chore: added incremental field 'id' in user collection

2026-01-12 08:40:04 +00:00 · 2021-11-05 03:07:20 +05:00
parent 882f36d30e
commit 2b7dfeb2ea
15 changed files with 289 additions and 168 deletions
--- a/src/routes/api/auth.ts
+++ b/src/routes/api/auth.ts
@@ -46,14 +46,14 @@ export const connectDB = () => {
  }
 }

-export const saveCode = (username: string, clientId: string, code: string) => {
-  if (authCodes[username]) return (authCodes[username][clientId] = code)
+export const saveCode = (userId: number, clientId: string, code: string) => {
+  if (authCodes[userId]) return (authCodes[userId][clientId] = code)

-  authCodes[username] = { [clientId]: code }
-  return authCodes[username][clientId]
+  authCodes[userId] = { [clientId]: code }
+  return authCodes[userId][clientId]
 }
-export const deleteCode = (username: string, clientId: string) =>
-  delete authCodes[username][clientId]
+export const deleteCode = (userId: number, clientId: string) =>
+  delete authCodes[userId][clientId]

 authRouter.post('/authorize', async (req, res) => {
  const { error, value } = authorizeValidation(req.body)
@@ -76,10 +76,10 @@ authRouter.post('/authorize', async (req, res) => {
  // generate authorization code against clientId
  const userInfo: InfoJWT = {
    clientId,
-    username
+    userId: user.id
  }

-  const code = saveCode(username, clientId, generateAuthCode(userInfo))
+  const code = saveCode(user.id, clientId, generateAuthCode(userInfo))

  res.json({ code })
 })
@@ -93,10 +93,9 @@ authRouter.post('/token', async (req, res) => {
  const userInfo = await verifyAuthCode(clientId, code)
  if (!userInfo) return res.sendStatus(403)

-  if (authCodes[userInfo.username][clientId] !== code)
-    return res.sendStatus(403)
+  if (authCodes[userInfo.userId][clientId] !== code) return res.sendStatus(403)

-  deleteCode(userInfo.username, clientId)
+  deleteCode(userInfo.userId, clientId)

  const accessToken = generateAccessToken(userInfo)
  const refreshToken = jwt.sign(
@@ -104,15 +103,15 @@ authRouter.post('/token', async (req, res) => {
    process.env.REFRESH_TOKEN_SECRET as string
  )

-  await saveTokensInDB(userInfo.username, clientId, accessToken, refreshToken)
+  await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)

  res.json({ accessToken: accessToken, refreshToken: refreshToken })
 })

 authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
-  const { username, clientId } = req.user
+  const { userId, clientId } = req.user
  const userInfo = {
-    username,
+    userId,
    clientId
  }

@@ -122,7 +121,7 @@ authRouter.post('/refresh', authenticateRefreshToken, async (req: any, res) => {
    process.env.REFRESH_TOKEN_SECRET as string
  )

-  await saveTokensInDB(userInfo.username, clientId, accessToken, refreshToken)
+  await saveTokensInDB(userInfo.userId, clientId, accessToken, refreshToken)

  res.json({ accessToken: accessToken, refreshToken: refreshToken })
 })
@@ -160,7 +159,7 @@ const verifyAuthCode = async (

      const clientInfo: InfoJWT = {
        clientId: data?.clientId,
-        username: data?.username
+        userId: data?.userId
      }
      if (clientInfo.clientId === clientId) {
        return resolve(clientInfo)
--- a/src/routes/api/spec/auth.spec.ts
+++ b/src/routes/api/spec/auth.spec.ts
@@ -17,6 +17,7 @@ import { saveTokensInDB, verifyTokenInDB } from '../../../utils'
 const clientId = 'someclientID'
 const clientSecret = 'someclientSecret'
 const user = {
+  id: 1234,
  displayName: 'Test User',
  username: 'testUsername',
  password: '87654321',
@@ -153,7 +154,7 @@ describe('auth', () => {
  describe('token', () => {
    const userInfo: InfoJWT = {
      clientId,
-      username: user.username
+      userId: user.id
    }
    beforeAll(async () => {
      await userController.createUser(user)
@@ -166,7 +167,7 @@ describe('auth', () => {

