diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/controller/friend.ts | 44 | ||||
| -rw-r--r-- | src/route/friend.ts | 3 | ||||
| -rw-r--r-- | src/service/friend.ts | 52 |
3 files changed, 84 insertions, 15 deletions
diff --git a/src/controller/friend.ts b/src/controller/friend.ts index a73d3d1..4690f39 100644 --- a/src/controller/friend.ts +++ b/src/controller/friend.ts @@ -17,8 +17,9 @@ import { Request, Response } from "express"; import { getFriendToken } from "../util/auth"; -import { friend, unfriend, list } from "../service/friend"; +import { friend, unfriend, list, get } from "../service/friend"; import jwt from "jsonwebtoken"; +import {readById} from "../service/user"; const friendRequest = async (req: Request, res: Response) => { try { @@ -55,12 +56,21 @@ const addFriend = async (req: Request, res: Response) => { } else { try { // @ts-ignore - const _ = await friend(claims.userId, req.userId); - res.status(200).json({ message: "success" }); + const f = await friend(claims.userId, req.userId); + // @ts-ignore + delete f["password"]; + // @ts-ignore + delete f["refreshTokenVersion"]; + // @ts-ignore + delete f["createdAt"]; + // @ts-ignore + delete f["updatedAt"]; + + res.status(200).json({ friend: f }); } catch (error) { // @ts-ignore if (error.code == "P2002") { - res.status(409).json({ error: "Already friends" }); + res.status(409).json({error: "Already friends"}); } else { res.status(500).json({ error: "Internal Server Error" }); console.error(error); @@ -77,9 +87,11 @@ const addFriend = async (req: Request, res: Response) => { const removeFriend = async (req: Request, res: Response) => { try { + if (req.body.friendId === undefined || req.body.friendId === null || !Number.isInteger(req.body.friendId)) { + res.status(400).json({ message: "Invalid Friend ID" }); // @ts-ignore - if (req.userId == req.body.friendId) { - res.status(400).json({ message: "Attempted to unfriend self" }); + } else if (req.userId == req.body.friendId) { + res.status(400).json({message: "Attempted to unfriend self"}); } else { // @ts-ignore const { count } = await unfriend(req.userId, req.body.friendId) @@ -107,9 +119,27 @@ const listFriends = async (req: Request, res: Response) => { } } +const getFriend = async (req: Request, res: Response) => { + try { + // @ts-ignore + const friend = await get(req.userId, parseInt(req.params.friendId)) // TODO: handle non int value passed (bad req) + // @ts-ignore + res.status(200).json({ friend: friend }); + } catch(error) { + // @ts-ignore + if (error.message == "forbidden") { + res.status(403).json({ error: "You are not allowed to view this profile." }); + } else { + res.status(500).json({ error: "Internal Server Error" }); + console.error(error); + } + } +} + export { friendRequest, addFriend, removeFriend, - listFriends + listFriends, + getFriend } diff --git a/src/route/friend.ts b/src/route/friend.ts index f477c23..e52226a 100644 --- a/src/route/friend.ts +++ b/src/route/friend.ts @@ -16,12 +16,13 @@ */ import { Router } from "express"; -import { listFriends, friendRequest, addFriend, removeFriend } from "../controller/friend"; +import { listFriends, getFriend, friendRequest, addFriend, removeFriend } from "../controller/friend"; const router: Router = Router(); router.get("/", listFriends); router.get("/code", friendRequest); +router.get("/:friendId", getFriend); router.post("/", addFriend); router.delete("/", removeFriend); diff --git a/src/service/friend.ts b/src/service/friend.ts index 6986858..1f30760 100644 --- a/src/service/friend.ts +++ b/src/service/friend.ts @@ -16,10 +16,11 @@ */ import prisma from "../util/prisma"; +import { readById } from "./user"; const friend = async (userId: Number, friendId: Number) => { - // will return error P2002 if already friends - return prisma.friend.createMany({ + // will throw error P2002 if already friends + await prisma.friend.createMany({ data: [ // @ts-ignore { userId: userId, friendId: friendId }, @@ -28,17 +29,18 @@ const friend = async (userId: Number, friendId: Number) => { { userId: friendId, friendId: userId } ] }) + + return readById(userId); } -const unfriend = async (userId: Number, friendId: Number) => { +const unfriend = (userId: Number, friendId: Number) => { return prisma.friend.deleteMany({ where: { OR: [ // @ts-ignore - { userId: userId }, - + { userId: userId, friendId: friendId }, // @ts-ignore - { userId: friendId }, + { userId: friendId, friendId: userId } ] } }) @@ -63,8 +65,44 @@ const list = async (userId: Number) => { }) } +const get = async (userId: Number, friendId: Number) => { + // Verify that users are friends. Seeing a non-friend's profile isn't allowed + const friendship = await prisma.friend.findFirst({ + // @ts-ignore + where: { + AND: [ + // @ts-ignore + { userId: userId }, + // @ts-ignore + { friendId: friendId }, + ] + } + }) + + if (friendship == null) { + // user isn't friends with them + throw new Error("forbidden"); + } + + const friend = await prisma.user.findUnique({ + // @ts-ignore + where: { id: friendId } + }) + // @ts-ignore + delete friend["password"]; + // @ts-ignore + delete friend["refreshTokenVersion"]; + // @ts-ignore + delete friend["createdAt"]; + // @ts-ignore + delete friend["updatedAt"]; + + return friend; +} + export { friend, unfriend, - list + list, + get }
\ No newline at end of file |