diff options
| -rw-r--r-- | package.json | 2 | ||||
| -rw-r--r-- | src/controller/friend.ts | 22 | ||||
| -rw-r--r-- | src/route/friend.ts | 3 | ||||
| -rw-r--r-- | src/service/friend.ts | 38 |
4 files changed, 60 insertions, 5 deletions
diff --git a/package.json b/package.json index 8112ccf..2a7c651 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "financer", - "version": "0.2.0", + "version": "0.3.0", "description": "Pocket Money Tracker", "main": "dist/index.js", "scripts": { diff --git a/src/controller/friend.ts b/src/controller/friend.ts index f528858..5d76350 100644 --- a/src/controller/friend.ts +++ b/src/controller/friend.ts @@ -17,7 +17,7 @@ import { Request, Response } from "express"; import { getFriendToken } from "../util/auth"; -import { friend, unfriend, list } from "../service/friend"; +import { friend, unfriend, list, get } from "../service/friend"; import jwt from "jsonwebtoken"; import {readById} from "../service/user"; @@ -117,9 +117,27 @@ const listFriends = async (req: Request, res: Response) => { } } +const getFriend = async (req: Request, res: Response) => { + try { + // @ts-ignore + const friend = await get(req.userId, parseInt(req.params.friendId)) // TODO: handle non int value passed (bad req) + // @ts-ignore + res.status(200).json({ friend: friend }); + } catch(error) { + // @ts-ignore + if (error.message == "forbidden") { + res.status(403).json({ error: "You are not allowed to view this profile." }); + } else { + res.status(500).json({ error: "Internal Server Error" }); + console.error(error); + } + } +} + export { friendRequest, addFriend, removeFriend, - listFriends + listFriends, + getFriend } diff --git a/src/route/friend.ts b/src/route/friend.ts index f477c23..31a51d3 100644 --- a/src/route/friend.ts +++ b/src/route/friend.ts @@ -16,11 +16,12 @@ */ import { Router } from "express"; -import { listFriends, friendRequest, addFriend, removeFriend } from "../controller/friend"; +import { listFriends, getFriend, friendRequest, addFriend, removeFriend } from "../controller/friend"; const router: Router = Router(); router.get("/", listFriends); +router.get("/:friendId", getFriend); router.get("/code", friendRequest); router.post("/", addFriend); router.delete("/", removeFriend); diff --git a/src/service/friend.ts b/src/service/friend.ts index 8b5ab38..8266323 100644 --- a/src/service/friend.ts +++ b/src/service/friend.ts @@ -66,8 +66,44 @@ const list = async (userId: Number) => { }) } +const get = async (userId: Number, friendId: Number) => { + // Verify that users are friends. Seeing a non-friend's profile isn't allowed + const friendship = await prisma.friend.findFirst({ + // @ts-ignore + where: { + AND: [ + // @ts-ignore + { userId: userId }, + // @ts-ignore + { friendId: friendId }, + ] + } + }) + + if (friendship == null) { + // user isn't friends with them + throw new Error("forbidden"); + } + + const friend = await prisma.user.findUnique({ + // @ts-ignore + where: { id: friendId } + }) + // @ts-ignore + delete friend["password"]; + // @ts-ignore + delete friend["refreshTokenVersion"]; + // @ts-ignore + delete friend["createdAt"]; + // @ts-ignore + delete friend["updatedAt"]; + + return friend; +} + export { friend, unfriend, - list + list, + get }
\ No newline at end of file |