchema = new mongoose.Schema(
  * });
  */
 
+userSchema.pre("save", async function (next) {
+  if(this.isModified("password")) {
+    this.password = await bcrypt.hash(this.password, 10)
+  }
+  return next()
+})
+
 // TODO: Create and export the User model
+export const User = mongoose.model("users", userSchema)

src/routes/auth.routes.js

@@ -13,5 +13,8 @@ import { authenticate } from '../middlewares/auth.middleware.js';
 const router = Router();
 
 // Your routes here
+router.post("/register", register)
+router.post("/login", login)
+router.get("/me", authenticate, me)
 
 export default router;