From 726efd54c603c17a8fb01db622b8c0e67bd77dbf Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 13:05:26 -0800
Subject: [PATCH 01/20] added basic filestructure

---
 lab-yana/.env                         |   0
 lab-yana/.eslintrc                    |  21 +++++
 lab-yana/.gitignore                   | 117 ++++++++++++++++++++++++++
 lab-yana/README.md                    |   0
 lab-yana/gulpfile.js                  |  20 +++++
 lab-yana/lib/basic-auth-middleware.js |   0
 lab-yana/lib/error-middleware.js      |   0
 lab-yana/model/user.js                |   0
 lab-yana/package.json                 |  37 ++++++++
 lab-yana/server.js                    |   0
 lab-yana/test/auth-routes-test.js     |   0
 11 files changed, 195 insertions(+)
 create mode 100644 lab-yana/.env
 create mode 100644 lab-yana/.eslintrc
 create mode 100644 lab-yana/.gitignore
 create mode 100644 lab-yana/README.md
 create mode 100644 lab-yana/gulpfile.js
 create mode 100644 lab-yana/lib/basic-auth-middleware.js
 create mode 100644 lab-yana/lib/error-middleware.js
 create mode 100644 lab-yana/model/user.js
 create mode 100644 lab-yana/package.json
 create mode 100644 lab-yana/server.js
 create mode 100644 lab-yana/test/auth-routes-test.js

diff --git a/lab-yana/.env b/lab-yana/.env
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/.eslintrc b/lab-yana/.eslintrc
new file mode 100644
index 0000000..8dc6807
--- /dev/null
+++ b/lab-yana/.eslintrc
@@ -0,0 +1,21 @@
+{
+  "rules": {
+    "no-console": "off",
+    "indent": [ "error", 2 ],
+    "quotes": [ "error", "single" ],
+    "semi": ["error", "always"],
+    "linebreak-style": [ "error", "unix" ]
+  },
+  "env": {
+    "es6": true,
+    "node": true,
+    "mocha": true,
+    "jasmine": true
+  },
+  "ecmaFeatures": {
+    "modules": true,
+    "experimentalObjectRestSpread": true,
+    "impliedStrict": true
+  },
+  "extends": "eslint:recommended"
+}
diff --git a/lab-yana/.gitignore b/lab-yana/.gitignore
new file mode 100644
index 0000000..0992345
--- /dev/null
+++ b/lab-yana/.gitignore
@@ -0,0 +1,117 @@
+# Created by https://www.gitignore.io/api/node,vim,osx,macos,linux
+
+*node_modules
+
+### Node ###
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules
+jspm_packages
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+
+
+### Vim ###
+# swap
+[._]*.s[a-v][a-z]
+[._]*.sw[a-p]
+[._]s[a-v][a-z]
+[._]sw[a-p]
+# session
+Session.vim
+# temporary
+.netrwhist
+*~
+# auto-generated tag files
+tags
+
+
+### OSX ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+# Thumbnails
+._*
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+
+### macOS ###
+# Icon must end with two \r
+# Thumbnails
+# Files that might appear in the root of a volume
+# Directories potentially created on remote AFP share
+
+
+### Linux ###
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+# End of https://www.gitignore.io/api/node,vim,osx,macos,linux
diff --git a/lab-yana/README.md b/lab-yana/README.md
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/gulpfile.js b/lab-yana/gulpfile.js
new file mode 100644
index 0000000..9da355a
--- /dev/null
+++ b/lab-yana/gulpfile.js
@@ -0,0 +1,20 @@
+'use strict';
+
+const gulp = require('gulp');
+const eslint = require('gulp-eslint');
+const mocha = require('gulp-mocha');
+
+gulp.task('test', function() {
+  gulp.src('./test/*-test.js', { read: false })
+  .pipe(mocha({ reporter: 'spec' }));
+});
+
+gulp.task('lint', function() {
+  return gulp.src(['./**/*.js', '!node_modules/**']).pipe(eslint()).pipe(eslint.format()).pipe(eslint.failAfterError());
+});
+
+gulp.task('dev', function() {
+  gulp.watch(['**/*.js', '!node_modules/**'], ['lint', 'test']);
+});
+
+gulp.task('default', ['dev']);
diff --git a/lab-yana/lib/basic-auth-middleware.js b/lab-yana/lib/basic-auth-middleware.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/lib/error-middleware.js b/lab-yana/lib/error-middleware.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/model/user.js b/lab-yana/model/user.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/package.json b/lab-yana/package.json
new file mode 100644
index 0000000..4a0141a
--- /dev/null
+++ b/lab-yana/package.json
@@ -0,0 +1,37 @@
+{
+  "name": "lab-yana",
+  "version": "1.0.0",
+  "description": "",
+  "main": "server.js",
+  "directories": {
+    "test": "test"
+  },
+  "scripts": {
+    "test": "DEBUG='cfgram*' mocha",
+    "start": "DEBUG='cfgram*' nodemon server.js"
+  },
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "devDependencies": {
+    "chai": "^3.5.0",
+    "gulp": "^3.9.1",
+    "gulp-eslint": "^3.0.1",
+    "gulp-mocha": "^4.0.1",
+    "mocha": "^3.2.0",
+    "superagent": "^3.5.0"
+  },
+  "dependencies": {
+    "bcrypt": "^1.0.2",
+    "bluebird": "^3.5.0",
+    "body-parser": "^1.17.1",
+    "cors": "^2.8.1",
+    "debug": "^2.6.1",
+    "dotenv": "^4.0.0",
+    "express": "^4.15.2",
+    "http-errors": "^1.6.1",
+    "jsonwebtoken": "^7.3.0",
+    "mongoose": "^4.8.6",
+    "morgan": "^1.8.1"
+  }
+}
diff --git a/lab-yana/server.js b/lab-yana/server.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/test/auth-routes-test.js b/lab-yana/test/auth-routes-test.js
new file mode 100644
index 0000000..e69de29

From af2ce8b2e52fc7403a7f001d5611ac95890e0a8a Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 13:11:12 -0800
Subject: [PATCH 02/20] basic server up and running

---
 lab-yana/server.js | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/lab-yana/server.js b/lab-yana/server.js
index e69de29..c7ef5db 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -0,0 +1,19 @@
+'use strict';
+
+const debug = require('debug')('cfgram:server');
+const morgan = require('morgan');
+const cors = require('cors');
+const mongoose = require('mongoose');
+const express = require('express');
+const Promise = require('bluebird');
+// const authRouter = require('./route/auth-router.js');
+// const errors = require('./lib/error-middleware.js');
+const PORT = 3003;
+
+const app = express();
+
+app.use(cors());
+// app.use(authRouter);
+// app.use(errors);
+
+app.listen(PORT, () => debug(`Listening on port ${PORT}.`));

From eb176838af5625174e29ca916f18ffc4aba2fe8c Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 13:47:39 -0800
Subject: [PATCH 03/20] added three variables to .env, added .env to
 .gitignore, wrote four proudly failing tests, wrote err-r imddleware and
 included in server.js

---
 lab-yana/.env                     |  3 ++
 lab-yana/.gitignore               |  4 +-
 lab-yana/lib/error-middleware.js  | 28 +++++++++++
 lab-yana/server.js                |  7 +--
 lab-yana/test/auth-routes-test.js | 82 +++++++++++++++++++++++++++++++
 5 files changed, 120 insertions(+), 4 deletions(-)

diff --git a/lab-yana/.env b/lab-yana/.env
index e69de29..12b2098 100644
--- a/lab-yana/.env
+++ b/lab-yana/.env
@@ -0,0 +1,3 @@
+PORT='3003'
+MONGODB_URI='mongodb://localhost/cfgram'
+APP_SECRET='mysupersekritthingy'
diff --git a/lab-yana/.gitignore b/lab-yana/.gitignore
index 0992345..850b46c 100644
--- a/lab-yana/.gitignore
+++ b/lab-yana/.gitignore
@@ -1,5 +1,4 @@
 # Created by https://www.gitignore.io/api/node,vim,osx,macos,linux
-
 *node_modules
 
 ### Node ###
@@ -14,6 +13,9 @@ pids
 *.seed
 *.pid.lock
 
+# file containing SUPER SEKRIT VARIABLES
+.env
+
 # Directory for instrumented libs generated by jscoverage/JSCover
 lib-cov
 
diff --git a/lab-yana/lib/error-middleware.js b/lab-yana/lib/error-middleware.js
index e69de29..dee66d1 100644
--- a/lab-yana/lib/error-middleware.js
+++ b/lab-yana/lib/error-middleware.js
@@ -0,0 +1,28 @@
+'use strict';
+
+const debug = require('debug')('cfgram:error-middleware');
+const createError = require('http-errors');
+
+module.exports = function(err, req, res, next) {
+  debug('error-middleware');
+  console.error(`msg: ${err.message}`);
+  console.error(`name: ${err.name}`);
+
+  if (err.status) {
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  if (err.name === 'ValidationError') {
+    err = createError(400, err.message);
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
+  err = createError(500, err.message);
+  res.status(err.status).send(err.message);
+  next();
+
+};
diff --git a/lab-yana/server.js b/lab-yana/server.js
index c7ef5db..664db71 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -7,13 +7,14 @@ const mongoose = require('mongoose');
 const express = require('express');
 const Promise = require('bluebird');
 // const authRouter = require('./route/auth-router.js');
-// const errors = require('./lib/error-middleware.js');
-const PORT = 3003;
+const errors = require('./lib/error-middleware.js');
+const PORT = process.env.PORT || 3004;
 
 const app = express();
 
 app.use(cors());
+app.use(morgan('dev'));
 // app.use(authRouter);
-// app.use(errors);
+app.use(errors);
 
 app.listen(PORT, () => debug(`Listening on port ${PORT}.`));
diff --git a/lab-yana/test/auth-routes-test.js b/lab-yana/test/auth-routes-test.js
index e69de29..dffdb0c 100644
--- a/lab-yana/test/auth-routes-test.js
+++ b/lab-yana/test/auth-routes-test.js
@@ -0,0 +1,82 @@
+'use strict';
+
+const expect = require('chai').expect;
+const request = require('superagent');
+const User = require('../model/user.js');
+const url = 'http://localhost:3003';
+
+require('../server.js');
+
+const testUser = {
+  username: 'testUser',
+  password: 'word',
+  email: 'testUser@test.com'
+};
+
+describe('Auth Routes', function() {
+  describe('POST: /api/signup', function() {
+    describe('with a valid body', function() {
+      after(done => {
+        User.remove({})
+        .then( () => done())
+        .catch(done);
+      });
+      it('should return a token', done => {
+        request.post(`${url}/api/signup`)
+        .send(testUser)
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.text).to.be.a('string');
+          done();
+        });
+      });
+    });
+    describe('without a valid body', function() {
+      it('should return a 400 error', done => {
+        request.post(`${url}/api/signup`)
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/signin', function() {
+    describe('with a valid authentication header', function() {
+      before(done => {
+        let user = new User(testUser);
+        user.generatePasswordHash(user.password)
+        .then(user => user.save())
+        .then(user => {
+          this.tempUser = user;
+          done();
+        });
+      });
+      after(done => {
+        User.remove({})
+        .then( () => done())
+        .catch(done);
+      });
+      it('should return a token', done => {
+        request.get(`${url}/api/signin`)
+        .auth('testUser', 'word')
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.text).to.be.a('string');
+          done();
+        });
+      });
+    });
+    describe('without a valid authentication header', function() {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/signin`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+});

From 3f309bd448ff97e7a341a1a871f452dec7ab8de1 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 14:26:23 -0800
Subject: [PATCH 04/20] added user model

---
 lab-yana/model/user.js | 69 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)

diff --git a/lab-yana/model/user.js b/lab-yana/model/user.js
index e69de29..ec32f83 100644
--- a/lab-yana/model/user.js
+++ b/lab-yana/model/user.js
@@ -0,0 +1,69 @@
+'use strict';
+
+const debug = require('debug')('cfgram:user');
+const crypto = require('crypto');
+const bcrypt = require('bcrypt');
+const jwt = require('jsonwebtoken');
+const mongoose = require('mongoose');
+const createError = require('http-errors');
+const Promise = require('bluebird');
+
+const Schema = mongoose.Schema;
+
+const userSchema = new Schema({
+  username: { type: String, unique: true, required: true },
+  password: { type: String, required: true },
+  email: { type: String, unique: true, required: true },
+  findHash: { type: String, unique: true }
+});
+
+userSchema.methods.generatePasswordHash = function(password) {
+  debug('generatePasswordHash');
+  return new Promise((resolve, reject) => {
+    bcrypt.hash(password, 10, (err, hash) => { //take the plain text password the user chose and turn it into a hash
+      if (err) return reject(err);
+      this.password = hash; //store the hashed password
+      resolve(this);
+    });
+  });
+};
+
+userSchema.methods.comparePasswordHash = function(password) {
+  debug('comparePasswordHash');
+  return new Promise((resolve, reject) => {
+    bcrypt.compare(password, this.password, (err, valid) => { //compare a user entered password with their hashed password
+      if (err) return reject(err);
+      if (!valid) return reject(createError(401, 'wrong password'));
+      resolve(this);
+    });
+  });
+};
+
+userSchema.methods.generateFindHash = function() {
+  debug('generateFindHash');
+  return new Promise((resolve, reject) => {
+    let tries = 0;
+    _generateFindHash();
+    function _generateFindHash() {
+      this.findHash = crypto.randomBytes(32).toString('hex'); //assign to findHash a randomly generated hash for two step authentication
+      this.save() //make sure to save it in db
+      .then ( () => resolve(this.findHash))
+      .catch(err => {
+        if (tries > 3) return reject(err);
+        tries++;
+        _generateFindHash.call(this); //try to generate the FindHash again until it has been tried 3 times
+      });
+    }
+  });
+};
+
+userSchema.methods.generateToken = function() {
+  debug('generateToken');
+  return new Promise((resolve, reject) => {
+    this.generateFindHash()
+    .then(findHash => resolve(jwt.sign( { token: findHash }, process.env.APP_SECRET)))
+    .catch(err => reject(err));
+  });
+};
+
+module.exports = mongoose.model('user', userSchema);

From e3f1733f4b3e0eb4461beb20b589a4294227e3fa Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 14:34:51 -0800
Subject: [PATCH 05/20] added authorization middleware

---
 lab-yana/lib/basic-auth-middleware.js | 27 +++++++++++++++++++++++++++
 lab-yana/server.js                    |  4 ++--
 2 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/lab-yana/lib/basic-auth-middleware.js b/lab-yana/lib/basic-auth-middleware.js
index e69de29..f273255 100644
--- a/lab-yana/lib/basic-auth-middleware.js
+++ b/lab-yana/lib/basic-auth-middleware.js
@@ -0,0 +1,27 @@
+'use strict';
+
+const debug = require('debug')('cfgram:basic-auth-middleware');
+const createError = require('http-errors');
+
+module.exports = function (req, res, next) {
+  debug('basic-auth-middleware');
+
+  var authHeader = req.headers.authorization;
+  if (!authHeader) return next(createError(401, 'authorization headers required'));
+
+  var base64string = authHeader.split('Basic ')[1]; //takes the username and password part of the auth header
+  if (!base64string) return next(createError(401, 'username and password required'));
+
+  var utf8string = new Buffer(base64string, 'base64').toString(); //turns our string into a readable by humans string
+  var authArray = utf8string.split(':'); //puts the username in index 0 of array and the password in index 1
+
+  req.auth = { //create new property auth of request object
+    username: authArray[0],
+    password: authArray[1]
+  };
+
+  if (!req.auth.username) return next(createError(401, 'username required'));
+  if (!req.auth.password) return next(createError(401, 'password required'));
+
+  next();
+};
diff --git a/lab-yana/server.js b/lab-yana/server.js
index 664db71..5f6c557 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -6,7 +6,7 @@ const cors = require('cors');
 const mongoose = require('mongoose');
 const express = require('express');
 const Promise = require('bluebird');
-// const authRouter = require('./route/auth-router.js');
+const authRouter = require('./route/auth-router.js');
 const errors = require('./lib/error-middleware.js');
 const PORT = process.env.PORT || 3004;
 
@@ -14,7 +14,7 @@ const app = express();
 
 app.use(cors());
 app.use(morgan('dev'));
-// app.use(authRouter);
+app.use(authRouter);
 app.use(errors);
 
 app.listen(PORT, () => debug(`Listening on port ${PORT}.`));

From 7123ab9f2a3d43b257728eea968e4e82670f660b Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 14:51:31 -0800
Subject: [PATCH 06/20] added readme.md text, GET and POST routes, and made
 small changes to server.js

---
 lab-yana/README.md            |  3 +++
 lab-yana/route/auth-routes.js | 31 +++++++++++++++++++++++++++++++
 lab-yana/server.js            |  8 ++++++--
 3 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 lab-yana/route/auth-routes.js

diff --git a/lab-yana/README.md b/lab-yana/README.md
index e69de29..93494b1 100644
--- a/lab-yana/README.md
+++ b/lab-yana/README.md
@@ -0,0 +1,3 @@
+This is a server that allows you to sign in or sign up, using basic authorization and authentication using a token generated by the middleware jsonwebtoken as well as hashing using the native node module crypto as well as the imported module bcrypt.
+
+_created by_ Yana Radenska
diff --git a/lab-yana/route/auth-routes.js b/lab-yana/route/auth-routes.js
new file mode 100644
index 0000000..ac8b280
--- /dev/null
+++ b/lab-yana/route/auth-routes.js
@@ -0,0 +1,31 @@
+'use strict';
+
+const debug = require('debug')('cfgram:auth-routes');
+const parseJSON = require('body-parser').json();
+const Router = require('express').Router;
+const basicAuth = require('../lib/basic-auth-middleware.js');
+const User = require('../model/user.js');
+
+const authRouter = module.exports = Router();
+
+authRouter.post('/api/signup', parseJSON, function(req, res, next) {
+  debug('POST: /api/signup');
+
+  let password = req.body.password;
+  delete req.body.password; //remove the password which is in plain text
+  let user = new User(req.body);
+  user.generatePasswordHash(password)
+  .then(user => user.save()) //save new user info to db
+  .then(user => user.generateToken()) //generate a new auth token
+  .then(token => res.send(token)) //send auth token to user
+  .catch(next);
+});
+
+authRouter.get('/api/signin', basicAuth, function(req, res, next) {
+  debug('GET: /api/signin');
+  User.findOne( { username: req.auth.username }) //find the user name entered by the user from the request object where we put it in basic auth middleware
+  .then(user => user.comparePasswordHash(req.auth.password)) //compare user entered password to hash of actual user password
+  .then(user => user.generateToken) //make a token after confirming passwords match
+  .then(token => res.send(token)) //send user the token as part of authorization process
+  .catch(next);
+});
diff --git a/lab-yana/server.js b/lab-yana/server.js
index 5f6c557..cc39d254 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -5,13 +5,17 @@ const morgan = require('morgan');
 const cors = require('cors');
 const mongoose = require('mongoose');
 const express = require('express');
-const Promise = require('bluebird');
-const authRouter = require('./route/auth-router.js');
+const authRouter = require('./route/auth-routes.js');
 const errors = require('./lib/error-middleware.js');
+const dotenv = require('dotenv');
 const PORT = process.env.PORT || 3004;
 
