CS3219-AY2425S1
diff --git a/‎backend/user-service/.env.sample‎
Lines changed: 0 additions & 4 deletions b/‎backend/user-service/.env.sample‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎backend/user-service/index.js‎ renamed to ‎backend/user-service/app.ts‎
Lines changed: 4 additions & 20 deletions b/‎backend/user-service/index.js‎ renamed to ‎backend/user-service/app.ts‎
Lines changed: 4 additions & 20 deletions
diff --git a/‎backend/user-service/controller/auth-controller.js‎ renamed to ‎backend/user-service/controller/auth-controller.ts‎
Lines changed: 21 additions & 10 deletions b/‎backend/user-service/controller/auth-controller.js‎ renamed to ‎backend/user-service/controller/auth-controller.ts‎
Lines changed: 21 additions & 10 deletions
diff --git a/‎backend/user-service/controller/user-controller.js‎ renamed to ‎backend/user-service/controller/user-controller.ts‎
Lines changed: 18 additions & 13 deletions b/‎backend/user-service/controller/user-controller.js‎ renamed to ‎backend/user-service/controller/user-controller.ts‎
Lines changed: 18 additions & 13 deletions
diff --git a/‎backend/user-service/middleware/basic-access-control.js‎ renamed to ‎backend/user-service/middleware/basic-access-control.ts‎
Lines changed: 18 additions & 10 deletions b/‎backend/user-service/middleware/basic-access-control.js‎ renamed to ‎backend/user-service/middleware/basic-access-control.ts‎
Lines changed: 18 additions & 10 deletions
diff --git a/‎backend/user-service/model/repository.js‎
Lines changed: 0 additions & 71 deletions b/‎backend/user-service/model/repository.js‎
Lines changed: 0 additions & 71 deletions
@@ -1,9 +1,5 @@
 DB_CLOUD_URI=<CONNECTION_STRING>
-DB_LOCAL_URI=mongodb://127.0.0.1:27017/peerprepUserServiceDB
 PORT=3001
 
-# Will use cloud MongoDB Atlas database
-ENV=PROD
-
 # Secret for creating JWT signature
 JWT_SECRET=you-can-replace-this-with-your-own-secret
@@ -1,4 +1,4 @@
-import express from "express";
+import express, { Request, Response, NextFunction } from "express";
 import cors from "cors";
 
 import userRoutes from "./routes/user-routes.js";
@@ -12,12 +12,12 @@ app.use(cors()); // config cors so that front-end can use
 app.options("*", cors());
 
 // To handle CORS Errors
-app.use((req, res, next) => {
+app.use((req: Request, res: Response, next: NextFunction) => {
   res.header("Access-Control-Allow-Origin", "*"); // "*" -> Allow all links to access
 
   res.header(
     "Access-Control-Allow-Headers",
-    "Origin, X-Requested-With, Content-Type, Accept, Authorization",
+    "Origin, X-Requested-With, Content-Type, Accept, Authorization"
   );
 
   // Browsers usually send this before PUT or POST Requests
@@ -33,27 +33,11 @@ app.use((req, res, next) => {
 app.use("/users", userRoutes);
 app.use("/auth", authRoutes);
 
-app.get("/", (req, res, next) => {
+app.get("/", (req: Request, res: Response, next: NextFunction) => {
   console.log("Sending Greetings!");
   res.json({
     message: "Hello World from user-service",
   });
 });
 
-// Handle When No Route Match Is Found
-app.use((req, res, next) => {
-  const error = new Error("Route Not Found");
-  error.status = 404;
-  next(error);
-});
-
-app.use((error, req, res, next) => {
-  res.status(error.status || 500);
-  res.json({
-    error: {
-      message: error.message,
-    },
-  });
-});
-
 export default app;
@@ -1,9 +1,11 @@
+import { Response } from "express";
 import bcrypt from "bcrypt";
 import jwt from "jsonwebtoken";
 import { findUserByEmail as _findUserByEmail } from "../model/repository.js";
 import { formatUserResponse } from "./user-controller.js";
+import { AuthenticatedRequest } from "../types/request.js";
 
-export async function handleLogin(req, res) {
+export async function handleLogin(req: AuthenticatedRequest, res: Response): Promise<Response> {
   const { email, password } = req.body;
   if (email && password) {
     try {
@@ -17,25 +19,34 @@ export async function handleLogin(req, res) {
         return res.status(401).json({ message: "Wrong email and/or password" });
       }
 
-      const accessToken = jwt.sign({
-        id: user.id,
-      }, process.env.JWT_SECRET, {
-        expiresIn: "1d",
-      });
-      return res.status(200).json({ message: "User logged in", data: { accessToken, ...formatUserResponse(user) } });
+      const accessToken = jwt.sign(
+        {
+          id: user.id,
+        },
+        process.env.JWT_SECRET as string,
+        {
+          expiresIn: "1d",
+        }
+      );
+      return res
+        .status(200)
+        .json({ message: "User logged in", data: { accessToken, ...formatUserResponse(user) } });
     } catch (err) {
-      return res.status(500).json({ message: err.message });
+      return res.status(500).json({ message: "Server error", err });
     }
   } else {
     return res.status(400).json({ message: "Missing email and/or password" });
   }
 }
 
-export async function handleVerifyToken(req, res) {
+export async function handleVerifyToken(
+  req: AuthenticatedRequest,
+  res: Response
+): Promise<Response> {
   try {
     const verifiedUser = req.user;
     return res.status(200).json({ message: "Token verified", data: verifiedUser });
   } catch (err) {
-    return res.status(500).json({ message: err.message });
+    return res.status(500).json({ message: "Server error", err });
   }
 }
@@ -1,3 +1,4 @@
+import { Request, Response } from "express";
 import bcrypt from "bcrypt";
 import { isValidObjectId } from "mongoose";
 import {
@@ -10,9 +11,10 @@ import {
   findUserByUsernameOrEmail as _findUserByUsernameOrEmail,
   updateUserById as _updateUserById,
   updateUserPrivilegeById as _updateUserPrivilegeById,
-} from "../model/repository.js";
+} from "../model/repository";
+import { IUser } from "../model/user-model";
 
