diff --git a/.coveralls.yml b/.coveralls.yml new file mode 100644 index 0000000..f461d81 --- /dev/null +++ b/.coveralls.yml @@ -0,0 +1,2 @@ +service_name: travis-ci +repo_token: 2uClKoEYjmE6nQADyp3ieRono3IC1uIua diff --git a/.env b/.env new file mode 100644 index 0000000..0b54339 --- /dev/null +++ b/.env @@ -0,0 +1,6 @@ +PORT = '3000' +MONGODB_URI='mongodb://localhost/cfgram' +APP_SECRETS='thesecret' +AWS_BUCKET='cfgrambackend27' +AWS_ACCESS_KEY_ID='AKIAIE4YHFO2B4QGECIA' +AWS_SECRET_ACCESS_KEY='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' diff --git a/.eslintrc b/.eslintrc new file mode 100644 index 0000000..8dc6807 --- /dev/null +++ b/.eslintrc @@ -0,0 +1,21 @@ +{ + "rules": { + "no-console": "off", + "indent": [ "error", 2 ], + "quotes": [ "error", "single" ], + "semi": ["error", "always"], + "linebreak-style": [ "error", "unix" ] + }, + "env": { + "es6": true, + "node": true, + "mocha": true, + "jasmine": true + }, + "ecmaFeatures": { + "modules": true, + "experimentalObjectRestSpread": true, + "impliedStrict": true + }, + "extends": "eslint:recommended" +} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..457bb43 --- /dev/null +++ b/.gitignore @@ -0,0 +1,120 @@ +# Created by https://www.gitignore.io/api/node,vim,osx,macos,linux + +*node_modules + +#ignore tokens +.env/ + +### Node ### +# Logs +logs +*.log +npm-debug.log* + +# Runtime data +pids +*.pid +*.seed +*.pid.lock + +# Directory for instrumented libs generated by jscoverage/JSCover +lib-cov + +# Coverage directory used by tools like istanbul +coverage + +# nyc test coverage +.nyc_output + +# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files) +.grunt + +# node-waf configuration +.lock-wscript + +# Compiled binary addons (http://nodejs.org/api/addons.html) +build/Release + +# Dependency directories +node_modules +jspm_packages + +# Optional npm cache directory +.npm + +# Optional eslint cache +.eslintcache + +# Optional REPL history +.node_repl_history + +# Output of 'npm pack' +*.tgz + +# Yarn Integrity file +.yarn-integrity + + + +### Vim ### +# swap +[._]*.s[a-v][a-z] +[._]*.sw[a-p] +[._]s[a-v][a-z] +[._]sw[a-p] +# session +Session.vim +# temporary +.netrwhist +*~ +# auto-generated tag files +tags + + +### OSX ### +*.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon +# Thumbnails +._* +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + + +### macOS ### +# Icon must end with two \r +# Thumbnails +# Files that might appear in the root of a volume +# Directories potentially created on remote AFP share + + +### Linux ### + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +# End of https://www.gitignore.io/api/node,vim,osx,macos,linux diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..b63954a --- /dev/null +++ b/.travis.yml @@ -0,0 +1,19 @@ +language: node_js +node_js: + -'stable' +services: + - mongodb +addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-4.8 + - g++-4.8 +env: + - CXX=g++-4.8 +sudo: required +before_script: npm i +script: + - npm run test + - npm lint diff --git a/gulpfile.js b/gulpfile.js new file mode 100644 index 0000000..032c482 --- /dev/null +++ b/gulpfile.js @@ -0,0 +1,23 @@ +'use strict'; + +const gulp = require('gulp'); +const eslint = require('gulp-eslint'); +const mocha = require ('gulp-mocha'); + +gulp.task('test', function(){ + gulp.src('./test/*-test.js', { read: false}) + .pipe(mocha({ reporter: 'spec'})); +}); + +gulp.task('lint', function() { + return gulp.src(['**/*.js', '!node_modules']) + .pipe(eslint()) + .pipe(eslint.format()) + .pipe(eslint.failAfterError()); +}); + +gulp.task('dev', function(){ + gulp.watch(['**/*.js', '!node_modules/**'], ['lint', 'test']); +}); + +gulp.task('default', ['dev']); diff --git a/lib/basic-auth-middleware.js