+dotenv.load(); //use the variables in the .env file;
+
 const app = express();
 
+mongoose.connect(process.env.MONGODB_URI);
+
 app.use(cors());
 app.use(morgan('dev'));
 app.use(authRouter);

From ad43a0adbf30755356f57f5c07eb36d9f5f9ffd2 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Mon, 6 Mar 2017 15:14:30 -0800
Subject: [PATCH 07/20] all tests pass, linter passes

---
 lab-yana/model/user.js        | 6 +++---
 lab-yana/route/auth-routes.js | 5 ++++-
 lab-yana/server.js            | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/lab-yana/model/user.js b/lab-yana/model/user.js
index ec32f83..0b59e81 100644
--- a/lab-yana/model/user.js
+++ b/lab-yana/model/user.js
@@ -10,8 +10,8 @@ const Promise = require('bluebird');
 
 const Schema = mongoose.Schema;
 
-const userSchema = new Schema({
-  username: { type: String, unique: true, required: true },
+const userSchema = Schema({
+  username: { type: String, required: true, unique: true  },
   password: { type: String, required: true },
   email: { type: String, unique: true, required: true },
   findHash: { type: String, unique: true }
@@ -43,7 +43,7 @@ userSchema.methods.generateFindHash = function() {
   debug('generateFindHash');
   return new Promise((resolve, reject) => {
     let tries = 0;
-    _generateFindHash();
+    _generateFindHash.call(this);
     function _generateFindHash() {
       this.findHash = crypto.randomBytes(32).toString('hex'); //assign to findHash a randomly generated hash for two step authentication
       this.save() //make sure to save it in db
diff --git a/lab-yana/route/auth-routes.js b/lab-yana/route/auth-routes.js
index ac8b280..f5c0266 100644
--- a/lab-yana/route/auth-routes.js
+++ b/lab-yana/route/auth-routes.js
@@ -5,6 +5,7 @@ const parseJSON = require('body-parser').json();
 const Router = require('express').Router;
 const basicAuth = require('../lib/basic-auth-middleware.js');
 const User = require('../model/user.js');
+const createError = require('http-errors');
 
 const authRouter = module.exports = Router();
 
@@ -18,7 +19,9 @@ authRouter.post('/api/signup', parseJSON, function(req, res, next) {
   .then(user => user.save()) //save new user info to db
   .then(user => user.generateToken()) //generate a new auth token
   .then(token => res.send(token)) //send auth token to user
-  .catch(next);
+  .catch(err => {
+    next(createError(400, err.message));
+  });
 });
 
 authRouter.get('/api/signin', basicAuth, function(req, res, next) {
diff --git a/lab-yana/server.js b/lab-yana/server.js
index cc39d254..d2e7636 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -8,7 +8,7 @@ const express = require('express');
 const authRouter = require('./route/auth-routes.js');
 const errors = require('./lib/error-middleware.js');
 const dotenv = require('dotenv');
-const PORT = process.env.PORT || 3004;
+const PORT = 3003;
 
 dotenv.load(); //use the variables in the .env file;
 

From d8ae9cee89a9de78205b1e36bb52e02e6ff6e27f Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 12:33:50 -0800
Subject: [PATCH 08/20] added basic filestructure

---
 lab-yana/lib/bearer-auth-middleware.js | 0
 lab-yana/model/gallery.js              | 0
 lab-yana/route/gallery-router.js       | 0
 lab-yana/test/gallery-router-test.js   | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 lab-yana/lib/bearer-auth-middleware.js
 create mode 100644 lab-yana/model/gallery.js
 create mode 100644 lab-yana/route/gallery-router.js
 create mode 100644 lab-yana/test/gallery-router-test.js

diff --git a/lab-yana/lib/bearer-auth-middleware.js b/lab-yana/lib/bearer-auth-middleware.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/model/gallery.js b/lab-yana/model/gallery.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/route/gallery-router.js b/lab-yana/route/gallery-router.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/test/gallery-router-test.js b/lab-yana/test/gallery-router-test.js
new file mode 100644
index 0000000..e69de29

From bc831599d1564a791d19fb12439bde28ca2ce7bf Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 14:06:25 -0800
Subject: [PATCH 09/20] added sixteen beautifully linted tests

---
 lab-yana/test/gallery-router-test.js | 245 +++++++++++++++++++++++++++
 1 file changed, 245 insertions(+)

diff --git a/lab-yana/test/gallery-router-test.js b/lab-yana/test/gallery-router-test.js
index e69de29..8e3c980 100644
--- a/lab-yana/test/gallery-router-test.js
+++ b/lab-yana/test/gallery-router-test.js
@@ -0,0 +1,245 @@
+'use strict';
+
+const expect = require('chai').expect;
+const request = require('superagent');
+const User = require('../model/user.js');
+const Gallery = require('../model/gallery.js');
+const url = 'http://localhost:3003';
+const Promise = require('bluebird');
+
+require('../server.js');
+
+const testUser = {
+  name: 'testUser',
+  password: 'word',
+  email: 'testUser@user.com'
+};
+
+const testGallery = {
+  name: 'testGallery name',
+  desc: 'testGallery description'
+};
+
+describe('Gallery Routes', function() {
+  beforeEach(done => { //make a user and save it to db, needed for GET, PUT, POST, DELETE
+    new User(testUser).generatePasswordHash(testUser.password)
+    .then(user => {
+      user.save();
+      this.tempUser = user;
+      return user.generateToken;
+    })
+    .then(token => {
+      this.TempToken = token;
+      done();
+    })
+    .catch(done);
+  });
+  beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
+    testGallery.userID = this.tempUser._id.toString();
+    new Gallery(testGallery).save()
+    .then(gallery => {
+      this.tempGallery = gallery;
+      done();
+    })
+    .catch(done);
+  });
+  afterEach(done => { //remove user and gallery db entries
+    Promise.all([
+      User.remove({}),
+      Gallery.remove({})
+    ])
+    .then( () => done())
+    .catch(done);
+  });
+  afterEach( () => delete testGallery.userID); //remove user ID
+
+  describe('POST: /api/gallery', function() {
+    describe('with a valid body and token', function() {
+      it('should return a gallery', done => {
+        request.post(`${url}/api/gallery`)
+        .send(testGallery)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          let date = new Date(res.body.created).toString();
+          expect(res.status).to.equal(200);
+          expect(res.body.name).to.equal(testGallery.name);
+          expect(res.body.desc).to.equal(testGallery.desc);
+          expect(date).to.not.equal('invalid date');
+          expect(res.body.userID.toString()).to.equal(this.tempUser._id.toString());
+          done();
+        });
+      });
+    });
+    describe('wthout a valid token', function() {
+      it('should return a 401 error', done => {
+        request.post(`${url}/api/gallery`)
+        .send(testGallery)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+    describe('without a valid body', function() {
+      it('should return a 400 error', done => {
+        request.post(`${url}/api/gallery`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', function() {
+    describe('with an invalid route', function() {
+      it('should return a 404 error', done => {
+        request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/gallery', function() {
+    describe('with a valid token', function() {
+      it('should return a list of gallery IDs in the db', done => {
+        request.get(`${url}/api/gallery`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.body).to.be.an('array');
+          done();
+        });
+      });
+    });
+    describe('without a valid token', function() {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/gallery`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/gallery/:id', function() {
+    describe('with a valid id and token', function() {
+      it('should return a gallery', done => {
+        request.get(`${url}/api/gallery/${this.tempGallery._id}}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          let date = new Date(res.body.created).toString();
+          expect(date).to.not.equal('invalid date');
+          expect(res.status).to.equal(200);
+          expect(res.body.name).to.equal(testGallery.name);
+          expect(res.body.desc).to.equal(testGallery.desc);
+          expect(res.body.userID).to.equal(this.tempUser._id.toString());
+          done();
+        });
+      });
+    });
+    describe('wthout a valid totken', function() {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+    describe('with an invalid id' , function() {
+      it('should return a 404 error', done => {
+        request.get(`${url}/api/gallery/1nval1did`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
+  describe('DELETE: /api/gallery/:id', function() {
+    describe('with a valid id and token', function() {
+      it('should return a 204 code', done => {
+        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(204);
+          done();
+        });
+      });
+    });
+    describe('without a valid id', function() {
+      it('should return a 404 error code', done => {
+        request.delete(`${url}/api/gallery/1nvalid1d`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+    describe('without a valid token', function() {
+      it('should return a 401 error code', done => {
+        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+  describe('PUT: /api/gallery/:id', function() {
+    var update = { name: 'updated gallery name', desc: 'updated gallery description' };
+    describe('with a valid body, id, and token', function() {
+      it('should return an updated gallery', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .send(update)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.body.name).to.equal(update.name);
+          expect(res.body.desc).to.equal(update.desc);
+          done();
+        });
+      });
+    });
+    describe('without a valid body', function() {
+      it('should return a 400 error', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+    describe('without a valid token', function() {
+      it('should return a 401 error', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .send(update)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+    describe('without a valid gallery id', function() {
+      it('should return a 404 error', done => {
+        request.put(`${url}/api/gallery/00p5wr0ng1d`)
+        .send(update)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
+});

From 3839562e4c18b8461508682a07f178fbab844105 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 14:22:52 -0800
Subject: [PATCH 10/20] added gallery model code

---
 lab-yana/model/gallery.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lab-yana/model/gallery.js b/lab-yana/model/gallery.js
index e69de29..4b6a042 100644
--- a/lab-yana/model/gallery.js
+++ b/lab-yana/model/gallery.js
@@ -0,0 +1,15 @@
+'use strict';
+
+const debug = require('debug')('cfgram:gallery');
+const mongoose = require('mongoose');
+const Promise = require('bluebird');
+const Schema = mongoose.schema;
+
+const gallerySchema = Schema({
+  name: { type: String, required: true },
+  desc: { type: String, required: true },
+  created: { type: Date, required: true, default: Date.now },
+  userID: { type: Schema.Types.ObjectId, required: true }
+});
+
+module.exports = mongoose.model('gallery', gallerySchema);

From 98eda2a7d9f1f62ec0e43c37a168a2c9281a1f57 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 14:31:43 -0800
Subject: [PATCH 11/20] added bearer auth middleware code

---
 lab-yana/lib/bearer-auth-middleware.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/lab-yana/lib/bearer-auth-middleware.js b/lab-yana/lib/bearer-auth-middleware.js
index e69de29..bbf87b1 100644
--- a/lab-yana/lib/bearer-auth-middleware.js
+++ b/lab-yana/lib/bearer-auth-middleware.js
@@ -0,0 +1,26 @@
+'use strict';
+
+const debug = require('debug')('cfgram:bearer-auth-middleware');
+const createError = require('http-errors');
+const jwt = require('jsonwebtoken');
+const User = require('../model/user.js');
+
+module.exports = function(req, res, next) {
+  debug('bearer-auth-middleware');
+
+  let authHeader = req.headers.authorization;
+  if (!authHeader) return next(createError(401, 'authorization header required'))
+
+  let token = authHeader.split('Bearer ')[1];
+  if(!token) return next(createError(401, 'token required'));
+
+  jwt.verify(token, process.env.APP_SECRET, (err, decoded) => {
+    if (err) return next(err);
+    User.findOne( { findHash: decoded.token } )
+    .then(user => {
+      req.user = user;
+      next();
+    })
+    .catch(err => next(createError(401, err.message)));
+  });
+};

From 8d84e7ff6e36f3ec627a8f92d3584ee951f79c0d Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 15:26:34 -0800
Subject: [PATCH 12/20] added GET, GET list, PUT, POST, and DELETE methods for
 gallery, fixed minor syntax errors in other files

---
 lab-yana/lib/bearer-auth-middleware.js |  2 +-
 lab-yana/model/gallery.js              |  2 -
 lab-yana/route/gallery-router.js       | 56 ++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 3 deletions(-)

diff --git a/lab-yana/lib/bearer-auth-middleware.js b/lab-yana/lib/bearer-auth-middleware.js
index bbf87b1..24b32a8 100644
--- a/lab-yana/lib/bearer-auth-middleware.js
+++ b/lab-yana/lib/bearer-auth-middleware.js
@@ -9,7 +9,7 @@ module.exports = function(req, res, next) {
   debug('bearer-auth-middleware');
 
   let authHeader = req.headers.authorization;
-  if (!authHeader) return next(createError(401, 'authorization header required'))
+  if (!authHeader) return next(createError(401, 'authorization header required'));
 
   let token = authHeader.split('Bearer ')[1];
   if(!token) return next(createError(401, 'token required'));
diff --git a/lab-yana/model/gallery.js b/lab-yana/model/gallery.js
index 4b6a042..a35ab0d 100644
--- a/lab-yana/model/gallery.js
+++ b/lab-yana/model/gallery.js
@@ -1,8 +1,6 @@
 'use strict';
 
-const debug = require('debug')('cfgram:gallery');
 const mongoose = require('mongoose');
-const Promise = require('bluebird');
 const Schema = mongoose.schema;
 
 const gallerySchema = Schema({
diff --git a/lab-yana/route/gallery-router.js b/lab-yana/route/gallery-router.js
index e69de29..f3d197f 100644
--- a/lab-yana/route/gallery-router.js
+++ b/lab-yana/route/gallery-router.js
@@ -0,0 +1,56 @@
+'use strict';
+
+const debug = require('debug')('cfgram:gallery-router');
+const createError = require('http-errors');
+const parseJSON = require('body-parser').json();
+const bearerAuth = require('../lib/bearer-auth-middleware.js');
+const Gallery = require('../model/gallery.js');
+const Router = require('express').Router;
+
+const galleryRouter = module.exports = Router();
+
+galleryRouter.get('/api/gallery/:id', bearerAuth, function(req, res, next) {
+  debug('GET: /api/gallery/:id');
+
+  Gallery.findById(req.params.id)
+  .then(gallery => {
+    if (gallery.userID.toString() !== req.user._id.toString()) return next(createError(401, 'invalid user')); //check that the user is trying to access their own gallery
+    res.json(gallery);
+  })
+  .catch(next);
+});
+
+galleryRouter.get('/api/gallery', bearerAuth, function(req, res, next) {
+  debug('GET (list): /api/gallery');
+
+  Gallery.find({}, function(err, galleries) {
+    if (err) return(next(err));
+    res.json(galleries.select('_id'));
+  });
+});
+
+galleryRouter.post('/api/gallery', bearerAuth, parseJSON, function(req, res, next) {
+  debug('POST: /api/gallery');
+
+  req.body.userID = req.user._id; //associate the user with the gallery before creating the new gallery and saving it to the db
+  new Gallery(req.body).save()
+  .then(gallery => res.json(gallery))
+  .catch(next);
+});
+
+galleryRouter.put('/api/gallery/:id', bearerAuth, parseJSON, function(req, res, next) {
+  debug('PUT: /api/gallery/:id');
+
+  if (req._body !== true) return next(createError(400, 'bad request'));
+  Gallery.findByIdAndUpdate(req.params.id, req.body, { new: true } )
+  .then(gallery => res.json(gallery))
+  .catch(next);
+});
+
+galleryRouter.delete('/api/gallery/:id', bearerAuth, function(req, res, next) {
+  debug('DELETE: /api/gallery/:id');
+
+  Gallery.findByIdAndRemove(req.params.id)
+  .then( () => res.status(204).send())
+  .catch(next);
+});

From 30fa6f048aa94e028edbc6ff239e1b923faab079 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 17:07:26 -0800
Subject: [PATCH 13/20] mired in testing issues

---
 lab-yana/lib/bearer-auth-middleware.js |   1 +
 lab-yana/model/gallery.js              |   2 +-
 lab-yana/model/user.js                 |   4 +-
 lab-yana/route/gallery-router.js       |   2 +-
 lab-yana/server.js                     |   2 +
 lab-yana/test/auth-routes-test.js      | 150 +++++-----
 lab-yana/test/gallery-router-test.js   | 377 +++++++++++++------------
 7 files changed, 273 insertions(+), 265 deletions(-)

diff --git a/lab-yana/lib/bearer-auth-middleware.js b/lab-yana/lib/bearer-auth-middleware.js
index 24b32a8..2674180 100644
--- a/lab-yana/lib/bearer-auth-middleware.js
+++ b/lab-yana/lib/bearer-auth-middleware.js
@@ -12,6 +12,7 @@ module.exports = function(req, res, next) {
   if (!authHeader) return next(createError(401, 'authorization header required'));
 
   let token = authHeader.split('Bearer ')[1];
+  console.log('TOKEN!!!!!!!!!!!', token);
   if(!token) return next(createError(401, 'token required'));
 
   jwt.verify(token, process.env.APP_SECRET, (err, decoded) => {
diff --git a/lab-yana/model/gallery.js b/lab-yana/model/gallery.js
index a35ab0d..98c2f5c 100644
--- a/lab-yana/model/gallery.js
+++ b/lab-yana/model/gallery.js
@@ -1,7 +1,7 @@
 'use strict';
 
 const mongoose = require('mongoose');
-const Schema = mongoose.schema;
+const Schema = mongoose.Schema;
 
 const gallerySchema = Schema({
   name: { type: String, required: true },
diff --git a/lab-yana/model/user.js b/lab-yana/model/user.js
index 0b59e81..6727cc4 100644
--- a/lab-yana/model/user.js
+++ b/lab-yana/model/user.js
@@ -12,8 +12,8 @@ const Schema = mongoose.Schema;
 
 const userSchema = Schema({
   username: { type: String, required: true, unique: true  },
+  email: { type: String, required: true, unique: true },
   password: { type: String, required: true },
-  email: { type: String, unique: true, required: true },
   findHash: { type: String, unique: true }
 });
 
