require authentication for todos,

use in-memody db for tests
2025-10-29 08:07:48 +01:00 · 2018-05-30 21:42:30 +03:00
parent fd142c8710
commit db46f1a2b4
16 changed files with 601 additions and 118 deletions
--- a/routes/lists.js
+++ b/routes/lists.js
@@ -6,12 +6,14 @@ const router = express.Router();
 const TodoList = mongoose.model('TodoList');

 const asyncHelper = require('../asyncHelper');
+const auth = require('./auth');
+const { NotFoundError } = require('../errors');

 // index
 router.get(
  '/',
  asyncHelper(async (req, res) => {
-    const lists = await TodoList.find({})
+    const lists = await TodoList.find({ user: req.user.id })
      .populate('todos')
      .exec();
    res.json({ success: true, data: lists.map(list => list.toJson()) });
@@ -23,7 +25,7 @@ router.post(
  '/',
  asyncHelper(async (req, res) => {
    const { name } = req.body;
-    const newList = new TodoList({ name });
+    const newList = new TodoList({ name, user: req.user.id });
    await newList.save();
    res.json({ success: true, data: newList.toJson() });
  }),
@@ -34,7 +36,7 @@ router.delete(
  '/:listId',
  asyncHelper(async (req, res) => {
    const { listId } = req.params;
-    const list = await TodoList.findById(listId)
+    const list = await TodoList.find({ _id: listId, user: req.user.id })
      .populate('todos')
      .exec();
    await list.remove();
@@ -48,15 +50,13 @@ router.patch(
  asyncHelper(async (req, res) => {
    const { listId } = req.params;
    const { name } = req.body;
-    const patch = {};
-    if (name !== undefined) {
-      patch.name = name;
+    const list = await TodoList.find({ _id: listId, user: req.user.id });
+    if (!list) {
+      throw new NotFoundError("can't find list");
+    }
+    if (name !== undefined) {
+      list.name = name;
    }
-    const list = await TodoList.findByIdAndUpdate(
-      { _id: listId },
-      { $set: patch },
-      { new: true },
-    ).exec();
    await list.save();
    res.json({ success: true, data: list.toJson() });
  }),
--- a/routes/todos.js
+++ b/routes/todos.js
@@ -13,7 +13,7 @@ router.get(
  '/',
  asyncHelper(async (req, res) => {
    const { listId } = res.locals || req.body;
-    const todos = await Todo.find({ list: listId }).exec();
+    const todos = await Todo.find({ list: listId, user: req.user.id }).exec();
    res.json({ success: true, data: todos.map(todo => todo.toJson()) });
  }),
 );
@@ -24,7 +24,7 @@ router.post(
  asyncHelper(async (req, res) => {
    const { listId } = res.locals || req.body;
    const { text } = req.body;
-    const todo = new Todo({ text, list: listId });
+    const todo = new Todo({ text, list: listId, user: req.user.id });
    await todo.save();
    res.json({ success: true, data: todo.toJson() });
  }),
@@ -36,16 +36,15 @@ router.patch(
  asyncHelper(async (req, res) => {
    const { todoId } = req.params;
    const { text, completed } = req.body;
-    const patch = {};
+    const todo = await Todo.find({ _id: todoId, user: req.user.id });
+    if (!todo) {
+      throw new NotFoundError("can't find todo");
+    }
    if (text !== undefined) {
-      patch.text = text;
+      todo.text = text;
    }
    if (completed !== undefined) {
-      patch.completed = completed;
-    }
-    const todo = await Todo.findByIdAndUpdate(todoId, { $set: patch }, { new: true }).exec();
-    if (!todo) {
-      throw new NotFoundError(`can't find todo with id ${todoId}`);
+      todo.completed = completed;
    }
    res.json({ success: true, data: todo.toJson() });
  }),
@@ -56,7 +55,7 @@ router.delete(
  '/:todoId',
  asyncHelper(async (req, res) => {
    const { todoId } = req.params;
-    const todo = await Todo.findById(todoId).exec();
+    const todo = await Todo.find({ _id: todoId, user: req.user.id }).exec();
    if (!todo) {
      throw new NotFoundError(`can't find todo with id ${todoId}`);
    }
--- a/routes/users.js
+++ b/routes/users.js
@@ -31,7 +31,11 @@ router.patch(
    if (username !== undefined) {
      patch.username = username;
    }
-    const user = await User.findByIdAndUpdate(req.user.id, { $set: patch }, { new: true }).exec();
+    const user = await User.findOneAndUpdate(
+      { _id: req.user.id },
+      { $set: patch },
+      { runValidators: true, context: 'query', new: true },
+    ).exec();
    if (!user) {
      throw new NotFoundError(`can't find user with username ${req.user.username}`);
    }