b/lib/basic-auth-middleware.js new file mode 100644 index 0000000..c41452a --- /dev/null +++ b/lib/basic-auth-middleware.js @@ -0,0 +1,38 @@ +'use strict'; + + +//FOR SIGN UP SIGN IN// + +const createError = require('http-errors'); +const debug = require('debug')('cfgram: basic-auth-middleware'); + +module.exports = function(req, res, next) { + debug('basic auth'); + + var authHeader = req.headers.authorization; + if (!authHeader) { + return next(createError(401, 'authorization header required')); + } + + var base64str = authHeader.split('Basic ')[1]; + if(!base64str) { + return next (createError(401, 'username and password required')); + } + + var utf8str = new Buffer(base64str, 'base64').toString(); + var authArr = utf8str.split(':'); + + req.auth = { + username: authArr[0], + password: authArr[1] + }; + + if(!req.auth.username) { + return next(createError(401, 'username required')); + } + + if(!req.auth.password) { + return next(createError(401, 'password required')); + } + next(); +}; diff --git a/lib/bearer-auth-middleware.js b/lib/bearer-auth-middleware.js new file mode 100644 index 0000000..636c255 --- /dev/null +++ b/lib/bearer-auth-middleware.js @@ -0,0 +1,37 @@ +'use strict'; + +//FOR ROUTES// + +const jwt = require('jsonwebtoken'); +const createError = require('http-errors'); +const debug = require('debug')('cfgram:bearer-auth-middleware'); + +const User = require('../model/user.js'); + +module.exports = function(req, res, next) { + debug('bearer'); + + var authHeader = req.headers.authorization; + if (!authHeader) { + return next(createError(401, 'authorization header required')); + } + + var token = authHeader.split('Bearer ')[1]; + if(!token) { + return next(createError(401, 'token required')); + } + + //this token is verified by me with my app secret// + jwt.verify(token, process.env.APP_SECRETS, (err, decoded) => { + if (err) return next(err); + + User.findOne({ findHash: decoded.token }) + .then( user => { + req.user = user; + next(); + }) + .catch(err => { + next(createError(401, err.message)); + }); + }); +}; diff --git a/lib/error-middleware.js b/lib/error-middleware.js new file mode 100644 index 0000000..6a7d5bf --- /dev/null +++ b/lib/error-middleware.js @@ -0,0 +1,27 @@ +'use strict'; + +const createError = require('http-errors'); +const debug = require('debug')('cfgram:error-middleware'); + +module.exports = function(err, req, res, next){ + debug('error middleware'); + console.error('msg:', err.message); + console.error('name:', err.name); + + if(err.status) { + res.status(err.status).send(err.name); + next(); + return; + } + + if(err.name === 'ValidationError') { + err = createError(400, err.message); + res.status(err.status).send(err.name); + next(); + return; + } + + err = createError(500, err.message); + res.status(err.status).send(err.name); + next(); +}; diff --git a/model/gallery.js b/model/gallery.js new file mode 100644 index 0000000..f4e6e77 --- /dev/null +++ b/model/gallery.js @@ -0,0 +1,13 @@ +'use strict'; + +const mongoose = require('mongoose'); +const Schema = mongoose.Schema; + +const gallerySchema = Schema({ + name: { type: String, required: true }, + desc: { type: String, required: true }, + created: { type: Date, required: true, default: Date.now }, + userID: { type: mongoose.Schema.Types.ObjectId, required: true }, +}); + +module.exports = mongoose.model('gallery', gallerySchema); diff --git a/model/pic.js b/model/pic.js new file mode 100644 index 0000000..a0313e2 --- /dev/null +++ b/model/pic.js @@ -0,0 +1,17 @@ +'use strict'; + +const mongoose = require('mongoose'); +const Schema = mongoose.Schema; + +const picSchema = Schema({ + name: { type: String, required: true }, + desc: { type: String, required: true }, + userID: { type: Schema.Types.ObjectId, required: true }, + galleryID: { type: Schema.Types.ObjectId, required: true }, + imageURI: { type: String, required: true, unique: true }, + objectKey: { type: String, required: true, unique: true }, + created: { type: Date, default: Date.now } +}); + +//exporting this// +module.exports = mongoose.model('pic', picSchema); diff --git a/model/user.js b/model/user.js new file mode 100644 index 0000000..e66d39c --- /dev/null +++ b/model/user.js @@ -0,0 +1,78 @@ +'use strict'; + +//PURPOSE OF THIS PAGE: signup and sign in// + + +const crypto = require('crypto'); +const bcrypt = require('bcrypt'); +const jwt = require('jsonwebtoken'); +const mongoose = require ('mongoose'); +const createError = require('http-errors'); +const Promise = require('bluebird'); +const debug = require('debug')('cfgram:user'); + +const Schema = mongoose.Schema; + +const userSchema = Schema({ + username: { type: String, required: true, unique: true }, + email: { type: String, required: true, unique: true }, + password: { type: String, required: true }, + findHash: { type: String, unique: true } +}); + +userSchema.methods.generatePasswordHash = function(password){ + debug('generatePasswordHash'); + + return new Promise((resolve, reject) => { + bcrypt.hash(password, 10, (err, hash) => { + if(err) return reject(err); + this.password = hash; + resolve(this); + }); + }); +}; + +userSchema.methods.comparePasswordHash = function(password) { + debug('comparePasswordHash'); + + return new Promise((resolve, reject) => { + bcrypt.compare(password, this.password, (err, valid) => { + if (err) return reject(err); + if(!valid) return reject(createError(401, 'wrong password')); + resolve(this); + }); + }); +}; + +userSchema.methods.generateFindHash = function() { + debug('generateFindHash'); + + return new Promise((resolve, reject) => { + let tries = 0; + + _generateFindHash.call(this); + + function _generateFindHash() { + this.findHash = crypto.randomBytes(32).toString('hex'); + this.save() + .then( () => resolve(this.findHash)) + .catch( err => { + if(tries > 3) return reject(err); + tries++; + _generateFindHash.call(this); + }); + } + }); +}; + +userSchema.methods.generateToken = function() { + debug('generateToken'); + + return new Promise((resolve, reject) => { + this.generateFindHash() + .then( findHash => resolve(jwt.sign({ token: findHash}, process.env.APP_SECRETS))) + .catch( err => reject(err)); + }); +}; + +module.exports = mongoose.model('user', userSchema); diff --git a/package.json b/package.json new file mode 100644 index 0000000..3dd9056 --- /dev/null +++ b/package.json @@ -0,0 +1,48 @@ +{ + "name": "16-basic_auth", + "version": "1.0.0", + "description": "![cf](https://i.imgur.com/7v5ASc8.png) Lab 16 - Basic Auth ======", + "main": "gulpfile.js", + "directories": { + "test": "test" + }, + "scripts": { + "test": "DEBUG='cfgram*' mocha", + "coveralls": "istanbul cover ./node_modules/mocha/bin/_mocha --report lcovonly -- -R spec && cat ./coverage/lcov.info | ./node_modules/coveralls/bin/coveralls.js && rm -rf ./coverage", + "start": "DEBUG='cfgram*' node server.js" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/caylazabel/16-basic_auth.git" + }, + "keywords": [], + "author": "", + "license": "ISC", + "bugs": { + "url": "https://github.com/caylazabel/16-basic_auth/issues" + }, + "homepage": "https://github.com/caylazabel/16-basic_auth#readme", + "devDependencies": { + "aws-sdk-mock": "^1.6.1", + "chai": "^3.5.0", + "coveralls": "^2.12.0", + "istanbul": "^0.4.5", + "mocha": "^3.2.0", + "superagent": "^3.5.0" + }, + "dependencies": { + "aws-sdk": "^2.24.0", + "bcrypt": "^1.0.2", + "bluebird": "^3.5.0", + "body-parser": "^1.17.1", + "cors": "^2.8.1", + "debug": "^2.6.1", + "del": "^2.2.2", + "dotenv": "^4.0.0", + "http-errors": "^1.6.1", + "jsonwebtoken": "^7.3.0", + "mongoose": "^4.8.6", + "morgan": "^1.8.1", + "multer": "^1.3.0" + } +} diff --git a/route/auth-router.js b/route/auth-router.js new file mode 100644 index 0000000..842220d --- /dev/null +++ b/route/auth-router.js @@ -0,0 +1,35 @@ +'use strict'; + +const jsonParser = require('body-parser').json(); +const debug = require('debug')('cfgram:auth-router'); +const Router = require('express').Router; +const basicAuth = require('../lib/basic-auth-middleware.js'); + +const User = require('../model/user.js'); + +const authRouter = module.exports = Router(); + +authRouter.post('/api/signup', jsonParser, function(req, res, next){ + debug('POST: /api/signup'); + + let password = req.body.password; + delete req.body.password; + + let user = new User(req.body); + + user.generatePasswordHash(password) + .then( user => user.save()) + .then( user => user.generateToken()) + .then( token => res.send(token)) + .catch(next); +}); + +authRouter.get('/api/signin', basicAuth, function(req, res, next) { + debug('GET: /api/signin'); + + User.findOne({ username: req.auth.username }) + .then( user => user.comparePasswordHash(req.auth.password)) + .then( user => user.generateToken()) + .then( token => res.send(token)) + .catch(next); +}); diff --git a/route/gallery-router.js b/route/gallery-router.js new file mode 100644 index 0000000..932bf45 --- /dev/null +++ b/route/gallery-router.js @@ -0,0 +1,50 @@ +'use strict'; + +const jsonParser = require('body-parser').json(); +const debug = require('debug')('cfgram:gallery-router'); +const Router = require('express').Router; +const createError = require('http-errors'); + +const Gallery = require('../model/gallery.js'); +const bearerAuth = require('../lib/bearer-auth-middleware.js'); + +const galleryRouter = module.exports = Router(); + +galleryRouter.post('/api/gallery', bearerAuth, jsonParser, function (req, res, next) { + debug('POST:/api/gallery'); + + //user ID attatched here/ + req.body.userID = req.user._id; + new Gallery(req.body).save() + .then( gallery => res.json(gallery)) + .catch(next); +}); + +galleryRouter.get('/api/gallery/:id', bearerAuth, function(req, res, next){ + debug('GET: /api/gallery/:id'); + + +//this gallery belongs to this user// + Gallery.findById(req.params.id) + .then( gallery => { + if(gallery.userID.toString() !== req.user._id.toString()){ + return next(createError(401, 'invalid user')); + } + res.json(gallery); + }) + .catch(next); +}); + +galleryRouter.put('/api/gallery/:id', bearerAuth, jsonParser, function(req, res, next) { + debug('PUT: /api/gallery/:id'); + + if(!req.body.name) return next(createError(400, 'name required')); + if(!req.body.desc) return next(createError(400, 'description required')); + + Gallery.findByIdAndUpdate(req.params.id, req.body, {new:true}) + .then( gallery => { + if(!gallery) return next(createError(404, 'gallery not found')); + res.json(gallery); + }) + .catch(next); +}); diff --git a/route/pic-router.js b/route/pic-router.js new file mode 100644 index 0000000..90f5f29 --- /dev/null +++ b/route/pic-router.js @@ -0,0 +1,68 @@ +'use strict'; + +const fs = require('fs'); //file system operations +const path = require('path'); //allows to extract info about the file +const del = require('del'); //deleting things in our filesystem// +const AWS = require('aws-sdk'); //constructor allowing uploads +const multer = require('multer'); //hash file name// +const Router = require('express').Router; +const createError = require('http-errors'); +const debug = require('debug')('cfgram:pic-router'); + +const Pic = require('../model/pic.js'); +const Gallery = require('../model/gallery.js'); +const bearerAuth = require('../lib/bearer-auth-middleware.js'); + +AWS.config.setPromisesDependency(require('bluebird')); + +const s3 = new AWS.S3(); +const dataDir = `${__dirname}/../data`; //putting images into a data directory +const upload = multer({ dest: dataDir}); + +const picRouter = module.exports = Router(); + +function s3uploadProm(params){ + debug('s3uploadProm'); + return new Promise((resolve, reject) => { + s3.upload(params, (err, s3data) => { //allows to upload an image, heres info + resolve(s3data); //image uri and access key in s3data + }); + }); +} + +picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, upload.single('image'), function(req, res, next) { + debug('POST: /api/gallery/:galleryID/pic'); + + if(!req.file) { //file is from upload middleware// + return next(createError(400, 'file not found')); + } + if(!req.file.path) { // path is where the file lives + return next(createError(500, 'file not saved')); + } + + let ext = path.extname(req.file.originalname); //will extract extension name(.png) from a file + + let params = { + ACL: 'public-read', //image URI that anyone can see + Bucket: process.env.AWS_BUCKET, //save this image at this bucket + Key: `${req.file.filename}${ext}`, //grabs hashed version of filename & add .png from above + Body: fs.createReadStream(req.file.path) //where we read the image & send + }; + + Gallery.findById(req.params.galleryID) + .then( () => s3uploadProm(params)) + .then( s3data => { + del([`${dataDir}/*`]); + let picData = { + name: req.body.name, + desc: req.body.desc, + objectKey: s3data.Key, + imageURI: s3data.Location, + userID: req.user._id, + galleryID: req.params.galleryID + }; + return new Pic(picData).save(); + }) + .then( pic => res.json(pic)) + .catch( err => next(err)); +}); diff --git a/server.js b/server.js new file mode 100644 index 0000000..bd5aa6b --- /dev/null +++ b/server.js @@ -0,0 +1,36 @@ +'use strict'; + +const express = require('express'); +const cors = require('cors'); +const dotenv = require('dotenv'); +const morgan = require('morgan'); +const mongoose = require('mongoose'); +const debug = require('debug')('cfgram:server'); + +const authRouter = require('./route/auth-router.js'); +const galleryRouter = require('./route/gallery-router.js'); +const picRouter = require('./route/pic-router.js'); +const errors = require('./lib/error-middleware.js'); + + + +const PORT = process.env.PORT || 3000; +const app = express(); +dotenv.load(); + +mongoose.connect(process.env.MONGODB_URI); + +app.use(cors()); +app.use(morgan('dev')); + +app.use(authRouter); +app.use(galleryRouter); +app.use(picRouter); +app.use(errors); + + +const server = module.exports = app.listen(PORT, () => { + debug(`server is up: ${PORT}`); +}); + +server.isRunning = true; diff --git a/test/auth-route-test.js b/test/auth-route-test.js new file mode 100644 index 0000000..183116f --- /dev/null +++ b/test/auth-route-test.js @@ -0,0 +1,96 @@ +'use strict'; + +const expect = require('chai').expect; +const request = require('superagent'); +const mongoose = require('mongoose'); +const Promise = require('bluebird'); +const User = require('../model/user.js'); + +require('../server.js'); + +const url = `http://localhost:${process.env.PORT}`; + +const exampleUser = { + username: 'test user', + password: 'test password', + email: 'testemail@test.com' +}; + +describe('Auth Routes', function() { + describe('POST: /api/signup', function(){ + describe('with a valid body', function() { + after( done => { + User.remove({}) + .then( () => done()) + .catch(done); + }); + it('should return a token', done => { + request.post(`${url}/api/signup`) + .send(exampleUser) + .end((err, res) => { + if (err) return