@@ -53,7 +53,7 @@ userSchema.methods.generateFindHash = function() {
         tries++;
         _generateFindHash.call(this); //try to generate the FindHash again until it has been tried 3 times
       });
-    }
+    };
   });
 };
 
diff --git a/lab-yana/route/gallery-router.js b/lab-yana/route/gallery-router.js
index f3d197f..adfeba5 100644
--- a/lab-yana/route/gallery-router.js
+++ b/lab-yana/route/gallery-router.js
@@ -11,7 +11,6 @@ const galleryRouter = module.exports = Router();
 
 galleryRouter.get('/api/gallery/:id', bearerAuth, function(req, res, next) {
   debug('GET: /api/gallery/:id');
-
   Gallery.findById(req.params.id)
   .then(gallery => {
     if (gallery.userID.toString() !== req.user._id.toString()) return next(createError(401, 'invalid user')); //check that the user is trying to access their own gallery
@@ -31,6 +30,7 @@ galleryRouter.get('/api/gallery', bearerAuth, function(req, res, next) {
 
 galleryRouter.post('/api/gallery', bearerAuth, parseJSON, function(req, res, next) {
   debug('POST: /api/gallery');
+  console.log('BEARERAUTH', bearerAuth);
 
   req.body.userID = req.user._id; //associate the user with the gallery before creating the new gallery and saving it to the db
   new Gallery(req.body).save()
diff --git a/lab-yana/server.js b/lab-yana/server.js
index d2e7636..12accd1 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -6,6 +6,7 @@ const cors = require('cors');
 const mongoose = require('mongoose');
 const express = require('express');
 const authRouter = require('./route/auth-routes.js');
+const galleryRouter = require('./route/gallery-router.js');
 const errors = require('./lib/error-middleware.js');
 const dotenv = require('dotenv');
 const PORT = 3003;
@@ -19,6 +20,7 @@ mongoose.connect(process.env.MONGODB_URI);
 app.use(cors());
 app.use(morgan('dev'));
 app.use(authRouter);
+app.use(galleryRouter);
 app.use(errors);
 
 app.listen(PORT, () => debug(`Listening on port ${PORT}.`));
diff --git a/lab-yana/test/auth-routes-test.js b/lab-yana/test/auth-routes-test.js
index dffdb0c..a8ef812 100644
--- a/lab-yana/test/auth-routes-test.js
+++ b/lab-yana/test/auth-routes-test.js
@@ -5,78 +5,78 @@ const request = require('superagent');
 const User = require('../model/user.js');
 const url = 'http://localhost:3003';
 
-require('../server.js');
-
-const testUser = {
-  username: 'testUser',
-  password: 'word',
-  email: 'testUser@test.com'
-};
-
-describe('Auth Routes', function() {
-  describe('POST: /api/signup', function() {
-    describe('with a valid body', function() {
-      after(done => {
-        User.remove({})
-        .then( () => done())
-        .catch(done);
-      });
-      it('should return a token', done => {
-        request.post(`${url}/api/signup`)
-        .send(testUser)
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.text).to.be.a('string');
-          done();
-        });
-      });
-    });
-    describe('without a valid body', function() {
-      it('should return a 400 error', done => {
-        request.post(`${url}/api/signup`)
-        .end(err => {
-          expect(err.status).to.equal(400);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/signin', function() {
-    describe('with a valid authentication header', function() {
-      before(done => {
-        let user = new User(testUser);
-        user.generatePasswordHash(user.password)
-        .then(user => user.save())
-        .then(user => {
-          this.tempUser = user;
-          done();
-        });
-      });
-      after(done => {
-        User.remove({})
-        .then( () => done())
-        .catch(done);
-      });
-      it('should return a token', done => {
-        request.get(`${url}/api/signin`)
-        .auth('testUser', 'word')
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.text).to.be.a('string');
-          done();
-        });
-      });
-    });
-    describe('without a valid authentication header', function() {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/signin`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-});
+// require('../server.js');
+//
+// const testUser = {
+//   username: 'testUser',
+//   password: 'word',
+//   email: 'testUser@test.com'
+// };
+//
+// describe('Auth Routes', function() {
+//   describe('POST: /api/signup', function() {
+//     describe('with a valid body', function() {
+//       after(done => {
+//         User.remove({})
+//         .then( () => done())
+//         .catch(done);
+//       });
+//       it('should return a token', done => {
+//         request.post(`${url}/api/signup`)
+//         .send(testUser)
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.text).to.be.a('string');
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid body', function() {
+//       it('should return a 400 error', done => {
+//         request.post(`${url}/api/signup`)
+//         .end(err => {
+//           expect(err.status).to.equal(400);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('GET: /api/signin', function() {
+//     describe('with a valid authentication header', function() {
+//       before(done => {
+//         let user = new User(testUser);
+//         user.generatePasswordHash(user.password)
+//         .then(user => user.save())
+//         .then(user => {
+//           this.tempUser = user;
+//           done();
+//         });
+//       });
+//       after(done => {
+//         User.remove({})
+//         .then( () => done())
+//         .catch(done);
+//       });
+//       it('should return a token', done => {
+//         request.get(`${url}/api/signin`)
+//         .auth('testUser', 'word')
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.text).to.be.a('string');
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid authentication header', function() {
+//       it('should return a 401 error', done => {
+//         request.get(`${url}/api/signin`)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//   });
+// });
diff --git a/lab-yana/test/gallery-router-test.js b/lab-yana/test/gallery-router-test.js
index 8e3c980..e5f6e6f 100644
--- a/lab-yana/test/gallery-router-test.js
+++ b/lab-yana/test/gallery-router-test.js
@@ -6,6 +6,8 @@ const User = require('../model/user.js');
 const Gallery = require('../model/gallery.js');
 const url = 'http://localhost:3003';
 const Promise = require('bluebird');
+const mongoose = require('mongoose');
+mongoose.Promise = Promise;
 
 require('../server.js');
 
@@ -20,41 +22,44 @@ const testGallery = {
   desc: 'testGallery description'
 };
 
-describe('Gallery Routes', function() {
-  beforeEach(done => { //make a user and save it to db, needed for GET, PUT, POST, DELETE
-    new User(testUser).generatePasswordHash(testUser.password)
-    .then(user => {
-      user.save();
-      this.tempUser = user;
-      return user.generateToken;
-    })
-    .then(token => {
-      this.TempToken = token;
-      done();
-    })
-    .catch(done);
-  });
-  beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
-    testGallery.userID = this.tempUser._id.toString();
-    new Gallery(testGallery).save()
-    .then(gallery => {
-      this.tempGallery = gallery;
-      done();
-    })
-    .catch(done);
-  });
-  afterEach(done => { //remove user and gallery db entries
-    Promise.all([
-      User.remove({}),
-      Gallery.remove({})
-    ])
-    .then( () => done())
-    .catch(done);
-  });
-  afterEach( () => delete testGallery.userID); //remove user ID
+describe('Gallery Routes', () => {
 
-  describe('POST: /api/gallery', function() {
-    describe('with a valid body and token', function() {
+  describe('POST: /api/gallery', () => {
+    describe('with a valid body and token', () => {
+      before(done => { //make a user and save it to db, needed for GET, PUT, POST, DELETE
+        new User(testUser).generatePasswordHash(testUser.password)
+        .then(user => {
+          user.save();
+          this.tempUser = user;
+          return user.generateToken();
+        })
+        .then(token => {
+          console.log('TOKEN!!!!!', token);
+          this.TempToken = token;
+          done();
+        })
+        .catch(done);
+      });
+      // beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
+      //   testGallery.userID = this.tempUser._id.toString();
+      //   new Gallery(testGallery).save()
+      //   .then(gallery => {
+      //     this.tempGallery = gallery;
+      //     done();
+      //   })
+      //   .catch(done);
+      // });
+      afterEach(done => { //remove user and gallery db entries
+        Promise.all([
+          User.remove({}),
+          Gallery.remove({})
+        ])
+        .then( () => {
+          delete testGallery.userID; //remove user ID
+          done();
+        })
+        .catch(done);
+      });
       it('should return a gallery', done => {
         request.post(`${url}/api/gallery`)
         .send(testGallery)
@@ -71,7 +76,7 @@ describe('Gallery Routes', function() {
         });
       });
     });
-    describe('wthout a valid token', function() {
+    describe('wthout a valid token', () => {
       it('should return a 401 error', done => {
         request.post(`${url}/api/gallery`)
         .send(testGallery)
@@ -81,7 +86,7 @@ describe('Gallery Routes', function() {
         });
       });
     });
-    describe('without a valid body', function() {
+    describe('without a valid body', () => {
       it('should return a 400 error', done => {
         request.post(`${url}/api/gallery`)
         .set( { Authorization: `Bearer ${this.tempToken}` } )
@@ -92,154 +97,154 @@ describe('Gallery Routes', function() {
       });
     });
   });
-  describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', function() {
-    describe('with an invalid route', function() {
-      it('should return a 404 error', done => {
-        request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/gallery', function() {
-    describe('with a valid token', function() {
-      it('should return a list of gallery IDs in the db', done => {
-        request.get(`${url}/api/gallery`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.body).to.be.an('array');
-          done();
-        });
-      });
-    });
-    describe('without a valid token', function() {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/gallery`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/gallery/:id', function() {
-    describe('with a valid id and token', function() {
-      it('should return a gallery', done => {
-        request.get(`${url}/api/gallery/${this.tempGallery._id}}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          let date = new Date(res.body.created).toString();
-          expect(date).to.not.equal('invalid date');
-          expect(res.status).to.equal(200);
-          expect(res.body.name).to.equal(testGallery.name);
-          expect(res.body.desc).to.equal(testGallery.desc);
-          expect(res.body.userID).to.equal(this.tempUser._id.toString());
-          done();
-        });
-      });
-    });
-    describe('wthout a valid totken', function() {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-    describe('with an invalid id' , function() {
-      it('should return a 404 error', done => {
-        request.get(`${url}/api/gallery/1nval1did`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
-  describe('DELETE: /api/gallery/:id', function() {
-    describe('with a valid id and token', function() {
-      it('should return a 204 code', done => {
-        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(204);
-          done();
-        });
-      });
-    });
-    describe('without a valid id', function() {
-      it('should return a 404 error code', done => {
-        request.delete(`${url}/api/gallery/1nvalid1d`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-    describe('without a valid token', function() {
-      it('should return a 401 error code', done => {
-        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-  describe('PUT: /api/gallery/:id', function() {
-    var update = { name: 'updated gallery name', desc: 'updated gallery description' };
-    describe('with a valid body, id, and token', function() {
-      it('should return an updated gallery', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .send(update)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.body.name).to.equal(update.name);
-          expect(res.body.desc).to.equal(update.desc);
-          done();
-        });
-      });
-    });
-    describe('without a valid body', function() {
-      it('should return a 400 error', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(400);
-          done();
-        });
-      });
-    });
-    describe('without a valid token', function() {
-      it('should return a 401 error', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .send(update)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-    describe('without a valid gallery id', function() {
-      it('should return a 404 error', done => {
-        request.put(`${url}/api/gallery/00p5wr0ng1d`)
-        .send(update)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
+  // describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', () => {
+  //   describe('with an invalid route', () => {
+  //     it('should return a 404 error', done => {
+  //       request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
+  //       .end(err => {
+  //         expect(err.status).to.equal(404);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
+  // describe('GET: /api/gallery', () => {
+  //   describe('with a valid token', () => {
+  //     it('should return a list of gallery IDs in the db', done => {
+  //       request.get(`${url}/api/gallery`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         expect(res.body).to.be.an('array');
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid token', () => {
+  //     it('should return a 401 error', done => {
+  //       request.get(`${url}/api/gallery`)
+  //       .end(err => {
+  //         expect(err.status).to.equal(401);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
+  // describe('GET: /api/gallery/:id', () => {
+  //   describe('with a valid id and token', () => {
+  //     it('should return a gallery', done => {
+  //       request.get(`${url}/api/gallery/${this.tempGallery._id}}`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         let date = new Date(res.body.created).toString();
+  //         expect(date).to.not.equal('invalid date');
+  //         expect(res.status).to.equal(200);
+  //         expect(res.body.name).to.equal(testGallery.name);
+  //         expect(res.body.desc).to.equal(testGallery.desc);
+  //         expect(res.body.userID).to.equal(this.tempUser._id.toString());
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('wthout a valid token', () => {
+  //     it('should return a 401 error', done => {
+  //       request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .end(err => {
+  //         expect(err.status).to.equal(401);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('with an invalid id' , () => {
+  //     it('should return a 404 error', done => {
+  //       request.get(`${url}/api/gallery/1nval1did`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end(err => {
+  //         expect(err.status).to.equal(404);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
+  // describe('DELETE: /api/gallery/:id', () => {
+  //   describe('with a valid id and token', () => {
+  //     it('should return a 204 code', done => {
+  //       request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         expect(res.status).to.equal(204);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid id', () => {
+  //     it('should return a 404 error code', done => {
+  //       request.delete(`${url}/api/gallery/1nvalid1d`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end(err => {
+  //         expect(err.status).to.equal(404);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid token', () => {
+  //     it('should return a 401 error code', done => {
+  //       request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .end(err => {
+  //         expect(err.status).to.equal(401);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
+  // describe('PUT: /api/gallery/:id', () => {
+  //   var update = { name: 'updated gallery name', desc: 'updated gallery description' };
+  //   describe('with a valid body, id, and token', () => {
+  //     it('should return an updated gallery', done => {
+  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .send(update)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         expect(res.status).to.equal(200);
+  //         expect(res.body.name).to.equal(update.name);
+  //         expect(res.body.desc).to.equal(update.desc);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid body', () => {
+  //     it('should return a 400 error', done => {
+  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end(err => {
+  //         expect(err.status).to.equal(400);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid token', () => {
+  //     it('should return a 401 error', done => {
+  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+  //       .send(update)
+  //       .end(err => {
+  //         expect(err.status).to.equal(401);
+  //         done();
+  //       });
+  //     });
+  //   });
+  //   describe('without a valid gallery id', () => {
+  //     it('should return a 404 error', done => {
+  //       request.put(`${url}/api/gallery/00p5wr0ng1d`)
+  //       .send(update)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end(err => {
+  //         expect(err.status).to.equal(404);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
 });

From 70910a355ee6eeef2fa40e8ddd8bdf34c8fbaf0a Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Tue, 7 Mar 2017 22:43:29 -0800
Subject: [PATCH 14/20] all routes and tests working, all files pass linter

---
 lab-yana/README.md                     |   2 +-
 lab-yana/lib/bearer-auth-middleware.js |   9 +-
 lab-yana/lib/error-middleware.js       |   7 +
 lab-yana/model/user.js                 |   6 +-
 lab-yana/route/gallery-router.js       |   7 +-
 lab-yana/test/auth-routes-test.js      | 150 +++++-----
 lab-yana/test/gallery-router-test.js   | 379 +++++++++++++------------
 7 files changed, 285 insertions(+), 275 deletions(-)

diff --git a/lab-yana/README.md b/lab-yana/README.md
index 93494b1..4d76fc5 100644
--- a/lab-yana/README.md
+++ b/lab-yana/README.md
@@ -1,3 +1,3 @@
-This is a server that allows you to sign in or sign up, using basic authorization and authentication using a token generated by the middleware jsonwebtoken as well as hashing using the native node module crypto as well as the imported module bcrypt.
+This is a server that allows you to sign in or sign up, using basic authorization and authentication using a token generated by the middleware jsonwebtoken as well as hashing using the native node module crypto as well as the imported module bcrypt. The server now allows you to create galleries with a name and description.
 
