require authentication for todos,

use in-memody db for tests

models/Todo.js

@@ -1,6 +1,5 @@
 const mongoose = require('mongoose');
 
-const TodoList = mongoose.model('TodoList');
 const { Schema } = mongoose;
 
 const TodoSchema = Schema({
@@ -9,17 +8,26 @@ const TodoSchema = Schema({
     required: true,
   },
   list: { type: Schema.Types.ObjectId, ref: 'TodoList', required: true },
+  user: { type: Schema.Types.ObjectId, ref: 'User', required: true },
   completed: { type: Boolean, default: false },
 });
 
 TodoSchema.pre('save', async function () {
-  const list = await TodoList.findById(this.list);
+  const user = await this.model('User').findById(this.user);
+  user.todos.push(this._id);
+  await user.save();
+
+  const list = await this.model('TodoList').findById(this.list);
   list.todos.push(this._id);
   await list.save();
 });
 
 TodoSchema.pre('remove', async function () {
-  const list = await TodoList.findById(this.list);
+  const user = await this.model('User').findById(this.user);
+  user.todos.splice(user.todos.indexOf(this._id), 1);
+  await user.save();
+
+  const list = await this.model('TodoList').findById(this.list);
   list.todos.splice(list.todos.indexOf(this._id), 1);
   await list.save();
 });
@@ -29,6 +37,7 @@ TodoSchema.methods.toJson = function () {
     id: this._id.toString(),
     text: this.text,
     list: this.list.toString(),
+    user: this.user.toString(),
     completed: this.completed,
   };
 };

models/TodoList.js

@@ -8,18 +8,27 @@ const TodoListSchema = Schema({
     required: true,
   },
   todos: [{ type: Schema.Types.ObjectId, ref: 'Todo' }],
+  user: { type: Schema.Types.ObjectId, ref: 'User', required: true },
+});
+
+TodoListSchema.pre('save', async function () {
+  const user = await this.model('User').findById(this.user);
+  user.lists.push(this._id);
+  await user.save();
 });
 
 TodoListSchema.pre('remove', async function () {
-  this.todos.forEach(async (todo) => {
-    await todo.remove();
-  });
+  const user = await this.model('User').findById(this.user);
+  user.lists.splice(user.todos.indexOf(this._id), 1);
+  await user.save();
+  await this.model('Todo').remove({ list: this._id });
 });
 
 TodoListSchema.methods.toJson = function () {
   const todos = this.populated('todos') ? this.todos.map(todo => todo.toJson()) : this.todos;
   return {
     id: this._id.toString(),
+    user: this.user.toString(),
     name: this.name,
     todos,
   };

models/User.js

@@ -1,17 +1,33 @@
 const mongoose = require('mongoose');
 const passportLocalMongoose = require('passport-local-mongoose');
 const jwt = require('jsonwebtoken');
+const uniqueValidator = require('mongoose-unique-validator');
 
 const { secret } = require('../config');
 
 const { Schema } = mongoose;
 
-const UserSchema = Schema({ username: { type: String, required: true } });
+const UserSchema = Schema({
+  username: {
+    type: String,
+    required: true,
+    unique: true,
+    validate: /^\S*$/,
+  },
+  lists: [{ type: Schema.Types.ObjectId, ref: 'TodoList' }],
+  todos: [{ type: Schema.Types.ObjectId, ref: 'Todo' }],
+});
 
 UserSchema.plugin(passportLocalMongoose);
+UserSchema.plugin(uniqueValidator);
+
+UserSchema.pre('remove', async function () {
+  await this.model('TodoList').remove({ user: this._id });
+  await this.model('Todo').remove({ user: this._id });
+});
 
 UserSchema.methods.generateJwt = function () {
-  return jwt.sign({ id: this._id, username: this.username }, secret, { expiresIn: '1y' });
+  return jwt.sign({ id: this._id, username: this.username }, secret, { expiresIn: '6m' });
 };
 
 UserSchema.methods.toAuthJson = function () {