update sessions

controllers/users.controller.js

@@ -114,13 +114,24 @@ class UserController {
                 .first()
                 .throwIfNotFound();
             const hash = crypto.pbkdf2Sync(password, user.salt, 100, 32, 'sha256').toString('hex');
-            if (user.password === hash)
+            if (user.password === hash) {
+                const {password,salt, ...userAttributes} = user;
+                req.session.user = userAttributes;
                 return res.json(user);
-            return next(createError(403, 'username of password incorrect'));
+            }
+            return next(createError(403, 'Username or password incorrect'));
         } catch (err) {
             next(err);
         }
     }
+
+    static async logout(req,res,next) {
+        req.session.destroy(err => {
+            if (err)
+                next(err);
+            res.json({message: "Logged out successfully"})
+        });
+    }
 }
 
 module.exports = UserController;

controllers/wells.controller.js

@@ -15,7 +15,9 @@ class WellController {
         try {
             const wells = await Well.query()
                 .select()
+                .column(['id', 'name', 'depth', 'volume'])
                 .where('is_active', true)
+                .eager('readings')
                 .throwIfNotFound();
             res.json(wells)
         } catch (err) {
@@ -81,17 +83,23 @@ class WellController {
 
     /**
      * Create a reading for an existing well
+     * POST
+     * for example:
+     * {
+     *     "reading":3.5
+     * }
      * @param req
      * @param res
      * @param next
      * @returns {Promise<void>}
      */
     static async createWellReading(req, res, next) {
         try {
-            const reading = req.body;
-            reading.well_id = parseInt(req.params.id);
+            const readingObject = req.body;
+            readingObject.reading /= 100; // Conversion centimeter to meter
+            readingObject.well_id = parseInt(req.params.id);
             const createdReading = await Reading.query()
-                .insertGraph(reading)
+                .insertGraph(readingObject)
                 .eager('well')
                 .throwIfNotFound();
             res.json(createdReading);

helpers/http-status-codes.js

@@ -0,0 +1,18 @@
+module.exports = {
+    /* Success */
+    OK: 200,
+    CREATED: 201,
+    ACCEPTED: 202,
+    NO_CONTENT: 204,
+    /* Client Error */
+    BAD_REQUEST: 400,
+    NOT_AUTHORIZED: 401,
+    FORBIDDEN: 403,
+    NOT_FOUND: 404,
+    NOT_ACCEPTABLE: 406,
+    CONFLICT: 409,
+    /* Server Error */
+    INTERNAL_SERVER_ERROR: 500,
+    NOT_IMPLEMENTED: 501,
+    BAD_GATEWAY: 502,
+};

helpers/index.js

@@ -0,0 +1,5 @@
+const HttpStatusCode = require('./http-status-codes');
+
+module.exports = {
+    ...HttpStatusCode
+};

models/Well.js

@@ -9,7 +9,7 @@ class Well extends BaseModel {
     static get jsonSchema() {
         return {
             type: 'object',
-            // required: [],
+            required: ['name','depth','volume'],
             properties: {
                 id: {type: 'integer'},
                 name: {type: 'string'},

routes/middlewares.js

@@ -31,6 +31,15 @@ const isAdmin = (req, res, next) => {
     }
 };
 
+const isSameUser = (req, res, next) => {
+    const {session:{user=null}} = req;
+    if (user && user.id && parseInt(req.params.id) === user.id) {
+        next();
+    } else {
+        next(createError(FORBIDDEN, "Forbidden"));
+    }
+};
+
 const newUserValidation = [
     check('first_name')
         .not()
@@ -93,6 +102,7 @@ module.exports = {
     isAdmin,
     isNotLogged,
     isLogged,
+    isSameUser,
     newUserValidation,
     readingValidation,
     newWellValidation

routes/users.js

@@ -1,31 +1,32 @@
 const express = require('express');
 const router = express.Router();
 const {UserController} = require('../controllers');
-const {isLogged,isNotLogged, newUserValidation} = require('./middlewares');
+const {isLogged, isAdmin, isNotLogged, isSameUser, newUserValidation} = require('./middlewares');
+
 /**
  * GET
  */
 
-router.get('/',isLogged, UserController.getAllUsers);
-router.get('/:id',isLogged, UserController.getUserById);
+router.get('/', isLogged, UserController.getAllUsers);
+router.get('/:id(\d+)', isLogged, UserController.getUserById);
 
 /**
  * POST
  */
 
-router.post('/',isLogged, newUserValidation, UserController.createUser);
-router.post('/login',isNotLogged, UserController.login);
+router.post('/', isAdmin, newUserValidation, UserController.createUser);
+router.post('/login', isNotLogged, UserController.login);
 
 /**
  * PUT
  */
 
-router.put('/:id',isLogged, UserController.updateUserById);
+router.put('/:id(\d+)', isLogged, isSameUser, UserController.updateUserById);
 
 /**
  * DELETE
  */
 
-router.delete('/:id',isLogged, UserController.softDeleteUserById);
+router.delete('/:id(\d+)', isAdmin, UserController.softDeleteUserById);
 
 module.exports = router;

routes/wells.js

@@ -7,26 +7,26 @@ const {isLogged, isAdmin, newWellValidation, readingValidation} = require("./mid
  */
 
 router.get('/', isLogged, WellController.getAllWells);
-router.get('/:id', isLogged, WellController.getWellById);
+router.get('/:id(\d+)', isLogged, WellController.getWellById);
 router.get('/:id/readings', isLogged, WellController.getWellReadingsById);
 
 /**
  * POST
  */
 
 router.post('/', isAdmin, newWellValidation, WellController.createWell);
-router.post('/:id/readings', isLogged, readingValidation, WellController.createWellReading);
+router.post('/:id(\d+)/readings', isLogged, readingValidation, WellController.createWellReading);
 
 /**
  * PUT
  */
 
-router.put('/:id', isAdmin, WellController.updateWellById);
+router.put('/:id(\d+)', isAdmin, WellController.updateWellById);
 
 /**
  * DELETE
  */
 
-router.delete('/:id', isAdmin, WellController.softDeleteWellById);
+router.delete('/:id(\d+)', isAdmin, WellController.softDeleteWellById);
 
 module.exports = router;