    it('should respond with access and refresh tokens', async () => {
      const code = saveCode(
-        userInfo.username,
+        userInfo.userId,
        userInfo.clientId,
        generateAuthCode(userInfo)
      )
@@ -197,7 +198,7 @@ describe('auth', () => {

    it('should respond with Bad Request if clientId is missing', async () => {
      const code = saveCode(
-        userInfo.username,
+        userInfo.userId,
        userInfo.clientId,
        generateAuthCode(userInfo)
      )
@@ -227,7 +228,7 @@ describe('auth', () => {

    it('should respond with Forbidden if clientId is invalid', async () => {
      const code = saveCode(
-        userInfo.username,
+        userInfo.userId,
        userInfo.clientId,
        generateAuthCode(userInfo)
      )
@@ -245,14 +246,21 @@ describe('auth', () => {
  })

  describe('refresh', () => {
-    const refreshToken = generateRefreshToken({
-      clientId,
-      username: user.username
-    })
+    let refreshToken: string
+    let currentUser: any

    beforeEach(async () => {
-      await userController.createUser(user)
-      await saveTokensInDB(user.username, clientId, 'accessToken', refreshToken)
+      currentUser = await userController.createUser(user)
+      refreshToken = generateRefreshToken({
+        clientId,
+        userId: currentUser.id
+      })
+      await saveTokensInDB(
+        currentUser.id,
+        clientId,
+        'accessToken',
+        refreshToken
+      )
    })

    afterEach(async () => {
@@ -289,14 +297,22 @@ describe('auth', () => {
  })

  describe('logout', () => {
-    const accessToken = generateAccessToken({
-      clientId,
-      username: user.username
-    })
+    let accessToken: string
+    let currentUser: any

    beforeEach(async () => {
-      await userController.createUser(user)
-      await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
+      currentUser = await userController.createUser(user)
+      accessToken = generateAccessToken({
+        clientId,
+        userId: currentUser.id
+      })
+
+      await saveTokensInDB(
+        currentUser.id,
+        clientId,
+        accessToken,
+        'refreshToken'
+      )
    })

    afterEach(async () => {
@@ -322,7 +338,7 @@ describe('auth', () => {

      expect(
        await verifyTokenInDB(
-          user.username,
+          currentUser.id,
          clientId,
          accessToken,
          'accessToken'
--- a/src/routes/api/spec/client.spec.ts
+++ b/src/routes/api/spec/client.spec.ts
@@ -40,15 +40,17 @@ describe('client', () => {
  })

  describe('create', () => {
-    const adminAccessToken = generateAccessToken({
-      clientId: client.clientId,
-      username: adminUser.username
-    })
+    let adminAccessToken: string
+    let dbUser: any

    beforeAll(async () => {
-      await userController.createUser(adminUser)
+      dbUser = await userController.createUser(adminUser)
+      adminAccessToken = generateAccessToken({
+        clientId: client.clientId,
+        userId: dbUser.id
+      })
      await saveTokensInDB(
-        adminUser.username,
+        dbUser.id,
        client.clientId,
        adminAccessToken,
        'refreshToken'
@@ -90,13 +92,13 @@ describe('client', () => {
        isAdmin: false,
        isActive: true
      }
+      const dbUser = await userController.createUser(user)
      const accessToken = generateAccessToken({
        clientId: client.clientId,
-        username: user.username
+        userId: dbUser.id
      })
-      await userController.createUser(user)
      await saveTokensInDB(
-        user.username,
+        dbUser.id,
        client.clientId,
        accessToken,
        'refreshToken'
--- a/src/routes/api/spec/drive.spec.ts
+++ b/src/routes/api/spec/drive.spec.ts
@@ -35,14 +35,16 @@ describe('files', () => {
    await mongoServer.stop()
  })
  describe('deploy', () => {
-    const accessToken = generateAccessToken({
-      clientId,
-      username: user.username
-    })
+    let accessToken: string
+    let dbUser: any