 _created by_ Yana Radenska
diff --git a/lab-yana/lib/bearer-auth-middleware.js b/lab-yana/lib/bearer-auth-middleware.js
index 2674180..b4a992f 100644
--- a/lab-yana/lib/bearer-auth-middleware.js
+++ b/lab-yana/lib/bearer-auth-middleware.js
@@ -8,14 +8,13 @@ const User = require('../model/user.js');
 module.exports = function(req, res, next) {
   debug('bearer-auth-middleware');
 
-  let authHeader = req.headers.authorization;
+  var authHeader = req.headers.authorization;
   if (!authHeader) return next(createError(401, 'authorization header required'));
 
-  let token = authHeader.split('Bearer ')[1];
-  console.log('TOKEN!!!!!!!!!!!', token);
-  if(!token) return next(createError(401, 'token required'));
+  var token = authHeader.split('Bearer ')[1];
+  if (!token) return next(createError(401, 'token required'));
 
-  jwt.verify(token, process.env.APP_SECRET, (err, decoded) => {
+  jwt.verify(token, process.env.APP_SECRET, function(err, decoded) {
     if (err) return next(err);
     User.findOne( { findHash: decoded.token } )
     .then(user => {
diff --git a/lab-yana/lib/error-middleware.js b/lab-yana/lib/error-middleware.js
index dee66d1..1d2fc4d 100644
--- a/lab-yana/lib/error-middleware.js
+++ b/lab-yana/lib/error-middleware.js
@@ -21,6 +21,13 @@ module.exports = function(err, req, res, next) {
     return;
   }
 
+  if (err.name === 'CastError') {
+    err = createError(404, err.message);
+    res.status(err.status).send(err.name);
+    next();
+    return;
+  }
+
   err = createError(500, err.message);
   res.status(err.status).send(err.message);
   next();
diff --git a/lab-yana/model/user.js b/lab-yana/model/user.js
index 6727cc4..d2c0da8 100644
--- a/lab-yana/model/user.js
+++ b/lab-yana/model/user.js
@@ -11,7 +11,7 @@ const Promise = require('bluebird');
 const Schema = mongoose.Schema;
 
 const userSchema = Schema({
-  username: { type: String, required: true, unique: true  },
+  username: { type: String, required: true, unique: true },
   email: { type: String, required: true, unique: true },
   password: { type: String, required: true },
   findHash: { type: String, unique: true }
@@ -47,13 +47,13 @@ userSchema.methods.generateFindHash = function() {
     function _generateFindHash() {
       this.findHash = crypto.randomBytes(32).toString('hex'); //assign to findHash a randomly generated hash for two step authentication
       this.save() //make sure to save it in db
-      .then ( () => resolve(this.findHash))
+      .then( () => resolve(this.findHash))
       .catch(err => {
         if (tries > 3) return reject(err);
         tries++;
         _generateFindHash.call(this); //try to generate the FindHash again until it has been tried 3 times
       });
-    };
+    }
   });
 };
 
diff --git a/lab-yana/route/gallery-router.js b/lab-yana/route/gallery-router.js
index adfeba5..af0961e 100644
--- a/lab-yana/route/gallery-router.js
+++ b/lab-yana/route/gallery-router.js
@@ -24,14 +24,15 @@ galleryRouter.get('/api/gallery', bearerAuth, function(req, res, next) {
 
   Gallery.find({}, function(err, galleries) {
     if (err) return(next(err));
-    res.json(galleries.select('_id'));
+    var ids = [];
+    galleries.forEach(gallery => ids.push(gallery._id)); //take just the IDs from the returned objects
+    res.json(ids);
   });
 });
 
 galleryRouter.post('/api/gallery', bearerAuth, parseJSON, function(req, res, next) {
   debug('POST: /api/gallery');
-  console.log('BEARERAUTH', bearerAuth);
-
+  // if (req._body === false) return next(createError(400, 'bad request'));
   req.body.userID = req.user._id; //associate the user with the gallery before creating the new gallery and saving it to the db
   new Gallery(req.body).save()
   .then(gallery => res.json(gallery))
diff --git a/lab-yana/test/auth-routes-test.js b/lab-yana/test/auth-routes-test.js
index a8ef812..dffdb0c 100644
--- a/lab-yana/test/auth-routes-test.js
+++ b/lab-yana/test/auth-routes-test.js
@@ -5,78 +5,78 @@ const request = require('superagent');
 const User = require('../model/user.js');
 const url = 'http://localhost:3003';
 
-// require('../server.js');
-//
-// const testUser = {
-//   username: 'testUser',
-//   password: 'word',
-//   email: 'testUser@test.com'
-// };
-//
-// describe('Auth Routes', function() {
-//   describe('POST: /api/signup', function() {
-//     describe('with a valid body', function() {
-//       after(done => {
-//         User.remove({})
-//         .then( () => done())
-//         .catch(done);
-//       });
-//       it('should return a token', done => {
-//         request.post(`${url}/api/signup`)
-//         .send(testUser)
-//         .end((err, res) => {
-//           if (err) return done(err);
-//           expect(res.status).to.equal(200);
-//           expect(res.text).to.be.a('string');
-//           done();
-//         });
-//       });
-//     });
-//     describe('without a valid body', function() {
-//       it('should return a 400 error', done => {
-//         request.post(`${url}/api/signup`)
-//         .end(err => {
-//           expect(err.status).to.equal(400);
-//           done();
-//         });
-//       });
-//     });
-//   });
-//   describe('GET: /api/signin', function() {
-//     describe('with a valid authentication header', function() {
-//       before(done => {
-//         let user = new User(testUser);
-//         user.generatePasswordHash(user.password)
-//         .then(user => user.save())
-//         .then(user => {
-//           this.tempUser = user;
-//           done();
-//         });
-//       });
-//       after(done => {
-//         User.remove({})
-//         .then( () => done())
-//         .catch(done);
-//       });
-//       it('should return a token', done => {
-//         request.get(`${url}/api/signin`)
-//         .auth('testUser', 'word')
-//         .end((err, res) => {
-//           if (err) return done(err);
-//           expect(res.status).to.equal(200);
-//           expect(res.text).to.be.a('string');
-//           done();
-//         });
-//       });
-//     });
-//     describe('without a valid authentication header', function() {
-//       it('should return a 401 error', done => {
-//         request.get(`${url}/api/signin`)
-//         .end(err => {
-//           expect(err.status).to.equal(401);
-//           done();
-//         });
-//       });
-//     });
-//   });
-// });
+require('../server.js');
+
+const testUser = {
+  username: 'testUser',
+  password: 'word',
+  email: 'testUser@test.com'
+};
+
+describe('Auth Routes', function() {
+  describe('POST: /api/signup', function() {
+    describe('with a valid body', function() {
+      after(done => {
+        User.remove({})
+        .then( () => done())
+        .catch(done);
+      });
+      it('should return a token', done => {
+        request.post(`${url}/api/signup`)
+        .send(testUser)
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.text).to.be.a('string');
+          done();
+        });
+      });
+    });
+    describe('without a valid body', function() {
+      it('should return a 400 error', done => {
+        request.post(`${url}/api/signup`)
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/signin', function() {
+    describe('with a valid authentication header', function() {
+      before(done => {
+        let user = new User(testUser);
+        user.generatePasswordHash(user.password)
+        .then(user => user.save())
+        .then(user => {
+          this.tempUser = user;
+          done();
+        });
+      });
+      after(done => {
+        User.remove({})
+        .then( () => done())
+        .catch(done);
+      });
+      it('should return a token', done => {
+        request.get(`${url}/api/signin`)
+        .auth('testUser', 'word')
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.text).to.be.a('string');
+          done();
+        });
+      });
+    });
+    describe('without a valid authentication header', function() {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/signin`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+});
diff --git a/lab-yana/test/gallery-router-test.js b/lab-yana/test/gallery-router-test.js
index e5f6e6f..602ad68 100644
--- a/lab-yana/test/gallery-router-test.js
+++ b/lab-yana/test/gallery-router-test.js
@@ -5,14 +5,13 @@ const request = require('superagent');
 const User = require('../model/user.js');
 const Gallery = require('../model/gallery.js');
 const url = 'http://localhost:3003';
-const Promise = require('bluebird');
 const mongoose = require('mongoose');
+const Promise = require('bluebird');
 mongoose.Promise = Promise;
 
-require('../server.js');
 
 const testUser = {
-  name: 'testUser',
+  username: 'testUser',
   password: 'word',
   email: 'testUser@user.com'
 };
@@ -22,44 +21,45 @@ const testGallery = {
   desc: 'testGallery description'
 };
 
-describe('Gallery Routes', () => {
+require('../server.js');
 
+describe('Gallery Routes', function() {
+  beforeEach(done => {
+    let user = new User(testUser);
+    user.generatePasswordHash(testUser.password)
+    .then(user => {
+      user.save();
+      this.tempUser = user;
+      return user.generateToken();
+    })
+    .then(token => {
+      this.tempToken = token;
+      done();
+    })
+    .catch(done);
+  });
+  beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
+    testGallery.userID = this.tempUser._id.toString();
+    new Gallery(testGallery).save()
+    .then(gallery => {
+      this.tempGallery = gallery;
+      done();
+    })
+    .catch(done);
+  });
+  afterEach(done => { //remove user and gallery db entries
+    Promise.all([
+      User.remove({}),
+      Gallery.remove({})
+    ])
+    .then( () => {
+      delete testGallery.userID; //remove user ID
+      done();
+    })
+    .catch(done);
+  });
   describe('POST: /api/gallery', () => {
     describe('with a valid body and token', () => {
-      before(done => { //make a user and save it to db, needed for GET, PUT, POST, DELETE
-        new User(testUser).generatePasswordHash(testUser.password)
-        .then(user => {
-          user.save();
-          this.tempUser = user;
-          return user.generateToken();
-        })
-        .then(token => {
-          console.log('TOKEN!!!!!', token);
-          this.TempToken = token;
-          done();
-        })
-        .catch(done);
-      });
-      // beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
-      //   testGallery.userID = this.tempUser._id.toString();
-      //   new Gallery(testGallery).save()
-      //   .then(gallery => {
-      //     this.tempGallery = gallery;
-      //     done();
-      //   })
-      //   .catch(done);
-      // });
-      afterEach(done => { //remove user and gallery db entries
-        Promise.all([
-          User.remove({}),
-          Gallery.remove({})
-        ])
-        .then( () => {
-          delete testGallery.userID; //remove user ID
-          done();
-        })
-        .catch(done);
-      });
       it('should return a gallery', done => {
         request.post(`${url}/api/gallery`)
         .send(testGallery)
@@ -97,154 +97,157 @@ describe('Gallery Routes', () => {
       });
     });
   });
-  // describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', () => {
-  //   describe('with an invalid route', () => {
-  //     it('should return a 404 error', done => {
-  //       request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
-  //       .end(err => {
-  //         expect(err.status).to.equal(404);
-  //         done();
-  //       });
-  //     });
-  //   });
-  // });
-  // describe('GET: /api/gallery', () => {
-  //   describe('with a valid token', () => {
-  //     it('should return a list of gallery IDs in the db', done => {
-  //       request.get(`${url}/api/gallery`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end((err, res) => {
-  //         if (err) return done(err);
-  //         expect(res.body).to.be.an('array');
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid token', () => {
-  //     it('should return a 401 error', done => {
-  //       request.get(`${url}/api/gallery`)
-  //       .end(err => {
-  //         expect(err.status).to.equal(401);
-  //         done();
-  //       });
-  //     });
-  //   });
-  // });
-  // describe('GET: /api/gallery/:id', () => {
-  //   describe('with a valid id and token', () => {
-  //     it('should return a gallery', done => {
-  //       request.get(`${url}/api/gallery/${this.tempGallery._id}}`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end((err, res) => {
-  //         if (err) return done(err);
-  //         let date = new Date(res.body.created).toString();
-  //         expect(date).to.not.equal('invalid date');
-  //         expect(res.status).to.equal(200);
-  //         expect(res.body.name).to.equal(testGallery.name);
-  //         expect(res.body.desc).to.equal(testGallery.desc);
-  //         expect(res.body.userID).to.equal(this.tempUser._id.toString());
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('wthout a valid token', () => {
-  //     it('should return a 401 error', done => {
-  //       request.get(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .end(err => {
-  //         expect(err.status).to.equal(401);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('with an invalid id' , () => {
-  //     it('should return a 404 error', done => {
-  //       request.get(`${url}/api/gallery/1nval1did`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end(err => {
-  //         expect(err.status).to.equal(404);
-  //         done();
-  //       });
-  //     });
-  //   });
-  // });
-  // describe('DELETE: /api/gallery/:id', () => {
-  //   describe('with a valid id and token', () => {
-  //     it('should return a 204 code', done => {
-  //       request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end((err, res) => {
-  //         if (err) return done(err);
-  //         expect(res.status).to.equal(204);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid id', () => {
-  //     it('should return a 404 error code', done => {
-  //       request.delete(`${url}/api/gallery/1nvalid1d`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end(err => {
-  //         expect(err.status).to.equal(404);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid token', () => {
-  //     it('should return a 401 error code', done => {
-  //       request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .end(err => {
-  //         expect(err.status).to.equal(401);
-  //         done();
-  //       });
-  //     });
-  //   });
-  // });
-  // describe('PUT: /api/gallery/:id', () => {
-  //   var update = { name: 'updated gallery name', desc: 'updated gallery description' };
-  //   describe('with a valid body, id, and token', () => {
-  //     it('should return an updated gallery', done => {
-  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .send(update)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end((err, res) => {
-  //         if (err) return done(err);
-  //         expect(res.status).to.equal(200);
-  //         expect(res.body.name).to.equal(update.name);
-  //         expect(res.body.desc).to.equal(update.desc);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid body', () => {
-  //     it('should return a 400 error', done => {
-  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end(err => {
-  //         expect(err.status).to.equal(400);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid token', () => {
-  //     it('should return a 401 error', done => {
-  //       request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-  //       .send(update)
-  //       .end(err => {
-  //         expect(err.status).to.equal(401);
-  //         done();
-  //       });
-  //     });
-  //   });
-  //   describe('without a valid gallery id', () => {
-  //     it('should return a 404 error', done => {
-  //       request.put(`${url}/api/gallery/00p5wr0ng1d`)
-  //       .send(update)
-  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
-  //       .end(err => {
-  //         expect(err.status).to.equal(404);
-  //         done();
-  //       });
-  //     });
-  //   });
-  // });
+  describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', () => {
+    describe('with an invalid route', () => {
+      it('should return a 404 error', done => {
+        request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/gallery', () => {
+    describe('with a valid token', () => {
+      it('should return a list of gallery IDs in the db', done => {
+        request.get(`${url}/api/gallery`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.body).to.be.an('array');
+          expect(res.body.length).to.equal(1);
+          expect(res.body[0]).to.equal(this.tempGallery._id.toString());
+          done();
+        });
+      });
+    });
+    describe('without a valid token', () => {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/gallery`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+  describe('GET: /api/gallery/:id', () => {
+    describe('with a valid id and token', () => {
+      it('should return a gallery', done => {
+        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          let date = new Date(res.body.created).toString();
+          expect(date).to.not.equal('invalid date');
+          expect(res.status).to.equal(200);
+          expect(res.body.name).to.equal(testGallery.name);
+          expect(res.body.desc).to.equal(testGallery.desc);
+          expect(res.body.userID).to.equal(this.tempUser._id.toString());
+          done();
+        });
+      });
+    });
+    describe('wthout a valid token', () => {
+      it('should return a 401 error', done => {
+        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+    describe('with an invalid id' , () => {
+      it('should return a 404 error', done => {
+        request.get(`${url}/api/gallery/1nval1did`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
+  describe('DELETE: /api/gallery/:id', () => {
+    describe('with a valid id and token', () => {
+      it('should return a 204 code', done => {
+        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(204);
+          done();
+        });
+      });
+    });
+    describe('without a valid id', () => {
+      it('should return a 404 error code', done => {
+        request.delete(`${url}/api/gallery/1nvalid1d`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+    describe('without a valid token', () => {
+      it('should return a 401 error code', done => {
+        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+  });
+  describe('PUT: /api/gallery/:id', () => {
+    var update = { name: 'updated gallery name', desc: 'updated gallery description' };
+    describe('with a valid body, id, and token', () => {
+      it('should return an updated gallery', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .send(update)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.status).to.equal(200);
+          expect(res.body.name).to.equal(update.name);
+          expect(res.body.desc).to.equal(update.desc);
+          done();
+        });
+      });
+    });
+    describe('without a valid body', () => {
+      it('should return a 400 error', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+    describe('without a valid token', () => {
+      it('should return a 401 error', done => {
+        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+        .send(update)
+        .end(err => {
+          expect(err.status).to.equal(401);
+          done();
+        });
+      });
+    });
+    describe('without a valid gallery id', () => {
+      it('should return a 404 error', done => {
+        request.put(`${url}/api/gallery/00p5wr0ng1d`)
+        .send(update)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
+  });
 });

From 13b91c4bda41cdec18c612dc347ff57b4bf11568 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 13:24:53 -0800
Subject: [PATCH 15/20] added basic filestructure, including test .png file,
 installed necessary modules

---
 lab-yana/.env                      |   4 ++++
 lab-yana/model/pic.js              |   0
 lab-yana/package.json              |   5 ++++-
 lab-yana/route/pic-router.js       |   0
 lab-yana/test/data/tester.png      | Bin 0 -> 5920 bytes
 lab-yana/test/lib/server-toggle.js |   0
 lab-yana/test/pic-routes-test.js   |   0
 7 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 lab-yana/model/pic.js
 create mode 100644 lab-yana/route/pic-router.js
 create mode 100644 lab-yana/test/data/tester.png
 create mode 100644 lab-yana/test/lib/server-toggle.js
 create mode 100644 lab-yana/test/pic-routes-test.js

