use standard function for objects to make api more mantainable

2020-12-03 00:40:46 +02:00 · 2020-12-03 00:40:46 +02:00 · bdfdd1a460
commit bdfdd1a460
parent 818cb1afc6
5 changed files with 58 additions and 32 deletions
--- a/api/v1/content.js
+++ b/api/v1/content.js
@ -2,12 +2,11 @@ const User = require('../../models/User');
 const Category = require('../../models/Category');
 const Post = require('../../models/Post');
 const config = require('../../config');
-const secret = require('../../secret');

 const { authenticateEndpoint } = require('./authfunctions');

 const mongoose = require('mongoose');
-const { body, query, param, validationResult } = require('express-validator');
+const { body, param, validationResult } = require('express-validator');
 const express = require('express');

 const app = express.Router();
@ -40,12 +39,7 @@ app.post('/category/create', [
    res.status(200).json({
        error: false,
        message: 'SUCCESS_CATEGORY_CREATED',
-        category: {
-            title: category.title,
-            creator: category.creator,
-            posts: category.posts,
-            _id: category._id
-        }
+        category: category.getPublicObject()
    });
 }, undefined, config.roleMap.USER));

@ -104,10 +98,10 @@ app.get('/category/:category/info', [
    }

    const categoryId = req.params.category;
-    const category = await Category.findById(categoryId).populate('posts.creator', 'username _id');
+    const category = await Category.findById(categoryId).populate('posts.creator', User.getPulicFields());
    
    // TODO: Implement subscribing to a channel and stuff
-    const users = await User.find().sort({ _id: -1 }).limit(50).select('username _id')
+    const users = await User.find().sort({ _id: -1 }).limit(50).select(User.getPulicFields())

    if (!category) {
        res.status(404).json({
@ -120,12 +114,10 @@ app.get('/category/:category/info', [
    res.status(200).json({
        error: false,
        message: 'SUCCESS_CATEGORY_DATA_FETCHED',
-        category: {
-            title: category.title,
-            creator: category.creator,
-            posts: category.posts,
-            users: users,
-            usersListLimit: 50
+        category: category.getPublicObject(),
+        userInfo: {
+            userListLimit: 50,
+            users: users
        }
    });
 }));
@ -137,7 +129,7 @@ app.get('/category/list', authenticateEndpoint(async (req, res, user) => {
    }

    // TODO: This is probably not efficient
-    const categories = await Category.find().sort({ _id: -1 }).limit(count).select('-posts -__v').populate('creator', 'username _id');
+    const categories = await Category.find().sort({ _id: -1 }).limit(count).select('-posts -__v').populate('creator', User.getPulicFields());

    res.status(200).json({
        error: false,
--- a/api/v1/users.js
+++ b/api/v1/users.js
@ -147,17 +147,15 @@ app.post('/token/create', [
    });
 });

-app.get('/current/info', authenticateEndpoint((req, res, user) => {
+app.get('/current/info', authenticateEndpoint(async (req, res, user) => {
+    const userObject = await user.getFullObject();
+
    res.status(200).json({
        error: false,
        message: 'SUCCESS_USER_DATA_FETCHED',
        user: {
-            _id: user._id,
-            username: user.username,
-            email: user.email,
-            role: user.role,
-            permissionLevel: config.roleMap[user.role],
-            token: req.cookies.token // TODO: Passing the token like this is *terribly* insecure
+            token: req.cookies.token, // TODO: Passing the token like this is *terribly* insecure
+            ...userObject
        },
    });
 }, undefined, 0));
@ -184,11 +182,7 @@ app.get('/user/:userid/info', [
    res.status(200).json({
        error: false,
        message: 'SUCCESS_USER_DATA_FETCHED',
-        user: {
-            _id: otherUser._id,
-            username: otherUser.username,
-            role: otherUser.role
-        },
+        user: await otherUser.getPublicObject(),
    });
 }));

--- a/config.js
+++ b/config.js
@ -3,7 +3,7 @@ module.exports = {
        mainServerPort: 3000,
    },
    address: 'localhost',
-    mongoUrl: 'mongodb://localhost:27017/app',
+    mongoUrl: 'mongodb://192.168.0.105:27017/app',
    bcryptRounds: 10,
    roleMap: {
        'BANNED': 0,
--- a/models/Category.js
+++ b/models/Category.js
@ -1,10 +1,22 @@
 const mongoose = require('mongoose');
 const Post = require('./Post');
+const User = require('./User');

-const Category = mongoose.model('Category', {
+const categorySchema = new mongoose.Schema({
    title: String,
    creator: {type: mongoose.Schema.Types.ObjectId, ref: 'User'},
    posts: [Post.schema]
 });

+categorySchema.method('getPublicObject', function() {
+    return {
+        title: this.title,
+        creator: this.populate('creator', User.getPulicFields()).creator,
+        posts: this.posts,
+        _id: this._id
+    }
+});
+
+const Category = mongoose.model('Category', categorySchema);
+
 module.exports = Category;
--- a/models/User.js
+++ b/models/User.js
@ -1,14 +1,42 @@
+const config = require('../config');
+
 const mongoose = require('mongoose');

-const User = mongoose.model('User', {
+const userSchema = new mongoose.Schema({
    username: String,
    password: String,
    email: String,
    role: String
 });

+userSchema.method('getPublicObject', function() {
+    return {
+        username: this.username,
+        permissionLevel: config.roleMap[this.role],
+        role: this.role,
+        _id: this._id
+    }
+});
+
+userSchema.method('getFullObject', function() {
+    return {
+        username: this.username,
+        password: this.password,
+        email: this.email,
+        permissionLevel: config.roleMap[this.role],
+        role: this.role,
+        _id: this._id
+    }
+});
+
+const User = mongoose.model('User', userSchema);
+
 User.findByUsername = async function(username) {
    return await User.findOne({ username }).exec(); 
 };

+User.getPulicFields = function() {
+    return 'username role _id';
+};
+
 module.exports = User;