    beforeAll(async () => {
-      await controller.createUser(user)
-      await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
+      dbUser = await controller.createUser(user)
+      accessToken = generateAccessToken({
+        clientId,
+        userId: dbUser.id
+      })
+      await saveTokensInDB(dbUser.id, clientId, accessToken, 'refreshToken')
    })
    const shouldFailAssertion = async (payload: any) => {
      const res = await request(app)
--- a/src/routes/api/spec/user.spec.ts
+++ b/src/routes/api/spec/user.spec.ts
@@ -39,15 +39,16 @@ describe('user', () => {
  })

  describe('create', () => {
-    const adminAccessToken = generateAccessToken({
-      clientId,
-      username: adminUser.username
-    })
+    let adminAccessToken: string

    beforeEach(async () => {
-      await controller.createUser(adminUser)
+      const dbUser = await controller.createUser(adminUser)
+      adminAccessToken = generateAccessToken({
+        clientId,
+        userId: dbUser.id
+      })
      await saveTokensInDB(
-        adminUser.username,
+        dbUser.id,
        clientId,
        adminAccessToken,
        'refreshToken'
@@ -84,12 +85,12 @@ describe('user', () => {
    })

    it('should respond with Forbideen if access token is not of an admin account', async () => {
+      const dbUser = await controller.createUser(user)
      const accessToken = generateAccessToken({
        clientId,
-        username: user.username
+        userId: dbUser.id
      })
-      await controller.createUser(user)
-      await saveTokensInDB(user.username, clientId, accessToken, 'refreshToken')
+      await saveTokensInDB(dbUser.id, clientId, accessToken, 'refreshToken')

      const res = await request(app)
        .post('/SASjsApi/user')
--- a/src/routes/api/user.ts
+++ b/src/routes/api/user.ts
@@ -5,7 +5,6 @@ import {
  verifyAdmin,
  verifyAdminIfNeeded
 } from '../../middlewares'
-import User from '../../model/User'
 import {
  deleteUserValidation,
  registerUserValidation,
@@ -39,13 +38,13 @@ userRouter.get('/', authenticateAccessToken, async (req, res) => {
 })

 // get one user
-userRouter.get('/:username', authenticateAccessToken, async (req: any, res) => {
-  const { username } = req.params
+userRouter.get('/:userId', authenticateAccessToken, async (req: any, res) => {
+  const { userId } = req.params
+
+  const controller = new UserController()
  try {
-    const user = await User.findOne({ username })
-      .select({ _id: 0, username: 1, displayName: 1, isAdmin: 1, isActive: 1 })
-      .exec()
-    res.send(user)
+    const response = await controller.getUser(userId)
+    res.send(response)
  } catch (err: any) {
    res.status(403).send(err.toString())
  }
@@ -53,12 +52,12 @@ userRouter.get('/:username', authenticateAccessToken, async (req: any, res) => {

 // update user
 userRouter.patch(
-  '/:username',
+  '/:userId',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req: any, res) => {
    const { user } = req
-    const { username } = req.params
+    const { userId } = req.params

    // only an admin can update `isActive` and `isAdmin` fields
    const { error, value: body } = updateUserValidation(req.body, user.isAdmin)
@@ -66,7 +65,7 @@ userRouter.patch(

    const controller = new UserController()
    try {
-      const response = await controller.updateUser(username, body)
+      const response = await controller.updateUser(userId, body)
      res.send(response)
    } catch (err: any) {
      res.status(403).send(err.toString())
@@ -76,12 +75,12 @@ userRouter.patch(

 // delete user
 userRouter.delete(
-  '/:username',
+  '/:userId',
  authenticateAccessToken,
  verifyAdminIfNeeded,
  async (req: any, res) => {
    const { user } = req
-    const { username } = req.params
+    const { userId } = req.params

    // only an admin can delete user without providing password
    const { error, value: data } = deleteUserValidation(req.body, user.isAdmin)
@@ -89,7 +88,7 @@ userRouter.delete(

    const controller = new UserController()
    try {
-      await controller.deleteUser(username, data, user.isAdmin)
+      await controller.deleteUser(userId, data, user.isAdmin)
      res.status(200).send('Account Deleted!')
    } catch (err: any) {
      res.status(403).send(err.toString())