diff --git a/lab-yana/.env b/lab-yana/.env
index 12b2098..54acbf9 100644
--- a/lab-yana/.env
+++ b/lab-yana/.env
@@ -1,3 +1,7 @@
 PORT='3003'
 MONGODB_URI='mongodb://localhost/cfgram'
 APP_SECRET='mysupersekritthingy'
+APP_SECRET='uhwhut'
+AWS_BUCKET='cfgrambackend42'
+AWS_ACCESS_KEY_ID='AKIAIUKO3XB6OQZSFZQA'
+AWS_SECRET_ACCESS_KEY='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'
diff --git a/lab-yana/model/pic.js b/lab-yana/model/pic.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/package.json b/lab-yana/package.json
index 4a0141a..afad0e9 100644
--- a/lab-yana/package.json
+++ b/lab-yana/package.json
@@ -22,16 +22,19 @@
     "superagent": "^3.5.0"
   },
   "dependencies": {
+    "aws-sdk": "^2.24.0",
     "bcrypt": "^1.0.2",
     "bluebird": "^3.5.0",
     "body-parser": "^1.17.1",
     "cors": "^2.8.1",
     "debug": "^2.6.1",
+    "del": "^2.2.2",
     "dotenv": "^4.0.0",
     "express": "^4.15.2",
     "http-errors": "^1.6.1",
     "jsonwebtoken": "^7.3.0",
     "mongoose": "^4.8.6",
-    "morgan": "^1.8.1"
+    "morgan": "^1.8.1",
+    "multer": "^1.3.0"
   }
 }
diff --git a/lab-yana/route/pic-router.js b/lab-yana/route/pic-router.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/test/data/tester.png b/lab-yana/test/data/tester.png
new file mode 100644
index 0000000000000000000000000000000000000000..04c99f2bcf29a75773e672165f5efbf0ac5e17ce
GIT binary patch
literal 5920
zcmV+*7vJcKP)<h;3K|Lk000e1NJLTq001BW001Bm1^@s6BkHEN00004XF*Lt006O%
z3;baP0000WV@Og>004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00009
za7bBm000XU000XU0RWnu7ytkkmPtfGRA>dgS$kYm)%IWe%nZXD1;hk}@de`x9gYw3
zIa+$v)YLT7D~XzATGrLFoAy(#cD>g!v&=M2CCxI)N11O7Qm^mf0KPy31_V@I@)U-d
zbN26h29Cd*zx(;zKYove&OUqXeb!#@z4tmq{{}dBPhdBuc2DY_M7~c>PdAFsMHLHS
z(idW+`Dwi|J*KapIgYBIoTv4rNilb$e)G<gc8U6^hJhq)7AeZnf1)%vW<%5tW2`ps
z$u@m~xYb<1R!HBA?aaYCMOq<>QH3n$$$1)|8sATjKiOwbB3cM|bl-P#>dmR-V$CxY
ziN}zcD1i>K5!6ao%w|H!NcMG~dYdilva4B5|3plBS2RR9B7A8gg|PM`-l1Y*q#Heq
z+K?9+W8-zb=n^G{+xZgOO^1n;*|drF=O$1MImvawP8Gzd_Sj$OA(il3DNk7z+nTb&
z?s@*x67EMSPmD4T)Q_iBYERdACQngj@lNtHF}tOgvomPN)vF?a4BC5r``Q3lqXix-
z;8K_VIbA*{{{eR{cfGTSY9!uA71%__bi>J_+r)a%M*3FytWSikXI2k>QX?Rpjwy=D
z4;)MnSPbhkHkcIhCa-DFlYm7%hmr3l;kID)ix&#nQhJ%lu}FE9A4fZhPgh&^Cu#?!
zkTFj<%%&1~Ok(TVAR;-H_oNqz>ena>mAZ!}D3HkYtCjNU0afgsO`Konr%$Z6EKdv1
z9#Z?W#!vb@af10IE8=tMBE2JQvBcU+vohrmwefT1gMy;wkl*0oe^g}epjwuh*$Y6e
zqoc0@=%KU&uJu4zP9rFo9VdT_$#x=ZmhzrPK-w#YN69g*Af^Wkn;k$hMvPPAeI((a
z5Y{$<4QJ2MFro%UKBtU;Af+^t=F3*{rzRq9h5dbrvjo`JK}<-*uO82K_y;GQ5>KVn
zNKHJE!k|JOGwCx}1EuKVy>f-#!YR<Z#s_jJ^3ihTJKp6kNP<HBUOU~UDxUw%7|UC>
z%547|SsK6T;o?&BTwNgFN2kfotDz8E)@en)F*WusLOSrV2S~5QJTi}Chb&*Ed1w8?
zCu#(wonnBQ4Qixd3ZalCMz$4>(Pa|(N9$JVE<n%%<(x8@sA)3a!iyk)5pQ}ZCMbqe
zlP-~J@uaX+jUL3;lMVv^E6@X3M*&#Lgn5k!2Rq)cp(-~$Bk7eyybBQGjoa8(HcBvg
z4i;Jo+li|C$y4NZaw^uBsc9dnZ_)kr?^~wXDzf<1i`sHhp(vW$v7MH1DB>QU&7?~)
z73Nm#eanEfpsXtXH)&OjGpe@Zaq7yVSm%$v*NvpBw0}yXSE{bN07t7EA-7jfgWOT%
zfQL>yTpj@oLH*F`1v@P40c$3}E~*Ob!2TYL5P?BJb^MWgJcv4BN*(`!uT$~7if>l&
z>;!uRypio=_klOUH}0Ty;mMP%ppBLBPhExNL^goN(_n+icd;%*=nry_WWBN%4)PY=
zqT9RU!L5_q-|J_Iv)#+~x%Y;YECxj7u|)#qvRH~1!mv~`ghBA|*YAaecpNs2o{}i1
z&;Xh%Q(e96rR;MhP%?B|?RHTe=?x~>3$0*9vXa4Ed<zvY4ppdvsshVsgYcwUm>_y1
ze(R_=jRU@rhw@CcFY0$2lE}`y{U5Zpl8G(#=<8Vkd=9TtzQTM14W}tcb&n8A4k*|g
zA>tt<AXL0mK6nltr+@H-+Uat>vfgFobC50WaeL?>kClebafwiqCkvZat}@_;+vLLr
z>3$GsFrqVu;4>{?0HeGqwQ8lST)qaJ9_%}mRPq5{&?l(Bu#Sn!+yW<(2BBcY0EP+9
zi=+l9A%rNHZE#z<!i`gZLa7^m@9_fV@38b({cVE-ma489TG5$I&hx)Lb7?l&<<GAq
zWL(Dh>xNw8XtaeqQ&|T3q41X|_d4WOWDQi=1jRVv4vbmd0Y>_GDBnd~j<1^IDv>W^
zJvHzIS1XkPH?#tk0RFQ;=@bF?4b<>x5wnz_o5!xvF7zHjV9reLjYPmgnkD_AQypBf
z4&n>|LnZtJ{sI`S0B!<QG*<6th{pSM^cHQ#cm+18H1u=$=X^2RN%~<P?~sWXKAd*H
z1KADzyAKdwB74Zn9rD*l$>h7@-HdnC@ja!<`Q>>3MMIo12lOv;S;4jm7)WFBs~SY}
zG_}=oj7#-5X4U`1%GGTaGD0CjDxR7l0-+(3pMcmngF(bm3-}|3jUbc`y*2=+sz%*K
zjUb@9aseVR5N%G&{B&gyV$H-}@sK^Yp#9ma$S0cY%FfE*lKGf(UGD3e48|j=Q5b@L
z1^4I2z}k0SF+KyJ?YTM2%I^?`7+#<FCPF$qaJDda4D#q_5equPFI|K4t#!x+!gKy(
zTH_eT)*BWX%Rnzj8KN8kJqLU<2>m*EpvsrVrvv6ukoPNF_-ueeJlWeVJwkHz$D3Th
zmemSc`!5Ah%ORl>3UFb1B^072I0sZ!iG>_|Fb83puYcdLA2BNiTn(HHftQrt$QQ}(
zx^Zrg?Kybd(k^kmVR3fNr)Pl5*lt&26BuTzj0Zi}A$_$iX`Aawc8{*ZZ#?}1QP9D`
zX+scPj^SnBl?@<!m22a&H34MzTru|0Ge3~s8Gb7AObp&zS8=xZ&!96f;CSFj@HJN7
zXi#&@Js!;~z?T|oYK~FCAM-Tdt^~FY3uq97?BT}Trf@2URW%5K-aL3b2nA6`Aj|n4
zp5PvQfnZUV=ex`Q?}*uRReyfq4Q<&{_g>rv3oUK8xAT3X4j-MKbP5*hWZ(Q?`v-V$
znPIZN2$mStFt+9o=%4WF>FWi{x5=@V&mvRn*g0$FcOuet^DOpiO;lENYQjk;=ntw)
zEWSpj$UEByeftfWIvhE*?&Jup;|iJ+x)!<ORO$~GvHkJ9TJys~cwU~*H2<!kU%}6F
z)iZ+79>jPh%-0Tmq-rv7JD!@s3&~uMG)hIVERm?;;rb48I8@O$k{YYMShVnWSg?ZL
zXNTaD+s~9;84h~ywmaBqDKgregZB?WupZNoee_!tTzSlh1J6Q0Ayi+eN9gcpOOo<7
zLUH-NLjuFmFRlNz27O(t&@VyV-llHk{!vhXvdVGP@g^K@#W!(Vw_yG!fdj)vKyl~T
zc#1=AXnc0bNNm47cAi>yzAxEBQ}*{vT7`9v2HXt13eUTF_77K%gJOg(K|dXy@Q7_=
z7bt;eU_Y1%yo~?U2nkvs6K6{Y83pPGS12GvT?>@J^{XGI@&+6;&I6|)y8Kuoec8}h
zTT7`Sdv}-Y!ePYx{(<pF=0E}FiESrgVf}rdB%j+v4~CtXb*zxAch)Sh&WnV=4-Dr$
z7m$^i{Zm^b9_3Fjuf4v2DB#V-#cORup6l8+JO$6H*mVBJKhklasyTV+3~~e8)M`S=
zb>z(Wxu3_y65YRaZ1j;6P+T9c<DS`AH)Zm*DgOaJCjY$rbR1Ee(_d$7J&N@LAAVmP
zhh!Zg6zEnnyAsTHGZ+NhH6urLA5BbZjRT!0`3guKZdZ6b5Xn>cjzYWh1N~-0FbID1
z;4imM2{?pBRz(lt3GG8(YBxOtNosQI%0TSnRqsikroj_3ro|TbBr+A&jNUai0^8Wm
zf^Ty|A;>MCO9Ah}l7k#Rjc{oMmK%bvJhyVfLiC%#RQ?}7p8Vk^ESl^_m}sKzF9>au
zeCh5xx%HsCY3zw{qsf#R-rv-19+|3dT;tae-^TFZS;42t6gF%6x<A5GgvO`VbpDjb
zbMKlZ6`_K)>9{an_XB7a^Amh`vAuaY{2oLayhE1-q`V@;N5bO)0lM-p7~Lp3zjDr0
ztis|}QzGJ6y!?LYmXbkatvi}qmix@(*>*o~^VM!A$lmUYHLrfwi|pPLXTCqJH!S^j
zMshAJ$iDKZFixdZWx|Ez^jadH&_&LLPf@DBr`ce>K=$go8;7oEk^Rw<FO#>zLv;0n
zUlb2OVPW<DH6KHfWtnI4dy+li<l<wCO35C+ep|ubbh7)`cVE>#9<JU3wcGBL<~$37
zZLOSne;2nJmU?^m=OJX@kUPt_YSeQ;E$Q=K(&p15evwyme*q~lfV`DY9uH)*NE(yB
zm6BbposWvG9v6Ko{o&etUd=a^w>jkwc`0z*99X3CoARASWKu$!#x=q8A@`qsdF1zG
z>b_ye@m&{*p7Krl`iBC%H>lxH^*ARe)7&fAgU?JE`eM~%%iGIm{Brr{%NX0z!a*QY
zaGXIhX!NN|MN-|DJoaQEQPllUMt_C_R_jW!q;D>nnx3n;SMep8?0dF+{N*4dlh|qF
zM;`#)2YNEz<%u4GN4W<)ijw6ku97^e4|f@9N>Mp5&9IQY#^&)jvOS0iiL9sS^jE|c
z=1D?;HZJ`p4mVp5@jD;%`=;A3oJ$w_ecr?3Tq!N;v#v`X&%bg~oyk+uqr_uTH+cTt
zE_;G@_v0z@Ek~kb70;J@HsmxM<oRjmyFMRyn&)T6kNaxmO`fmJb9y)B^ZZ9ki^_^#
z;ycsY>YsMg5e9a*bin*MoreZEc}iydn2RG`#rz#j7RPO#-!!Z$`e7!|&%d?#qfMhR
zFSEld>U&q<Rcb43jkz6l7kvKOH?R9kO+0U0e@pki=qHO-v-OL7b(RWJnK;8dO6O?q
zA>_oiX{EP)C=*xABUC6PX#?2vb16N!Bb&n73FCpiCbw}t50`t(P+&CUY;<GTUk4z0
zDYqQU8W^_W6Mw9TyF#X$zs?*r4OzZ;|NaF@I3OuM=loRp4B1=Hnt5UNkJzrZ>gx?A
zvX@ObRe$1d2$dw)1yDE9Igeh(QJ_Cr|AOatH~}WmS_CH*1a13lE6y1=znU<2)ETmu
z&wG98LL^<bDR^$=*Wly(VbuRT-isFQ>c&t4<tq2(iMsfvIo!%GfwGQnQpWM&kLAii
zg1o|Fw7#G{;4l<SB?_XZ1*&krE<N&8jYED-ZdY&Dtzx}de|;jIRlb*fKs=yk!9z94
zRr?eKKtUc?tS`jQ!?_?L^P>xhv<GKro_ZMv82z%LBm0dYQ@g&;8z${VOrL7_t^sHI
zhZ{FvS$~~Oy3XBhhv5j!yET;7D^QT^w<|Cg2dlr`^DjhBsVH1H^v$zSNK8f5efWxD
z#;}J2%E03)eY8Q{Rvk6PRVT<wH~Cu%ldZ;ULK~D|5*xU3l!xB2({_G{uRi^YCKm35
zM|rwDSL+KY+zRz$Lzs*s&wI*E>AJYUyqRTNX4`7AJ@PNY6JVypcJD2^1VMcc#0C<C
zO*KduCH#c`DOaR3j8b`4b?b_SaH*SZOT*Vgu;ro19Ar0oiu<3wgB^I=y?sccRMNCR
zJn1zgC+p>@H^w7tPYEn<3yafsXH3&=Sh5iHh1bv@t81?}A$R2sUM!virDC7hfP5(8
zQBBRmHJEom86&Sn8!n6$enHy`yLvrOG@4LZQax6|cHa0+hUMF|f!S{~^pw_$PnpN*
zu3Cnr^~sLli&eR;AkVboA!B$63Po|#!z}2QSl+NTWhwF}(gx8psy22D8%_(^s~29w
z$?7-4Hi+9`jk+MIXKyDn0n<yZ1mV`^!Lcn-pm1MUf&L}u%jywWo|iE%_ZTcp9%`Pk
z3jvn6UWee0JDi10)4@wumdg-Y*d`sIje`N6+M)I3b9p}qScmGOx^4Qhd2G46FQMpV
z!W<)c%O;P>Y%=rFQPXGqAg?I3;?i}4AM0tee3)j)?p;==6>s}EY)7)glwwd;feD)6
z`}R$p3WUx#yLz2#gZxFhL7Z=XTPU-<ZEMW-yEvcM(tb+WWew=1JEp6^%z9{8aV1a>
z_(UrR;6SWhR4u}8vo>fe`8~b?^TKs`dL!9&-m$^a8z6Z5m=~i9flqe6)#MEU!r65e
zg832HsG86QLLg6!N3`5MjBGPI;}(1<Q!iEOIvHpYb?$j3c;brPD@B+u6yVu`N>I&*
z1)AWJgbL6={dbz+S=*ayf|#iSE<-KQsZ(Aas;5HNjdvEIDC*$r`6~V=H4U}Eb{von
zEgN1f$xq9k)wm$Cq0DKpQwmBU^>REer8pl_JaP%HonSDWig-5Ko~#FZ69SOyJJ+X}
zamM*fQ=uvV>qXC?uNF?c)N!!hh~FkCLaQX{-Pi`)O6}@`IL@Y0jC+1O4B$e>N$^{y
z3ltU@Ox0!bNZD{c!SX7KpmiJVc(WNg@nzH?uhhEcxy{8;t^Zg7TDe%O4qM(#3(1a9
zEC>nF9IT&Y*_qZcJGM9h%T`h8yxIC4%uec_5d?+}Akzo|6vghY3^lkF(V2At;|}_m
z7NM=+A1aZUZ=}_vDkOrM$1QkYtq~UBmjUmA71V3D>SYiS@2m9*JH_Ji>WwUa8Ntxt
zvU+r6t65(|V(oglLfP;zmG1Ino-%Vd-f)9-0A=}7-Be3J+6!3{&v~*uuFZR_01cs)
z#kD@U<iSlJx~@xA;%f6>b-gWPY~@)ENr??Jlv{k{YEx^IzOQZ^O9Yb!5|9&|_*0N!
z)DoE<ig2K$qSpR$P$9|zRaGFh*r@_8OYS7A3aS+{?qOV2h$i^6IH>u7&MEjott(N#
z2L+B}`cxEEzUHa{uA^3X@5P@ibJI-O(fL;C5)2lmKV+F~b7qIgNm}(+Gcexx9sD;1
zXrr3OEN`cOmNy@)_vc;tXr(-3SKrsWPob5T*KK84jVlTs7P!vIJ2s{Ul<R)f73dNm
zJ}wSWz$2){B`3H)gfuHcal5uASRK^UY-vY}rJF-XV?Yb3<4|Rl)2g4!{3%x-uk7Nx
z2%DO7IloS9YJnxeR+FV9Z;(!l!^{KpGb{s8?Jagq%y=jI<LHmcr$^Go4*0;M?qB~B
z*uTX76Y}mSv3J`qCa(@lE_NtdPYu#?v0c=!tjh9NR98pvR@zi)kJ#26xH`o*OXn1(
zePDG2D5KQ-xU&tv!o8dc$kwp8Ar)%T;V%*X&;VuGwfCtboZo{~&uPS79S>!pi0UHW
zbX}P+(vXO1bZh0PBc86|!${f0j+RBXx~xaX6Qlw$&in`6VPPZPl<VaWd#|(Ea?a7E
zCwI5U>pb!BZxx`;*IY@{sPr~mtph6-&azO}i{I#NyL$N6Q5q$EDF&K#GfhZVZK>1d
z6u%;!D6IB1)q2U7l;uhST-&H-Z8$dapw0?Ea3c0oVIwDkJ{~oP9u#4)`nSh-hZNNN
zhs!U?ZLXQ1kYb)Q<0s2VTSK=0^*+)OG2T2wzm`u^Hp=Z?i7|DOU(QE#OZ&9fBgy?~
zuSw(of2~zNnVAS1UkjuuF+W8eVZGCR#ck$+0xrhQARQHhqV7g)kbV?9n*$G~WDV&z
zwA%&Fb0+jRbbkeB^gCi-b2R7apNiAX6FJZA(Er`;zXHEc>}u}FcS@VYP_xh4S+*Z7
zha)@b#K&|m;agxUJ&s(z2i|h9`91dku%~^6)s~RBC`P_Y6Q!TTG3HqPVGXaf($}J2
zlymGM>1PNKmYkCLvM8DNK;Uzt+1weInFC^kxlK}pbQXf^E$WfzcOZQQysth`LuxM0
zdGq;2!~egx+L2N_NNEg6`C=z?n4qMO7dM*=nNh=Qt+Y`Lj8b9`K{0KjTrq#v@LHSh
zFOD$J*G-aUh{5JgY>$SQ2KPDJ<@1&=4;u1+(EcY4{|8+BjY*sU0000<MNUMnLSTY4
CY;8UO

literal 0
HcmV?d00001

diff --git a/lab-yana/test/lib/server-toggle.js b/lab-yana/test/lib/server-toggle.js
new file mode 100644
index 0000000..e69de29
diff --git a/lab-yana/test/pic-routes-test.js b/lab-yana/test/pic-routes-test.js
new file mode 100644
index 0000000..e69de29