done(err); + console.log('token:', res.text); + expect(res.status).to.equal(200); + expect(res.text).to.be.a('string'); + done(); + }); + }); + }); + }); + + describe('with invalid body', function(){ + it('should return a 400 for bad request', (done) => { + request.post(`${url}/api/signup`) + .send('hi') + .set('Content-Type', 'application/json') + .end((err, res) => { + expect(res.status).to.equal(400); + done(); + }); + }); + }); + + describe('GET: /api/signin', function() { + describe('with a valid body', function() { + before ( done => { + let user = new User(exampleUser); + user.generatePasswordHash(exampleUser.password) + .then( user => user.save()) + .then( user => { + this.tempUser = user; + done(); + }) + .catch(done); + }); + + after( done => { + User.remove({}) + .then( () => done()) + .catch(done); + }); + + it('should return a token', done => { + request.get(`${url}/api/signin`) + .auth('test user', 'test password') + .end((err, res) => { + if(err) return done(err); + console.log('temporary user:', this.tempUser); + console.log('GET: /api/signin token', res.text); + expect(res.status).to.equal(200); + done(); + }); + }); + + describe('without a valid authenication', function () { + it('should return a 401 error', done => { + request.get(`${url}/api/signin`) + .auth('test user', 'wrong password') + .end(err => { + expect(err.status).to.equal(401); + done(); + }); + }); + }); + }); + }); +}); diff --git a/test/data/tester.png b/test/data/tester.png new file mode 100644 index 0000000..42969d0 Binary files /dev/null and b/test/data/tester.png differ diff --git a/test/gallery-route-test.js b/test/gallery-route-test.js new file mode 100644 index 0000000..ec8d87d --- /dev/null +++ b/test/gallery-route-test.js @@ -0,0 +1,274 @@ +'use strict'; + +const expect = require('chai').expect; +const request = require('superagent'); +const mongoose = require('mongoose'); +const Promise = require('bluebird'); + +const User = require('../model/user.js'); +const Gallery = require('../model/gallery.js'); + +const url = `http://localhost:${process.env.PORT}`; + +const exampleUser = { + username: 'test user', + password: 'test password', + email: 'testemail@test.com', +}; + +const exampleGallery = { + name: 'testing gallery', + desc: 'testing gallery description', +}; + +mongoose.Promise = Promise; + +describe('Gallery Routes', function(){ + afterEach( done => { + Promise.all([ + User.remove({}), + Gallery.remove({}) + ]) + .then( () => done()) + .catch(done); + }); + + describe('POST: /api/gallery', () => { + describe('with a valid body',() => { + before( done => { + new User(exampleUser) + .generatePasswordHash(exampleUser.password) + .then( user => user.save()) + .then( user => { + this.tempUser = user; + return user.generateToken(); + }) + .then( token => { + this.tempToken = token; + done(); + }) + .catch(done); + }); + + it('should return a gallery', done => { + request.post(`${url}/api/gallery`) + .send(exampleGallery) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .end((err, res) => { + if(err) return done(err); + expect(res.status).to.equal(200); + let date = new Date(res.body.created).toString(); + expect(res.body.name).to.equal(exampleGallery.name); + expect(res.body.desc).to.equal(exampleGallery.desc); + expect(res.body.userID).to.equal(this.tempUser._id.toString()); + expect(date).to.not.equal('Invalid date'); + done(); + }); + }); + + describe('with invalid body', function(){ + before(done => { + new User(exampleUser) + .generatePasswordHash(exampleUser.password) + .then( user => user.save()) + .then( user => { + this.tempUser = user; + return user.generateToken(); + }) + .then( token => { + this.tempToken = token; + done(); + }) + .catch(); + }); + + it('should return a 400 for bad request', done => { + request.post(`${url}/api/gallery`) + .send({}) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .set('Content-Type', 'application/json') + .end((err, res) => { + expect(res.status).to.equal(400); + done(); + }); + }); + + describe('if no token found', () => { + it('should return a 401 status code', done => { + request.post(`${url}/api/gallery`) + .send(exampleGallery) + .set({}) + .end((err, res) => { + expect(res.status).to.equal(401); + done(); + }); + }); + }); + }); + }); + }); + + + describe('GET: /api/gallery/:id', () => { + before( done => { + new User(exampleUser) + .generatePasswordHash(exampleUser.password) + .then( user => user.save()) + .then ( user => { + this.tempUser = user; + return user.generateToken(); + }) + .then( token => { + this.tempToken = token; + done(); + }) + .catch(done); + }); + + before( done => { + exampleGallery.userID = this.tempUser._id.toString(); + new Gallery(exampleGallery).save() + .then( gallery => { + this.tempGallery = gallery; + done(); + }) + .catch(done); + }); + + after( () => { + delete exampleGallery.userID; + }); + + it('should return a gallery', done => { + request.get(`${url}/api/gallery/${this.tempGallery._id}`) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .end((err, res) => { + if(err) return done(err); + let date = new Date(res.body.created).toString(); + expect(res.status).to.equal(200); + expect(res.body.name).to.equal(exampleGallery.name); + expect(res.body.desc).to.equal(exampleGallery.desc); + expect(res.body.userID).to.equal(this.tempUser._id.toString()); + expect(date).to.not.equal('Invalid Date'); + done(); + }); + }); + + describe('with invalid request if id not found', () => { + it('should return a 404 status', done => { + request.get(`${url}/api/gallery/`) + .set({ + Authorization: `Bearer ${this.tempToken}`, + }) + .end((err, res) => { + expect(res.status).to.equal(404); + done(); + }); + }); + }); + describe('invalid if no token found', () => { + it('should return a 401 status', done => { + request.get(`${url}/api/gallery/${this.tempGallery._id}`) + .set({}) + .end((err, res) => { + expect(res.status).to.equal(401); + done(); + }); + }); + }); + }); + + describe('PUT: /api/gallery/:id', () => { + before( done => { + new User(exampleUser) + .generatePasswordHash(exampleUser.password) + .then ( user => { + this.tempUser = user; + return user.generateToken(); + }) + .then( token => { + this.tempToken = token; + done(); + }) + .catch(done); + }); + + before( done => { + this.tempGallery = new Gallery(exampleGallery); + this.tempGallery.userID = this.tempUser._id; + this.tempGallery.save() + .then( gallery => { + this.tempGallery = gallery; + done(); + }) + .catch(done); + }); + + describe('with a valid token', () => { + describe('with a valid body', () => { + it('should return an updated gallery', done => { + request.put(`${url}/api/gallery/${this.tempGallery._id}`) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .send({name: 'updatedName', desc: 'updatedDesc'}) + .end((err, res) => { + if(err) return done(err); + expect(res.status).to.equal(200); + expect(res.body.name).to.equal('updatedName'); + expect(res.body.desc).to.equal('updatedDesc'); + expect(res.body.userID).to.equal(this.tempUser._id.toString()); + done(); + }); + }); + }); + + describe('with an invalid body', () => { + it('should return a 400 error', done => { + request.put(`${url}/api/gallery/${this.tempGallery._id}`) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .send({wrongName: 'this is wrong', wrongDesc: 'this is also wrong'}) + .end((err, res) => { + expect(res.status).to.equal(400); + done(); + }); + }); + }); + describe('with an invalid gallery id', () => { + it('should return a 404', done => { + request.put(`${url}/api/gallery/`) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .send({ name: 'this is wrong', desc: 'this is also wrong'}) + .end((err, res) => { + expect(res.status).to.equal(404); + done(); + }); + }); + }); + }); + + describe('with an invalid token found', () => { + it('should return a 401 error', done => { + request.put(`${url}/api/gallery/${this.tempGallery._id}`) + .set({ + Authorization: 'wrong' + }) + .send({name: 'updatedName', desc: 'updatedDesc'}) + .end((err, res) => { + expect(res.status).to.equal(401); + done(); + }); + }); + }); + }); +}); diff --git a/test/lib/server-toggle.js b/test/lib/server-toggle.js new file mode 100644 index 0000000..02bc72c --- /dev/null +++ b/test/lib/server-toggle.js @@ -0,0 +1,29 @@ +'use strict'; + +const debug = require('debug')('cfgram:server-toggle'); + +module.exports = exports = {}; + +exports.serverOn = function(server, done) { + if(!server.isRunning) { + server.listen(process.env.PORT, () => { + server.isRunning = true; + debug('server up!'); + done(); + }); + return; + } + done(); +}; + +exports.serverOff = function(server, done) { + if (server.isRunning) { + server.close( err => { + server.isRunning = false; + debug('server off!'); + done(); + }); + return; + } + done(); +}; diff --git a/test/pic-route-test.js b/test/pic-route-test.js new file mode 100644 index 0000000..632ffc1 --- /dev/null +++ b/test/pic-route-test.js @@ -0,0 +1,102 @@ +'use strict'; + +const expect = require('chai').expect; +const request = require('superagent'); +const debug = require('debug')('cfgram:pic-router-test'); + +const Pic = require('../model/pic.js'); +const User = require('../model/user.js'); +const Gallery = require('../model/gallery.js'); + +const serverToggle = require('./lib/server-toggle.js'); +const server = require('../server.js'); + +const url = `http://localhost:${process.env.PORT}`; + +const exampleUser = { + username: 'test user', + password: 'test password', + email: 'testemail@test.com', +}; + +const exampleGallery = { + name: 'testing gallery', + desc: 'testing gallery description', +}; + +const examplePic = { + name: 'testing pic', + desc: 'testing pic description', + image: `${__dirname}/data/tester.png` +}; + + +describe('Pic Routes', function() { + before( done => { + serverToggle.serverOn(server, done); + }); + after( done => { + serverToggle.serverOff(server, done); + }); + + afterEach ( done => { + Promise.all([ + Pic.remove({}), + User.remove({}), + Gallery.remove({}) + ]) + .then( () => done()) + .catch(done); + }); + + describe('POST: /api/gallery/:id/pic', function () { + describe('with a valid token and valid data', function() { + before( done => { + new User(exampleUser) + .generatePasswordHash(exampleUser.password) + .then( user => user.save()) + .then( user => { + this.tempUser = user; + return user.generateToken(); + }) + .then( token => { + this.tempToken = token; + done(); + }) + .catch(done); + }); + + before( done => { + exampleGallery.userID = this.tempUser._id.toString(); + new Gallery(exampleGallery).save() + .then( gallery => { + this.tempGallery = gallery; + done(); + }) + .catch(done); + }); + after( done => { + delete exampleGallery.userID; + done(); + }); + + it('should return a pic', done => { + request.post(`${url}/api/gallery/${this.tempGallery._id}/pic`) + .set({ + Authorization: `Bearer ${this.tempToken}` + }) + .field('name', examplePic.name) + .field('desc', examplePic.desc) + .attach('image', examplePic.image) + .end((err, res) => { + if(err) return done(err); + expect(res.status).to.equal(200, 'upload worked'); + expect(res.body.name).to.equal(examplePic.name); + expect(res.body.desc).to.equal(examplePic.desc); + expect(res.body.galleryID).to.equal(this.tempGallery._id.toString()); + done(); + }); + }); + }); + }); +});