Merge pull request #102 from njxue/history-403

Use verifyAccessToken instead of authenticateToken

Author: Nephelite

backend/.prettierrc

@@ -0,0 +1 @@
+{ "printWidth": 120 }

backend/question-service/controllers/historyController.ts

@@ -1,35 +1,20 @@
-import { Response } from 'express';
-import historyEntryModel from '../models/HistoryEntry';
-import { AuthenticatedRequest } from 'middlewares/auth';
+import { Response, Request } from "express";
+import historyEntryModel from "../models/HistoryEntry";
 
 const getErrorMessage = (error: unknown): string => {
   if (error instanceof Error) return error.message;
-  return 'An unexpected error occurred';
+  return "An unexpected error occurred";
 };
 
-const extractUserIdFromToken = (req: AuthenticatedRequest): string | null => {
-    const userId = req.userId;
-    if (!userId) {
-      console.error('userId missing - Token is likely invalid');
-      return null;
-    }
-    return userId
-  };
-
-export const getUserHistoryEntries = async (req: AuthenticatedRequest, res: Response) => {
+export const getUserHistoryEntries = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
+    const userId = req.userId;
 
-    const historyEntries = await historyEntryModel.find({ userId })
-    .populate({
-      path: 'question',
+    const historyEntries = await historyEntryModel.find({ userId }).populate({
+      path: "question",
       populate: {
-        path: 'categories',
-        model: 'category',
+        path: "categories",
+        model: "category",
       },
     });
     const historyViewModels = historyEntries.map((entry) => {
@@ -43,25 +28,22 @@ export const getUserHistoryEntries = async (req: AuthenticatedRequest, res: Resp
         difficulty: entry.question.difficulty,
         topics: entry.question.categories.map((cat: any) => cat.name),
         attemptCodes: entry.attemptCodes,
-    }});
+      };
+    });
     res.status(200).json(historyViewModels);
   } catch (error) {
     res.status(500).json({ error: getErrorMessage(error) });
   }
 };
 
-export const createOrUpdateUserHistoryEntry = async (req: AuthenticatedRequest, res: Response) => {
+export const createOrUpdateUserHistoryEntry = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
+    const userId = req.userId;
 
     const { questionId, roomId, attemptStartedAt, attemptCompletedAt, collaboratorId, attemptCode } = req.body;
 
     if (!roomId) {
-      return res.status(400).json({ error: 'roomId is required' });
+      return res.status(400).json({ error: "roomId is required" });
     }
 
     const existingEntry = await historyEntryModel.findOne({ userId, roomId });
@@ -96,13 +78,9 @@ export const createOrUpdateUserHistoryEntry = async (req: AuthenticatedRequest,
   }
 };
 
-export const removeRoomIdPresence = async (req: AuthenticatedRequest, res: Response) => {
+export const removeRoomIdPresence = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
+    const userId = req.userId;
     const { roomId } = req.params;
 
     const existingEntries = await historyEntryModel.find({ roomId });
@@ -114,41 +92,32 @@ export const removeRoomIdPresence = async (req: AuthenticatedRequest, res: Respo
       updatedEntries.push(entry._id.toString());
     });
 
-    return res.status(200).json({ updatedEntries })
+    return res.status(200).json({ updatedEntries });
   } catch (error) {
     return res.status(500).json({ error: getErrorMessage(error) });
   }
-}
+};
 
-export const deleteUserHistoryEntry = async (req: AuthenticatedRequest, res: Response) => {
+export const deleteUserHistoryEntry = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
-
+    const userId = req.userId;
     const { id } = req.params;
 
     const deletedEntry = await historyEntryModel.findOneAndDelete({ _id: id, userId });
 
     if (!deletedEntry) {
-      return res.status(404).json({ message: 'History entry not found' });
+      return res.status(404).json({ message: "History entry not found" });
     }
 
-    res.status(200).json({ message: 'History entry deleted successfully' });
+    res.status(200).json({ message: "History entry deleted successfully" });
   } catch (error) {
     res.status(500).json({ error: getErrorMessage(error) });
   }
 };
 
-export const deleteUserHistoryEntries = async (req: AuthenticatedRequest, res: Response) => {
+export const deleteUserHistoryEntries = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
+    const userId = req.userId;
 
     const { ids } = req.body;
     if (!Array.isArray(ids)) {
@@ -162,13 +131,9 @@ export const deleteUserHistoryEntries = async (req: AuthenticatedRequest, res: R
   }
 };
 
-export const deleteAllUserHistoryEntries = async (req: AuthenticatedRequest, res: Response) => {
+export const deleteAllUserHistoryEntries = async (req: any, res: Response) => {
   try {
-    const userId = extractUserIdFromToken(req);
-
-    if (!userId) {
-      return res.status(401).json({ error: 'Invalid or missing token' });
-    }
+    const userId = req.userId;
 
     const result = await historyEntryModel.deleteMany({ userId });
     res.status(200).json({

backend/question-service/middlewares/auth.ts

@@ -26,6 +26,7 @@ export function verifyAccessToken(req: any, res: any, next: any) {
       return res.status(401).json({ message: `Unauthorized: ${err.message}` });
     }
     req.isAdmin = user.isAdmin;
+    req.userId = user.id;
     next();
   });
 }

backend/question-service/middlewares/basic-access-control.ts

@@ -1,21 +1,21 @@
-import express from 'express';
+import express from "express";
 import {
   getUserHistoryEntries,
   createOrUpdateUserHistoryEntry,
   deleteUserHistoryEntry,
   deleteUserHistoryEntries,
   deleteAllUserHistoryEntries,
   removeRoomIdPresence,
-} from '../controllers/historyController';
-import { authenticateToken } from '../middlewares/auth';
+} from "../controllers/historyController";
+import { verifyAccessToken } from "../middlewares/basic-access-control";
 
 const router = express.Router();
 
-router.get("/", authenticateToken, getUserHistoryEntries);
-router.post("/", authenticateToken, createOrUpdateUserHistoryEntry);
-router.post("/room/:id", authenticateToken, removeRoomIdPresence);
-router.delete("/user/:id", authenticateToken, deleteUserHistoryEntry);
-router.delete("/user", authenticateToken, deleteUserHistoryEntries);
-router.delete("/all", authenticateToken, deleteAllUserHistoryEntries);
+router.get("/", verifyAccessToken, getUserHistoryEntries);
+router.post("/", verifyAccessToken, createOrUpdateUserHistoryEntry);
+router.post("/room/:id", verifyAccessToken, removeRoomIdPresence);
+router.delete("/user/:id", verifyAccessToken, deleteUserHistoryEntry);
+router.delete("/user", verifyAccessToken, deleteUserHistoryEntries);
+router.delete("/all", verifyAccessToken, deleteAllUserHistoryEntries);
 
 export default router;