From a0516f44fd4ec21bdddf5c1bc8c5c3a862c8df73 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 14:24:38 -0800
Subject: [PATCH 16/20] added pic model, pic post route, and made changes to
 server.js

---
 lab-yana/model/pic.js        | 16 +++++++++
 lab-yana/route/pic-router.js | 63 ++++++++++++++++++++++++++++++++++++
 lab-yana/server.js           |  6 +++-
 3 files changed, 84 insertions(+), 1 deletion(-)

diff --git a/lab-yana/model/pic.js b/lab-yana/model/pic.js
index e69de29..757ca3a 100644
--- a/lab-yana/model/pic.js
+++ b/lab-yana/model/pic.js
@@ -0,0 +1,16 @@
+'use strict';
+
+const mongoose = require('mongoose');
+const Schema = mongoose.Schema;
+
+const picSchema = Schema({
+  name: { type: String, required: true },
+  desc: { type: String, required: true },
+  userID: { type: Schema.Types.ObjectId, required: true },
+  galleryID: { type: Schema.Types.ObjectId, required: true },
+  objectKey: { type: String, required: true },
+  created: { type: Date, default: Date.now },
+  imageURI: { type: String, required: true}
+});
+
+module.exports = mongoose.model('pic', picSchema);
diff --git a/lab-yana/route/pic-router.js b/lab-yana/route/pic-router.js
index e69de29..30e4d2d 100644
--- a/lab-yana/route/pic-router.js
+++ b/lab-yana/route/pic-router.js
@@ -0,0 +1,63 @@
+'use strict';
+
+const Pic = require('../model/pic.js');
+const Gallery = require('../model/gallery.js');
+const bearerAuth = require('../lib/bearer-auth-middleware.js');
+
+const debug = require('debug')('cfgram:pic-router');
+const path = require('path');
+const multer = require('multer');
+const AWS = require('aws-sdk');
+const createError = require('http-errors');
+const fs = require('fs');
+const del = require('del');
+const Router = require('express').Router;
+
+AWS.config.setPromisesDependency(require('bluebird'));
+const s3 = new AWS.S3();
+const picDir = `${__dirname}/data`;
+const upload = multer( { dest: picDir } );
+
+const picRouter = module.exports = Router();
+
+function s3uploadProm(params) {
+  debug('s3uploadProm');
+
+  return new Promise((resolve, reject) => {
+    s3.upload(params, (err, s3data) => {
+      resolve(s3data);
+    });
+  });
+}
+
+picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, function(req, res, next) {
+  debug('POST: /api/gallery/:galleryID/pic');
+
+  if (!req.file) return next(createError(400, 'file not found'));
+  if (!req.file.path) return next(createError(500, 'file not saved'));
+
+  let fileExt = path.extname(req.file.originalname);
+  let params = {
+    ACL: 'public-read',
+    Bucket: process.env.AWS_Bucket,
+    Key: `${req.file.filename}${fileExt}`,
+    Body: fs.createReadStream(req.file.path)
+  };
+
+  Gallery.findById(req.params.galleryID)
+  .then( () => s3uploadProm(params))
+  .then(s3data => {
+    del([`${picDir}/*`]);
+    let picData = {
+      name: req.body.name,
+      desc: req.body.desc,
+      objectKey: s3data.Key,
+      imageURI: s3data.Location,
+      galleryID: req.params.galleryID,
+      userID: req.user._id
+    };
+    return new Pic(picData);
+  })
+  .then(pic => res.json())
+  .catch(next);
+});
diff --git a/lab-yana/server.js b/lab-yana/server.js
index 12accd1..3264333 100644
--- a/lab-yana/server.js
+++ b/lab-yana/server.js
@@ -7,6 +7,7 @@ const mongoose = require('mongoose');
 const express = require('express');
 const authRouter = require('./route/auth-routes.js');
 const galleryRouter = require('./route/gallery-router.js');
+const picRouter = require('./route/pic-router.js');
 const errors = require('./lib/error-middleware.js');
 const dotenv = require('dotenv');
 const PORT = 3003;
@@ -21,6 +22,9 @@ app.use(cors());
 app.use(morgan('dev'));
 app.use(authRouter);
 app.use(galleryRouter);
+app.use(picRouter);
 app.use(errors);
 
-app.listen(PORT, () => debug(`Listening on port ${PORT}.`));
+const server = module.exports = app.listen(PORT, () => debug(`Listening on port ${PORT}.`));
+
+server.isRunning = true;

From e48fe6e181c7c25cb71a9f16223347dab76694a9 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 14:29:12 -0800
Subject: [PATCH 17/20] added server toggle helper file

---
 lab-yana/test/lib/server-toggle.js | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/lab-yana/test/lib/server-toggle.js b/lab-yana/test/lib/server-toggle.js
index e69de29..da319a5 100644
--- a/lab-yana/test/lib/server-toggle.js
+++ b/lab-yana/test/lib/server-toggle.js
@@ -0,0 +1,30 @@
+'use strict';
+
+const debug = require('debug')('cfgram:server-toggle');
+
+module.exports = exports = {};
+
+exports.serverOn = function(server, done) {
+  if (!server.isRunning) {
+    server.listen(process.env.PORT, () => {
+      server.isRunning = true;
+      debug('server is up!');
+      done();
+    });
+    return;
+  }
+  done();
+};
+
+exports.serverOff = function(server, done) {
+  if (server.isRunning) {
+    server.close(err => {
+      if (err) return next(err);
+      server.isRunning = false;
+      debug('server is off!');
+      done();
+    });
+    return;
+  }
+  done();
+};

From 9c06a34d0d1f08d992399a6984f1839b53982fdf Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 14:44:32 -0800
Subject: [PATCH 18/20] added POST route test, all files linted

---
 lab-yana/test/lib/server-toggle.js |  2 +-
 lab-yana/test/pic-routes-test.js   | 89 ++++++++++++++++++++++++++++++
 2 files changed, 90 insertions(+), 1 deletion(-)

diff --git a/lab-yana/test/lib/server-toggle.js b/lab-yana/test/lib/server-toggle.js
index da319a5..309ef64 100644
--- a/lab-yana/test/lib/server-toggle.js
+++ b/lab-yana/test/lib/server-toggle.js
@@ -19,7 +19,7 @@ exports.serverOn = function(server, done) {
 exports.serverOff = function(server, done) {
   if (server.isRunning) {
     server.close(err => {
-      if (err) return next(err);
+      if (err) console.error('error in server.close', err);
       server.isRunning = false;
       debug('server is off!');
       done();
diff --git a/lab-yana/test/pic-routes-test.js b/lab-yana/test/pic-routes-test.js
index e69de29..dd99e94 100644
--- a/lab-yana/test/pic-routes-test.js
+++ b/lab-yana/test/pic-routes-test.js
@@ -0,0 +1,89 @@
+'use strict';
+
+const Pic = require('../model/pic.js');
+const Gallery = require('../model/gallery.js');
+const User = require('../model/user.js');
+const serverToggle = require('./lib/server-toggle.js');
+const expect = require('chai').expect;
+const request = require('superagent');
+const server = require('../server.js');
+const url = 'http://localhost:3003';
+
+const testUser = {
+  username: 'testUser',
+  password: 'word',
+  email: 'testUser@test.com'
+};
+
+const testGallery = {
+  name: 'testGallery name',
+  desc: 'testGallery description'
+};
+
+const testPic = {
+  name: 'testpicname',
+  desc: 'test pic description',
+  image: `${__dirname}/data/tester.png`
+};
+
+describe('Pic Routes', function() {
+  before(done => serverToggle.serverOn(server, done));
+  after(done => serverToggle.serverOff(server, done));
+
+  afterEach(done => {
+    Promise.all([
+      Pic.remove({}),
+      User.remove({}),
+      Gallery.remove({})
+    ])
+    .then( () => done())
+    .catch(done);
+  });
+  describe('POST: /api/gallery/:galleryID/pic', function() {
+    describe('with a valid body', function () {
+      before(done => {
+        new User(testUser)
+        .generatePasswordHash(testUser.password)
+        .then(user => {
+          user.save();
+          this.tempUser = user;
+          return user.generateToken();
+        })
+        .then(token => {
+          this.tempToken = token;
+          done();
+        })
+        .catch(done);
+      });
+      before(done => {
+        testGallery.userID = this.tempUser._id;
+        new Gallery(testGallery)
+        .then(gallery => {
+          this.tempGallery = gallery;
+          done();
+        })
+        .catch(done);
+      });
+      after(done => {
+        delete testGallery.userID;
+        done();
+      });
+      it('should return a pic', done => {
+        request.post(`${url}/api/gallery/${this.tempGallery._id}/pic`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .field('name', testPic.name)
+        .field('desc', testPic.desc)
+        .attach('image', testPic.image)
+        .end((err, res) => {
+          if (err) return done(err);
+          expect(res.body.name).to.equal(testPic.name);
+          expect(res.body.desc).to.equal(testPic.desc);
+          expect(res.body.galleryID).to.equal(this.tempGallery._id.toString());
+          expect(res.body.userID).to.equal(this.tempUser._id.toString());
+          expect(res.status).to.equal(200);
+          done();
+        });
+      });
+    });
+  });
+});

From d0e072327664038bde1e69f54863f59a1c2bf878 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 16:57:05 -0800
Subject: [PATCH 19/20] assignment requirements met

---
 lab-yana/model/pic.js                |   4 +-
 lab-yana/route/pic-router.js         |  11 +-
 lab-yana/test/auth-routes-test.js    | 164 ++++-----
 lab-yana/test/gallery-router-test.js | 506 +++++++++++++--------------
 lab-yana/test/lib/server-toggle.js   |   2 +-
 lab-yana/test/pic-routes-test.js     |  10 +-
 6 files changed, 350 insertions(+), 347 deletions(-)

diff --git a/lab-yana/model/pic.js b/lab-yana/model/pic.js
index 757ca3a..0ea0c75 100644
--- a/lab-yana/model/pic.js
+++ b/lab-yana/model/pic.js
@@ -8,9 +8,9 @@ const picSchema = Schema({
   desc: { type: String, required: true },
   userID: { type: Schema.Types.ObjectId, required: true },
   galleryID: { type: Schema.Types.ObjectId, required: true },
-  objectKey: { type: String, required: true },
+  objectKey: { type: String, required: true, unique: true },
   created: { type: Date, default: Date.now },
-  imageURI: { type: String, required: true}
+  imageURI: { type: String, required: true, unique: true }
 });
 
 module.exports = mongoose.model('pic', picSchema);
diff --git a/lab-yana/route/pic-router.js b/lab-yana/route/pic-router.js
index 30e4d2d..20c6907 100644
--- a/lab-yana/route/pic-router.js
+++ b/lab-yana/route/pic-router.js
@@ -15,7 +15,7 @@ const Router = require('express').Router;
 
 AWS.config.setPromisesDependency(require('bluebird'));
 const s3 = new AWS.S3();
-const picDir = `${__dirname}/data`;
+const picDir = `${__dirname}/../data`;
 const upload = multer( { dest: picDir } );
 
 const picRouter = module.exports = Router();
@@ -30,16 +30,15 @@ function s3uploadProm(params) {
   });
 }
 
-picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, function(req, res, next) {
+picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, upload.single('image'), function(req, res, next) {
   debug('POST: /api/gallery/:galleryID/pic');
-
   if (!req.file) return next(createError(400, 'file not found'));
   if (!req.file.path) return next(createError(500, 'file not saved'));
 
   let fileExt = path.extname(req.file.originalname);
   let params = {
     ACL: 'public-read',
-    Bucket: process.env.AWS_Bucket,
+    Bucket: process.env.AWS_BUCKET,
     Key: `${req.file.filename}${fileExt}`,
     Body: fs.createReadStream(req.file.path)
   };
@@ -56,8 +55,8 @@ picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, function(req, res, nex
       galleryID: req.params.galleryID,
       userID: req.user._id
     };
-    return new Pic(picData);
+    return new Pic(picData).save();
   })
-  .then(pic => res.json())
+  .then(pic => res.json(pic))
   .catch(next);
 });
diff --git a/lab-yana/test/auth-routes-test.js b/lab-yana/test/auth-routes-test.js
index dffdb0c..2302d7f 100644
--- a/lab-yana/test/auth-routes-test.js
+++ b/lab-yana/test/auth-routes-test.js
@@ -1,82 +1,82 @@
-'use strict';
-
-const expect = require('chai').expect;
-const request = require('superagent');
-const User = require('../model/user.js');
-const url = 'http://localhost:3003';
-
-require('../server.js');
-
-const testUser = {
-  username: 'testUser',
-  password: 'word',
-  email: 'testUser@test.com'
-};
-
-describe('Auth Routes', function() {
-  describe('POST: /api/signup', function() {
-    describe('with a valid body', function() {
-      after(done => {
-        User.remove({})
-        .then( () => done())
-        .catch(done);
-      });
-      it('should return a token', done => {
-        request.post(`${url}/api/signup`)
-        .send(testUser)
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.text).to.be.a('string');
-          done();
-        });
-      });
-    });
-    describe('without a valid body', function() {
-      it('should return a 400 error', done => {
-        request.post(`${url}/api/signup`)
-        .end(err => {
-          expect(err.status).to.equal(400);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/signin', function() {
-    describe('with a valid authentication header', function() {
-      before(done => {
-        let user = new User(testUser);
-        user.generatePasswordHash(user.password)
-        .then(user => user.save())
-        .then(user => {
-          this.tempUser = user;
-          done();
-        });
-      });
-      after(done => {
-        User.remove({})
-        .then( () => done())
-        .catch(done);
-      });
-      it('should return a token', done => {
-        request.get(`${url}/api/signin`)
-        .auth('testUser', 'word')
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.text).to.be.a('string');
-          done();
-        });
-      });
-    });
-    describe('without a valid authentication header', function() {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/signin`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-});
+// 'use strict';
+//
+// const expect = require('chai').expect;
+// const request = require('superagent');
+// const User = require('../model/user.js');
+// const url = 'http://localhost:3003';
+//
+// require('../server.js');
+//
+// const testUser = {
+//   username: 'testUser',
+//   password: 'word',
+//   email: 'testUser@test.com'
+// };
+//
+// describe('Auth Routes', function() {
+//   describe('POST: /api/signup', function() {
+//     describe('with a valid body', function() {
+//       after(done => {
+//         User.remove({})
+//         .then( () => done())
+//         .catch(done);
+//       });
+//       it('should return a token', done => {
+//         request.post(`${url}/api/signup`)
+//         .send(testUser)
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.text).to.be.a('string');
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid body', function() {
+//       it('should return a 400 error', done => {
+//         request.post(`${url}/api/signup`)
+//         .end(err => {
+//           expect(err.status).to.equal(400);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('GET: /api/signin', function() {
+//     describe('with a valid authentication header', function() {
+//       before(done => {
+//         let user = new User(testUser);
+//         user.generatePasswordHash(user.password)
+//         .then(user => user.save())
+//         .then(user => {
+//           this.tempUser = user;
+//           done();
+//         });
+//       });
+//       after(done => {
+//         User.remove({})
+//         .then( () => done())
+//         .catch(done);
+//       });
+//       it('should return a token', done => {
+//         request.get(`${url}/api/signin`)
+//         .auth('testUser', 'word')
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.text).to.be.a('string');
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid authentication header', function() {
+//       it('should return a 401 error', done => {
+//         request.get(`${url}/api/signin`)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//   });
+// });
diff --git a/lab-yana/test/gallery-router-test.js b/lab-yana/test/gallery-router-test.js
index 602ad68..f077852 100644
--- a/lab-yana/test/gallery-router-test.js
+++ b/lab-yana/test/gallery-router-test.js
@@ -1,253 +1,253 @@
-'use strict';
-
-const expect = require('chai').expect;
-const request = require('superagent');
-const User = require('../model/user.js');
-const Gallery = require('../model/gallery.js');
-const url = 'http://localhost:3003';
-const mongoose = require('mongoose');
-const Promise = require('bluebird');
-mongoose.Promise = Promise;
-
-
-const testUser = {
-  username: 'testUser',
-  password: 'word',
-  email: 'testUser@user.com'
-};
-
-const testGallery = {
-  name: 'testGallery name',
-  desc: 'testGallery description'
-};
-
-require('../server.js');
-
-describe('Gallery Routes', function() {
-  beforeEach(done => {
-    let user = new User(testUser);
-    user.generatePasswordHash(testUser.password)
-    .then(user => {
-      user.save();
-      this.tempUser = user;
-      return user.generateToken();
-    })
-    .then(token => {
-      this.tempToken = token;
-      done();
-    })
-    .catch(done);
-  });
-  beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
-    testGallery.userID = this.tempUser._id.toString();
-    new Gallery(testGallery).save()
-    .then(gallery => {
-      this.tempGallery = gallery;
-      done();
-    })
-    .catch(done);
-  });
-  afterEach(done => { //remove user and gallery db entries
-    Promise.all([
-      User.remove({}),
-      Gallery.remove({})
-    ])
-    .then( () => {
-      delete testGallery.userID; //remove user ID
-      done();
-    })
-    .catch(done);
-  });
-  describe('POST: /api/gallery', () => {
-    describe('with a valid body and token', () => {
-      it('should return a gallery', done => {
-        request.post(`${url}/api/gallery`)
-        .send(testGallery)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          let date = new Date(res.body.created).toString();
-          expect(res.status).to.equal(200);
-          expect(res.body.name).to.equal(testGallery.name);
-          expect(res.body.desc).to.equal(testGallery.desc);
-          expect(date).to.not.equal('invalid date');
-          expect(res.body.userID.toString()).to.equal(this.tempUser._id.toString());
-          done();
-        });
-      });
-    });
-    describe('wthout a valid token', () => {
-      it('should return a 401 error', done => {
-        request.post(`${url}/api/gallery`)
-        .send(testGallery)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-    describe('without a valid body', () => {
-      it('should return a 400 error', done => {
-        request.post(`${url}/api/gallery`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(400);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', () => {
-    describe('with an invalid route', () => {
-      it('should return a 404 error', done => {
-        request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/gallery', () => {
-    describe('with a valid token', () => {
-      it('should return a list of gallery IDs in the db', done => {
-        request.get(`${url}/api/gallery`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.body).to.be.an('array');
-          expect(res.body.length).to.equal(1);
-          expect(res.body[0]).to.equal(this.tempGallery._id.toString());
-          done();
-        });
-      });
-    });
-    describe('without a valid token', () => {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/gallery`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-  describe('GET: /api/gallery/:id', () => {
-    describe('with a valid id and token', () => {
-      it('should return a gallery', done => {
-        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          let date = new Date(res.body.created).toString();
-          expect(date).to.not.equal('invalid date');
-          expect(res.status).to.equal(200);
-          expect(res.body.name).to.equal(testGallery.name);
-          expect(res.body.desc).to.equal(testGallery.desc);
-          expect(res.body.userID).to.equal(this.tempUser._id.toString());
-          done();
-        });
-      });
-    });
-    describe('wthout a valid token', () => {
-      it('should return a 401 error', done => {
-        request.get(`${url}/api/gallery/${this.tempGallery._id}`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-    describe('with an invalid id' , () => {
-      it('should return a 404 error', done => {
-        request.get(`${url}/api/gallery/1nval1did`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
-  describe('DELETE: /api/gallery/:id', () => {
-    describe('with a valid id and token', () => {
-      it('should return a 204 code', done => {
-        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(204);
-          done();
-        });
-      });
-    });
-    describe('without a valid id', () => {
-      it('should return a 404 error code', done => {
-        request.delete(`${url}/api/gallery/1nvalid1d`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-    describe('without a valid token', () => {
-      it('should return a 401 error code', done => {
-        request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-  });
-  describe('PUT: /api/gallery/:id', () => {
-    var update = { name: 'updated gallery name', desc: 'updated gallery description' };
-    describe('with a valid body, id, and token', () => {
-      it('should return an updated gallery', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .send(update)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end((err, res) => {
-          if (err) return done(err);
-          expect(res.status).to.equal(200);
-          expect(res.body.name).to.equal(update.name);
-          expect(res.body.desc).to.equal(update.desc);
-          done();
-        });
-      });
-    });
-    describe('without a valid body', () => {
-      it('should return a 400 error', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(400);
-          done();
-        });
-      });
-    });
-    describe('without a valid token', () => {
-      it('should return a 401 error', done => {
-        request.put(`${url}/api/gallery/${this.tempGallery._id}`)
-        .send(update)
-        .end(err => {
-          expect(err.status).to.equal(401);
-          done();
-        });
-      });
-    });
-    describe('without a valid gallery id', () => {
-      it('should return a 404 error', done => {
-        request.put(`${url}/api/gallery/00p5wr0ng1d`)
-        .send(update)
-        .set( { Authorization: `Bearer ${this.tempToken}` } )
-        .end(err => {
-          expect(err.status).to.equal(404);
-          done();
-        });
-      });
-    });
-  });
-});
+// 'use strict';
+//
+// const expect = require('chai').expect;
+// const request = require('superagent');
+// const User = require('../model/user.js');
+// const Gallery = require('../model/gallery.js');
+// const url = 'http://localhost:3003';
+// const mongoose = require('mongoose');
+// const Promise = require('bluebird');
+// mongoose.Promise = Promise;
+//
+//
+// const testUser = {
+//   username: 'testUser',
+//   password: 'word',
+//   email: 'testUser@user.com'
+// };
+//
+// const testGallery = {
+//   name: 'testGallery name',
+//   desc: 'testGallery description'
+// };
+//
+// require('../server.js');
+//
+// describe('Gallery Routes', function() {
+//   beforeEach(done => {
+//     let user = new User(testUser);
+//     user.generatePasswordHash(testUser.password)
+//     .then(user => {
+//       user.save();
+//       this.tempUser = user;
+//       return user.generateToken();
+//     })
+//     .then(token => {
+//       this.tempToken = token;
+//       done();
+//     })
+//     .catch(done);
+//   });
+//   beforeEach(done => { //make a gallery and save it to db, needed for GET, PUT, and DELETE
+//     testGallery.userID = this.tempUser._id.toString();
+//     new Gallery(testGallery).save()
+//     .then(gallery => {
+//       this.tempGallery = gallery;
+//       done();
+//     })
+//     .catch(done);
+//   });
+//   afterEach(done => { //remove user and gallery db entries
+//     Promise.all([
+//       User.remove({}),
+//       Gallery.remove({})
+//     ])
+//     .then( () => {
+//       delete testGallery.userID; //remove user ID
+//       done();
+//     })
+//     .catch(done);
+//   });
+//   describe('POST: /api/gallery', () => {
+//     describe('with a valid body and token', () => {
+//       it('should return a gallery', done => {
+//         request.post(`${url}/api/gallery`)
+//         .send(testGallery)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           let date = new Date(res.body.created).toString();
+//           expect(res.status).to.equal(200);
+//           expect(res.body.name).to.equal(testGallery.name);
+//           expect(res.body.desc).to.equal(testGallery.desc);
+//           expect(date).to.not.equal('invalid date');
+//           expect(res.body.userID.toString()).to.equal(this.tempUser._id.toString());
+//           done();
+//         });
+//       });
+//     });
+//     describe('wthout a valid token', () => {
+//       it('should return a 401 error', done => {
+//         request.post(`${url}/api/gallery`)
+//         .send(testGallery)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid body', () => {
+//       it('should return a 400 error', done => {
+//         request.post(`${url}/api/gallery`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end(err => {
+//           expect(err.status).to.equal(400);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('GET: /ap1/s0m3rand0mwr0ngr0ut3', () => {
+//     describe('with an invalid route', () => {
+//       it('should return a 404 error', done => {
+//         request.get(`${url}/ap1/s0m3rand0mwr0ngr0ut3`)
+//         .end(err => {
+//           expect(err.status).to.equal(404);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('GET: /api/gallery', () => {
+//     describe('with a valid token', () => {
+//       it('should return a list of gallery IDs in the db', done => {
+//         request.get(`${url}/api/gallery`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.body).to.be.an('array');
+//           expect(res.body.length).to.equal(1);
+//           expect(res.body[0]).to.equal(this.tempGallery._id.toString);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid token', () => {
+//       it('should return a 401 error', done => {
+//         request.get(`${url}/api/gallery`)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('GET: /api/gallery/:id', () => {
+//     describe('with a valid id and token', () => {
+//       it('should return a gallery', done => {
+//         request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           let date = new Date(res.body.created).toString();
+//           expect(date).to.not.equal('invalid date');
+//           expect(res.status).to.equal(200);
+//           expect(res.body.name).to.equal(testGallery.name);
+//           expect(res.body.desc).to.equal(testGallery.desc);
+//           expect(res.body.userID).to.equal(this.tempUser._id.toString());
+//           done();
+//         });
+//       });
+//     });
+//     describe('wthout a valid token', () => {
+//       it('should return a 401 error', done => {
+//         request.get(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//     describe('with an invalid id' , () => {
+//       it('should return a 404 error', done => {
+//         request.get(`${url}/api/gallery/1nval1did`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end(err => {
+//           expect(err.status).to.equal(404);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('DELETE: /api/gallery/:id', () => {
+//     describe('with a valid id and token', () => {
+//       it('should return a 204 code', done => {
+//         request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(204);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid id', () => {
+//       it('should return a 404 error code', done => {
+//         request.delete(`${url}/api/gallery/1nvalid1d`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end(err => {
+//           expect(err.status).to.equal(404);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid token', () => {
+//       it('should return a 401 error code', done => {
+//         request.delete(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//   });
+//   describe('PUT: /api/gallery/:id', () => {
+//     var update = { name: 'updated gallery name', desc: 'updated gallery description' };
+//     describe('with a valid body, id, and token', () => {
+//       it('should return an updated gallery', done => {
+//         request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .send(update)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end((err, res) => {
+//           if (err) return done(err);
+//           expect(res.status).to.equal(200);
+//           expect(res.body.name).to.equal(update.name);
+//           expect(res.body.desc).to.equal(update.desc);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid body', () => {
+//       it('should return a 400 error', done => {
+//         request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end(err => {
+//           expect(err.status).to.equal(400);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid token', () => {
+//       it('should return a 401 error', done => {
+//         request.put(`${url}/api/gallery/${this.tempGallery._id}`)
+//         .send(update)
+//         .end(err => {
+//           expect(err.status).to.equal(401);
+//           done();
+//         });
+//       });
+//     });
+//     describe('without a valid gallery id', () => {
+//       it('should return a 404 error', done => {
+//         request.put(`${url}/api/gallery/00p5wr0ng1d`)
+//         .send(update)
+//         .set( { Authorization: `Bearer ${this.tempToken}` } )
+//         .end(err => {
+//           expect(err.status).to.equal(404);
+//           done();
+//         });
+//       });
+//     });
+//   });
+// });
diff --git a/lab-yana/test/lib/server-toggle.js b/lab-yana/test/lib/server-toggle.js
index 309ef64..be80cee 100644
--- a/lab-yana/test/lib/server-toggle.js
+++ b/lab-yana/test/lib/server-toggle.js
@@ -6,7 +6,7 @@ module.exports = exports = {};
 
 exports.serverOn = function(server, done) {
   if (!server.isRunning) {
-    server.listen(process.env.PORT, () => {
+    server.listen(3003, () => {
       server.isRunning = true;
       debug('server is up!');
       done();
diff --git a/lab-yana/test/pic-routes-test.js b/lab-yana/test/pic-routes-test.js
index dd99e94..ccf92d1 100644
--- a/lab-yana/test/pic-routes-test.js
+++ b/lab-yana/test/pic-routes-test.js
@@ -41,6 +41,7 @@ describe('Pic Routes', function() {
   });
   describe('POST: /api/gallery/:galleryID/pic', function() {
     describe('with a valid body', function () {
+
       before(done => {
         new User(testUser)
         .generatePasswordHash(testUser.password)
@@ -55,21 +56,24 @@ describe('Pic Routes', function() {
         })
         .catch(done);
       });
+
       before(done => {
-        testGallery.userID = this.tempUser._id;
-        new Gallery(testGallery)
+        testGallery.userID = this.tempUser._id.toString();
+        new Gallery(testGallery).save()
         .then(gallery => {
           this.tempGallery = gallery;
           done();
         })
         .catch(done);
       });
+
       after(done => {
         delete testGallery.userID;
         done();
       });
+
       it('should return a pic', done => {
-        request.post(`${url}/api/gallery/${this.tempGallery._id}/pic`)
+        request.post(`${url}/api/gallery/${this.tempGallery._id.toString()}/pic`)
         .set( { Authorization: `Bearer ${this.tempToken}` } )
         .field('name', testPic.name)
         .field('desc', testPic.desc)

From f1d029b2ca9906d2371d0db5604ed21bc8fd23f7 Mon Sep 17 00:00:00 2001
From: radenska <yana_radenska@yahoo.com>
Date: Wed, 8 Mar 2017 21:46:17 -0800
Subject: [PATCH 20/20] giving up on delete, 3 POST tests working, all files
 linted

---
 .../data/d36c6fc77352cf478b70c0db17b86142     | Bin 0 -> 5920 bytes
 lab-yana/route/pic-router.js                  |  16 +++
 lab-yana/test/pic-routes-test.js              | 132 +++++++++++++-----
 3 files changed, 116 insertions(+), 32 deletions(-)
 create mode 100644 lab-yana/data/d36c6fc77352cf478b70c0db17b86142

diff --git a/lab-yana/data/d36c6fc77352cf478b70c0db17b86142 b/lab-yana/data/d36c6fc77352cf478b70c0db17b86142
new file mode 100644
index 0000000000000000000000000000000000000000..04c99f2bcf29a75773e672165f5efbf0ac5e17ce
GIT binary patch
literal 5920
zcmV+*7vJcKP)<h;3K|Lk000e1NJLTq001BW001Bm1^@s6BkHEN00004XF*Lt006O%
z3;baP0000WV@Og>004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00009
za7bBm000XU000XU0RWnu7ytkkmPtfGRA>dgS$kYm)%IWe%nZXD1;hk}@de`x9gYw3
zIa+$v)YLT7D~XzATGrLFoAy(#cD>g!v&=M2CCxI)N11O7Qm^mf0KPy31_V@I@)U-d
zbN26h29Cd*zx(;zKYove&OUqXeb!#@z4tmq{{}dBPhdBuc2DY_M7~c>PdAFsMHLHS
z(idW+`Dwi|J*KapIgYBIoTv4rNilb$e)G<gc8U6^hJhq)7AeZnf1)%vW<%5tW2`ps
z$u@m~xYb<1R!HBA?aaYCMOq<>QH3n$$$1)|8sATjKiOwbB3cM|bl-P#>dmR-V$CxY
ziN}zcD1i>K5!6ao%w|H!NcMG~dYdilva4B5|3plBS2RR9B7A8gg|PM`-l1Y*q#Heq
z+K?9+W8-zb=n^G{+xZgOO^1n;*|drF=O$1MImvawP8Gzd_Sj$OA(il3DNk7z+nTb&
z?s@*x67EMSPmD4T)Q_iBYERdACQngj@lNtHF}tOgvomPN)vF?a4BC5r``Q3lqXix-
z;8K_VIbA*{{{eR{cfGTSY9!uA71%__bi>J_+r)a%M*3FytWSikXI2k>QX?Rpjwy=D
z4;)MnSPbhkHkcIhCa-DFlYm7%hmr3l;kID)ix&#nQhJ%lu}FE9A4fZhPgh&^Cu#?!
zkTFj<%%&1~Ok(TVAR;-H_oNqz>ena>mAZ!}D3HkYtCjNU0afgsO`Konr%$Z6EKdv1
z9#Z?W#!vb@af10IE8=tMBE2JQvBcU+vohrmwefT1gMy;wkl*0oe^g}epjwuh*$Y6e
zqoc0@=%KU&uJu4zP9rFo9VdT_$#x=ZmhzrPK-w#YN69g*Af^Wkn;k$hMvPPAeI((a
z5Y{$<4QJ2MFro%UKBtU;Af+^t=F3*{rzRq9h5dbrvjo`JK}<-*uO82K_y;GQ5>KVn
zNKHJE!k|JOGwCx}1EuKVy>f-#!YR<Z#s_jJ^3ihTJKp6kNP<HBUOU~UDxUw%7|UC>
z%547|SsK6T;o?&BTwNgFN2kfotDz8E)@en)F*WusLOSrV2S~5QJTi}Chb&*Ed1w8?
zCu#(wonnBQ4Qixd3ZalCMz$4>(Pa|(N9$JVE<n%%<(x8@sA)3a!iyk)5pQ}ZCMbqe
zlP-~J@uaX+jUL3;lMVv^E6@X3M*&#Lgn5k!2Rq)cp(-~$Bk7eyybBQGjoa8(HcBvg
z4i;Jo+li|C$y4NZaw^uBsc9dnZ_)kr?^~wXDzf<1i`sHhp(vW$v7MH1DB>QU&7?~)
z73Nm#eanEfpsXtXH)&OjGpe@Zaq7yVSm%$v*NvpBw0}yXSE{bN07t7EA-7jfgWOT%
zfQL>yTpj@oLH*F`1v@P40c$3}E~*Ob!2TYL5P?BJb^MWgJcv4BN*(`!uT$~7if>l&
z>;!uRypio=_klOUH}0Ty;mMP%ppBLBPhExNL^goN(_n+icd;%*=nry_WWBN%4)PY=
zqT9RU!L5_q-|J_Iv)#+~x%Y;YECxj7u|)#qvRH~1!mv~`ghBA|*YAaecpNs2o{}i1
z&;Xh%Q(e96rR;MhP%?B|?RHTe=?x~>3$0*9vXa4Ed<zvY4ppdvsshVsgYcwUm>_y1
ze(R_=jRU@rhw@CcFY0$2lE}`y{U5Zpl8G(#=<8Vkd=9TtzQTM14W}tcb&n8A4k*|g
zA>tt<AXL0mK6nltr+@H-+Uat>vfgFobC50WaeL?>kClebafwiqCkvZat}@_;+vLLr
z>3$GsFrqVu;4>{?0HeGqwQ8lST)qaJ9_%}mRPq5{&?l(Bu#Sn!+yW<(2BBcY0EP+9
zi=+l9A%rNHZE#z<!i`gZLa7^m@9_fV@38b({cVE-ma489TG5$I&hx)Lb7?l&<<GAq
zWL(Dh>xNw8XtaeqQ&|T3q41X|_d4WOWDQi=1jRVv4vbmd0Y>_GDBnd~j<1^IDv>W^
zJvHzIS1XkPH?#tk0RFQ;=@bF?4b<>x5wnz_o5!xvF7zHjV9reLjYPmgnkD_AQypBf
z4&n>|LnZtJ{sI`S0B!<QG*<6th{pSM^cHQ#cm+18H1u=$=X^2RN%~<P?~sWXKAd*H
z1KADzyAKdwB74Zn9rD*l$>h7@-HdnC@ja!<`Q>>3MMIo12lOv;S;4jm7)WFBs~SY}
zG_}=oj7#-5X4U`1%GGTaGD0CjDxR7l0-+(3pMcmngF(bm3-}|3jUbc`y*2=+sz%*K
zjUb@9aseVR5N%G&{B&gyV$H-}@sK^Yp#9ma$S0cY%FfE*lKGf(UGD3e48|j=Q5b@L
z1^4I2z}k0SF+KyJ?YTM2%I^?`7+#<FCPF$qaJDda4D#q_5equPFI|K4t#!x+!gKy(
zTH_eT)*BWX%Rnzj8KN8kJqLU<2>m*EpvsrVrvv6ukoPNF_-ueeJlWeVJwkHz$D3Th
zmemSc`!5Ah%ORl>3UFb1B^072I0sZ!iG>_|Fb83puYcdLA2BNiTn(HHftQrt$QQ}(
zx^Zrg?Kybd(k^kmVR3fNr)Pl5*lt&26BuTzj0Zi}A$_$iX`Aawc8{*ZZ#?}1QP9D`
zX+scPj^SnBl?@<!m22a&H34MzTru|0Ge3~s8Gb7AObp&zS8=xZ&!96f;CSFj@HJN7
zXi#&@Js!;~z?T|oYK~FCAM-Tdt^~FY3uq97?BT}Trf@2URW%5K-aL3b2nA6`Aj|n4
zp5PvQfnZUV=ex`Q?}*uRReyfq4Q<&{_g>rv3oUK8xAT3X4j-MKbP5*hWZ(Q?`v-V$
znPIZN2$mStFt+9o=%4WF>FWi{x5=@V&mvRn*g0$FcOuet^DOpiO;lENYQjk;=ntw)
zEWSpj$UEByeftfWIvhE*?&Jup;|iJ+x)!<ORO$~GvHkJ9TJys~cwU~*H2<!kU%}6F
z)iZ+79>jPh%-0Tmq-rv7JD!@s3&~uMG)hIVERm?;;rb48I8@O$k{YYMShVnWSg?ZL
zXNTaD+s~9;84h~ywmaBqDKgregZB?WupZNoee_!tTzSlh1J6Q0Ayi+eN9gcpOOo<7
zLUH-NLjuFmFRlNz27O(t&@VyV-llHk{!vhXvdVGP@g^K@#W!(Vw_yG!fdj)vKyl~T
zc#1=AXnc0bNNm47cAi>yzAxEBQ}*{vT7`9v2HXt13eUTF_77K%gJOg(K|dXy@Q7_=
z7bt;eU_Y1%yo~?U2nkvs6K6{Y83pPGS12GvT?>@J^{XGI@&+6;&I6|)y8Kuoec8}h
zTT7`Sdv}-Y!ePYx{(<pF=0E}FiESrgVf}rdB%j+v4~CtXb*zxAch)Sh&WnV=4-Dr$
z7m$^i{Zm^b9_3Fjuf4v2DB#V-#cORup6l8+JO$6H*mVBJKhklasyTV+3~~e8)M`S=
zb>z(Wxu3_y65YRaZ1j;6P+T9c<DS`AH)Zm*DgOaJCjY$rbR1Ee(_d$7J&N@LAAVmP
zhh!Zg6zEnnyAsTHGZ+NhH6urLA5BbZjRT!0`3guKZdZ6b5Xn>cjzYWh1N~-0FbID1
z;4imM2{?pBRz(lt3GG8(YBxOtNosQI%0TSnRqsikroj_3ro|TbBr+A&jNUai0^8Wm
zf^Ty|A;>MCO9Ah}l7k#Rjc{oMmK%bvJhyVfLiC%#RQ?}7p8Vk^ESl^_m}sKzF9>au
zeCh5xx%HsCY3zw{qsf#R-rv-19+|3dT;tae-^TFZS;42t6gF%6x<A5GgvO`VbpDjb
zbMKlZ6`_K)>9{an_XB7a^Amh`vAuaY{2oLayhE1-q`V@;N5bO)0lM-p7~Lp3zjDr0
ztis|}QzGJ6y!?LYmXbkatvi}qmix@(*>*o~^VM!A$lmUYHLrfwi|pPLXTCqJH!S^j
zMshAJ$iDKZFixdZWx|Ez^jadH&_&LLPf@DBr`ce>K=$go8;7oEk^Rw<FO#>zLv;0n
zUlb2OVPW<DH6KHfWtnI4dy+li<l<wCO35C+ep|ubbh7)`cVE>#9<JU3wcGBL<~$37
zZLOSne;2nJmU?^m=OJX@kUPt_YSeQ;E$Q=K(&p15evwyme*q~lfV`DY9uH)*NE(yB
zm6BbposWvG9v6Ko{o&etUd=a^w>jkwc`0z*99X3CoARASWKu$!#x=q8A@`qsdF1zG
z>b_ye@m&{*p7Krl`iBC%H>lxH^*ARe)7&fAgU?JE`eM~%%iGIm{Brr{%NX0z!a*QY
zaGXIhX!NN|MN-|DJoaQEQPllUMt_C_R_jW!q;D>nnx3n;SMep8?0dF+{N*4dlh|qF
zM;`#)2YNEz<%u4GN4W<)ijw6ku97^e4|f@9N>Mp5&9IQY#^&)jvOS0iiL9sS^jE|c
z=1D?;HZJ`p4mVp5@jD;%`=;A3oJ$w_ecr?3Tq!N;v#v`X&%bg~oyk+uqr_uTH+cTt
zE_;G@_v0z@Ek~kb70;J@HsmxM<oRjmyFMRyn&)T6kNaxmO`fmJb9y)B^ZZ9ki^_^#
z;ycsY>YsMg5e9a*bin*MoreZEc}iydn2RG`#rz#j7RPO#-!!Z$`e7!|&%d?#qfMhR
zFSEld>U&q<Rcb43jkz6l7kvKOH?R9kO+0U0e@pki=qHO-v-OL7b(RWJnK;8dO6O?q
zA>_oiX{EP)C=*xABUC6PX#?2vb16N!Bb&n73FCpiCbw}t50`t(P+&CUY;<GTUk4z0
zDYqQU8W^_W6Mw9TyF#X$zs?*r4OzZ;|NaF@I3OuM=loRp4B1=Hnt5UNkJzrZ>gx?A
zvX@ObRe$1d2$dw)1yDE9Igeh(QJ_Cr|AOatH~}WmS_CH*1a13lE6y1=znU<2)ETmu
z&wG98LL^<bDR^$=*Wly(VbuRT-isFQ>c&t4<tq2(iMsfvIo!%GfwGQnQpWM&kLAii
zg1o|Fw7#G{;4l<SB?_XZ1*&krE<N&8jYED-ZdY&Dtzx}de|;jIRlb*fKs=yk!9z94
zRr?eKKtUc?tS`jQ!?_?L^P>xhv<GKro_ZMv82z%LBm0dYQ@g&;8z${VOrL7_t^sHI
zhZ{FvS$~~Oy3XBhhv5j!yET;7D^QT^w<|Cg2dlr`^DjhBsVH1H^v$zSNK8f5efWxD
z#;}J2%E03)eY8Q{Rvk6PRVT<wH~Cu%ldZ;ULK~D|5*xU3l!xB2({_G{uRi^YCKm35
zM|rwDSL+KY+zRz$Lzs*s&wI*E>AJYUyqRTNX4`7AJ@PNY6JVypcJD2^1VMcc#0C<C
zO*KduCH#c`DOaR3j8b`4b?b_SaH*SZOT*Vgu;ro19Ar0oiu<3wgB^I=y?sccRMNCR
zJn1zgC+p>@H^w7tPYEn<3yafsXH3&=Sh5iHh1bv@t81?}A$R2sUM!virDC7hfP5(8
zQBBRmHJEom86&Sn8!n6$enHy`yLvrOG@4LZQax6|cHa0+hUMF|f!S{~^pw_$PnpN*
zu3Cnr^~sLli&eR;AkVboA!B$63Po|#!z}2QSl+NTWhwF}(gx8psy22D8%_(^s~29w
z$?7-4Hi+9`jk+MIXKyDn0n<yZ1mV`^!Lcn-pm1MUf&L}u%jywWo|iE%_ZTcp9%`Pk
z3jvn6UWee0JDi10)4@wumdg-Y*d`sIje`N6+M)I3b9p}qScmGOx^4Qhd2G46FQMpV
z!W<)c%O;P>Y%=rFQPXGqAg?I3;?i}4AM0tee3)j)?p;==6>s}EY)7)glwwd;feD)6
z`}R$p3WUx#yLz2#gZxFhL7Z=XTPU-<ZEMW-yEvcM(tb+WWew=1JEp6^%z9{8aV1a>
z_(UrR;6SWhR4u}8vo>fe`8~b?^TKs`dL!9&-m$^a8z6Z5m=~i9flqe6)#MEU!r65e
zg832HsG86QLLg6!N3`5MjBGPI;}(1<Q!iEOIvHpYb?$j3c;brPD@B+u6yVu`N>I&*
z1)AWJgbL6={dbz+S=*ayf|#iSE<-KQsZ(Aas;5HNjdvEIDC*$r`6~V=H4U}Eb{von
zEgN1f$xq9k)wm$Cq0DKpQwmBU^>REer8pl_JaP%HonSDWig-5Ko~#FZ69SOyJJ+X}
zamM*fQ=uvV>qXC?uNF?c)N!!hh~FkCLaQX{-Pi`)O6}@`IL@Y0jC+1O4B$e>N$^{y
z3ltU@Ox0!bNZD{c!SX7KpmiJVc(WNg@nzH?uhhEcxy{8;t^Zg7TDe%O4qM(#3(1a9
zEC>nF9IT&Y*_qZcJGM9h%T`h8yxIC4%uec_5d?+}Akzo|6vghY3^lkF(V2At;|}_m
z7NM=+A1aZUZ=}_vDkOrM$1QkYtq~UBmjUmA71V3D>SYiS@2m9*JH_Ji>WwUa8Ntxt
zvU+r6t65(|V(oglLfP;zmG1Ino-%Vd-f)9-0A=}7-Be3J+6!3{&v~*uuFZR_01cs)
z#kD@U<iSlJx~@xA;%f6>b-gWPY~@)ENr??Jlv{k{YEx^IzOQZ^O9Yb!5|9&|_*0N!
z)DoE<ig2K$qSpR$P$9|zRaGFh*r@_8OYS7A3aS+{?qOV2h$i^6IH>u7&MEjott(N#
z2L+B}`cxEEzUHa{uA^3X@5P@ibJI-O(fL;C5)2lmKV+F~b7qIgNm}(+Gcexx9sD;1
zXrr3OEN`cOmNy@)_vc;tXr(-3SKrsWPob5T*KK84jVlTs7P!vIJ2s{Ul<R)f73dNm
zJ}wSWz$2){B`3H)gfuHcal5uASRK^UY-vY}rJF-XV?Yb3<4|Rl)2g4!{3%x-uk7Nx
z2%DO7IloS9YJnxeR+FV9Z;(!l!^{KpGb{s8?Jagq%y=jI<LHmcr$^Go4*0;M?qB~B
z*uTX76Y}mSv3J`qCa(@lE_NtdPYu#?v0c=!tjh9NR98pvR@zi)kJ#26xH`o*OXn1(
zePDG2D5KQ-xU&tv!o8dc$kwp8Ar)%T;V%*X&;VuGwfCtboZo{~&uPS79S>!pi0UHW
zbX}P+(vXO1bZh0PBc86|!${f0j+RBXx~xaX6Qlw$&in`6VPPZPl<VaWd#|(Ea?a7E
zCwI5U>pb!BZxx`;*IY@{sPr~mtph6-&azO}i{I#NyL$N6Q5q$EDF&K#GfhZVZK>1d
z6u%;!D6IB1)q2U7l;uhST-&H-Z8$dapw0?Ea3c0oVIwDkJ{~oP9u#4)`nSh-hZNNN
zhs!U?ZLXQ1kYb)Q<0s2VTSK=0^*+)OG2T2wzm`u^Hp=Z?i7|DOU(QE#OZ&9fBgy?~
zuSw(of2~zNnVAS1UkjuuF+W8eVZGCR#ck$+0xrhQARQHhqV7g)kbV?9n*$G~WDV&z
zwA%&Fb0+jRbbkeB^gCi-b2R7apNiAX6FJZA(Er`;zXHEc>}u}FcS@VYP_xh4S+*Z7
zha)@b#K&|m;agxUJ&s(z2i|h9`91dku%~^6)s~RBC`P_Y6Q!TTG3HqPVGXaf($}J2
zlymGM>1PNKmYkCLvM8DNK;Uzt+1weInFC^kxlK}pbQXf^E$WfzcOZQQysth`LuxM0
zdGq;2!~egx+L2N_NNEg6`C=z?n4qMO7dM*=nNh=Qt+Y`Lj8b9`K{0KjTrq#v@LHSh
zFOD$J*G-aUh{5JgY>$SQ2KPDJ<@1&=4;u1+(EcY4{|8+BjY*sU0000<MNUMnLSTY4
CY;8UO

literal 0
HcmV?d00001

diff --git a/lab-yana/route/pic-router.js b/lab-yana/route/pic-router.js
index 20c6907..b74388c 100644
--- a/lab-yana/route/pic-router.js
+++ b/lab-yana/route/pic-router.js
@@ -60,3 +60,19 @@ picRouter.post('/api/gallery/:galleryID/pic', bearerAuth, upload.single('image')
   .then(pic => res.json(pic))
   .catch(next);
 });
+
+// picRouter.delete('/api/gallery/:galleryID/pic/:picID', bearerAuth, function(req, res, next) {
+//   debug('DELETE: /api/gallery/:galleryID/pic/:picID');
+//
+//   Pic.findByIdAndRemove(req.params.picID)
+//   .then(res => {
+//     console.log('RES', res);
+//     let params = {
+//       Bucket: process.env.AWS_BUCKET,
+//       Key: res._id.toString()
+//     }
+//     s3.deleteObject(params);
+//     res.status(204).send();
+//   })
+//   .catch(next);
+// });
diff --git a/lab-yana/test/pic-routes-test.js b/lab-yana/test/pic-routes-test.js
index ccf92d1..bdf6b2f 100644
--- a/lab-yana/test/pic-routes-test.js
+++ b/lab-yana/test/pic-routes-test.js
@@ -30,6 +30,30 @@ describe('Pic Routes', function() {
   before(done => serverToggle.serverOn(server, done));
   after(done => serverToggle.serverOff(server, done));
 
+  beforeEach(done => {
+    new User(testUser)
+    .generatePasswordHash(testUser.password)
+    .then(user => {
+      user.save();
+      this.tempUser = user;
+      return user.generateToken();
+    })
+    .then(token => {
+      this.tempToken = token;
+      done();
+    })
+    .catch(done);
+  });
+  beforeEach(done => {
+    testGallery.userID = this.tempUser._id.toString();
+    new Gallery(testGallery).save()
+    .then(gallery => {
+      this.tempGallery = gallery;
+      done();
+    })
+    .catch(done);
+  });
+
   afterEach(done => {
     Promise.all([
       Pic.remove({}),
@@ -39,39 +63,13 @@ describe('Pic Routes', function() {
     .then( () => done())
     .catch(done);
   });
-  describe('POST: /api/gallery/:galleryID/pic', function() {
-    describe('with a valid body', function () {
-
-      before(done => {
-        new User(testUser)
-        .generatePasswordHash(testUser.password)
-        .then(user => {
-          user.save();
-          this.tempUser = user;
-          return user.generateToken();
-        })
-        .then(token => {
-          this.tempToken = token;
-          done();
-        })
-        .catch(done);
-      });
-
-      before(done => {
-        testGallery.userID = this.tempUser._id.toString();
-        new Gallery(testGallery).save()
-        .then(gallery => {
-          this.tempGallery = gallery;
-          done();
-        })
-        .catch(done);
-      });
-
-      after(done => {
-        delete testGallery.userID;
-        done();
-      });
+  afterEach(done => {
+    delete testGallery.userID;
+    done();
+  });
 
+  describe('POST: /api/gallery/:galleryID/pic', () => {
+    describe('with a valid body', () => {
       it('should return a pic', done => {
         request.post(`${url}/api/gallery/${this.tempGallery._id.toString()}/pic`)
         .set( { Authorization: `Bearer ${this.tempToken}` } )
@@ -80,6 +78,7 @@ describe('Pic Routes', function() {
         .attach('image', testPic.image)
         .end((err, res) => {
           if (err) return done(err);
+          console.log('res.body', res.body);
           expect(res.body.name).to.equal(testPic.name);
           expect(res.body.desc).to.equal(testPic.desc);
           expect(res.body.galleryID).to.equal(this.tempGallery._id.toString());
@@ -89,5 +88,74 @@ describe('Pic Routes', function() {
         });
       });
     });
+    describe('without a valid body', () => {
+      it('should return a 400 error', done => {
+        request.post(`${url}/api/gallery/${this.tempGallery._id.toString()}/pic`)
+        .set( { Authorization: `Bearer ${this.tempToken}`} )
+        .end(err => {
+          expect(err.status).to.equal(400);
+          done();
+        });
+      });
+    });
+    describe('with an invalid galleryID', () => {
+      it('should return a 404 error', done => {
+        request.post(`${url}/api/gallery/00p5th1515s0wr0ng/pic`)
+        .set( { Authorization: `Bearer ${this.tempToken}` } )
+        .field('name', testPic.name)
+        .field('desc', testPic.desc)
+        .attach('image', testPic.image)
+        .end(err => {
+          expect(err.status).to.equal(404);
+          done();
+        });
+      });
+    });
   });
 });
+  // describe('DELETE: /api/gallery/:galleryID/pic/:picID', () => {
+  //   describe('with valid pic, user, and gallery ids', () => {
+  //     before(done => {
+  //       request.post(`${url}/api/gallery/${this.tempGallery._id.toString()}/pic`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .field('name', testPic.name)
+  //       .field('desc', testPic.desc)
+  //       .attach('image', testPic.image)
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         this.tempPic = res.body;
+  //         console.log('this.tempPic in before', this.tempPic)
+  //         done();
+  //       });
+  //       done();
+  //     });
+      // before(done => {
+      //   let picProps = {
+      //     name: testPic.name,
+      //     desc: testPic.desc,
+      //     userID: this.tempUser._id,
+      //     galleryID: this.tempGallery._id,
+      //     objectKey: '077a7aa47fd359ad6d14d95db1bbb31a.png',
+      //     imageURI: 'https://cfgrambackend42.s3.amazonaws.com/077a7aa47fd359ad6d14d95db1bbb31a.png'
+      //   }
+      //   new Pic(picProps).save()
+      //   .then(pic => {
+      //     console.log('PIC', pic);
+      //     this.tempPic = pic;
+      //     done();
+      //   })
+      //   .catch(done);
+      // });
+  //     it('should return a 204 code', done => {
+  //       request.delete(`${url}/api/gallery/${this.tempGallery._id.toString()}/pic/${this.tempPic._id.toString()}`)
+  //       .set( { Authorization: `Bearer ${this.tempToken}` } )
+  //       .end((err, res) => {
+  //         if (err) return done(err);
+  //         console.log('res body in it', res.body);
+  //         expect(res.status).to.equal(204);
+  //         done();
+  //       });
+  //     });
+  //   });
+  // });
+// });