-export async function createUser(req, res) {
+export async function createUser(req: Request, res: Response): Promise<Response> {
   try {
     const { username, email, password } = req.body;
     if (username && email && password) {
@@ -37,7 +39,7 @@ export async function createUser(req, res) {
   }
 }
 
-export async function getUser(req, res) {
+export async function getUser(req: Request, res: Response): Promise<Response> {
   try {
     const userId = req.params.id;
     if (!isValidObjectId(userId)) {
@@ -56,7 +58,7 @@ export async function getUser(req, res) {
   }
 }
 
-export async function getAllUsers(req, res) {
+export async function getAllUsers(req: Request, res: Response): Promise<Response> {
   try {
     const users = await _findAllUsers();
 
@@ -67,7 +69,7 @@ export async function getAllUsers(req, res) {
   }
 }
 
-export async function updateUser(req, res) {
+export async function updateUser(req: Request, res: Response): Promise<Response> {
   try {
     const { username, email, password } = req.body;
     if (username || email || password) {
@@ -90,30 +92,33 @@ export async function updateUser(req, res) {
         }
       }
 
-      let hashedPassword;
+      let hashedPassword: string = "";
       if (password) {
         const salt = bcrypt.genSaltSync(10);
         hashedPassword = bcrypt.hashSync(password, salt);
       }
       const updatedUser = await _updateUserById(userId, username, email, hashedPassword);
       return res.status(200).json({
         message: `Updated data for user ${userId}`,
-        data: formatUserResponse(updatedUser),
+        data: formatUserResponse(updatedUser as IUser),
       });
     } else {
-      return res.status(400).json({ message: "No field to update: username and email and password are all missing!" });
+      return res
+        .status(400)
+        .json({ message: "No field to update: username and email and password are all missing!" });
     }
   } catch (err) {
     console.error(err);
     return res.status(500).json({ message: "Unknown error when updating user!" });
   }
 }
 
-export async function updateUserPrivilege(req, res) {
+export async function updateUserPrivilege(req: Request, res: Response): Promise<Response> {
   try {
     const { isAdmin } = req.body;
 
-    if (isAdmin !== undefined) {  // isAdmin can have boolean value true or false
+    if (isAdmin !== undefined) {
+      // isAdmin can have boolean value true or false
       const userId = req.params.id;
       if (!isValidObjectId(userId)) {
         return res.status(404).json({ message: `User ${userId} not found` });
@@ -126,7 +131,7 @@ export async function updateUserPrivilege(req, res) {
       const updatedUser = await _updateUserPrivilegeById(userId, isAdmin === true);
       return res.status(200).json({
         message: `Updated privilege for user ${userId}`,
-        data: formatUserResponse(updatedUser),
+        data: formatUserResponse(updatedUser as IUser),
       });
     } else {
       return res.status(400).json({ message: "isAdmin is missing!" });
@@ -137,7 +142,7 @@ export async function updateUserPrivilege(req, res) {
   }
 }
 
-export async function deleteUser(req, res) {
+export async function deleteUser(req: Request, res: Response): Promise<Response> {
   try {
     const userId = req.params.id;
     if (!isValidObjectId(userId)) {
@@ -156,7 +161,7 @@ export async function deleteUser(req, res) {
   }
 }
 
-export function formatUserResponse(user) {
+export function formatUserResponse(user: IUser) {
   return {
     id: user.id,
     username: user.username,
 
@@ -1,16 +1,18 @@
+import { NextFunction, Response } from "express";
 import jwt from "jsonwebtoken";
-import { findUserById as _findUserById } from "../model/repository.js";
+import { findUserById as _findUserById } from "../model/repository";
+import { AuthenticatedRequest } from "../types/request";
 
-export function verifyAccessToken(req, res, next) {
+export function verifyAccessToken(req: AuthenticatedRequest, res: Response, next: NextFunction) {
   const authHeader = req.headers["authorization"];
   if (!authHeader) {
     return res.status(401).json({ message: "Authentication failed" });
   }
 
   // request auth header: `Authorization: Bearer + <access_token>`
   const token = authHeader.split(" ")[1];
-  jwt.verify(token, process.env.JWT_SECRET, async (err, user) => {
-    if (err) {
+  jwt.verify(token, process.env.JWT_SECRET as string, async (err, user) => {
+    if (err || !user || typeof user === "string") {
       return res.status(401).json({ message: "Authentication failed" });
     }
 
@@ -20,26 +22,32 @@ export function verifyAccessToken(req, res, next) {
       return res.status(401).json({ message: "Authentication failed" });
     }
 
-    req.user = { id: dbUser.id, username: dbUser.username, email: dbUser.email, isAdmin: dbUser.isAdmin };
+    req.user = {
+      id: dbUser.id,
+      username: dbUser.username,
+      email: dbUser.email,
+      isAdmin: dbUser.isAdmin,
+    };
     next();
   });
 }
 
-export function verifyIsAdmin(req, res, next) {
-  if (req.user.isAdmin) {
+export function verifyIsAdmin(req: AuthenticatedRequest, res: Response, next: NextFunction) {
+  if (req.user?.isAdmin) {
     next();
   } else {
     return res.status(403).json({ message: "Not authorized to access this resource" });
   }
 }
 
-export function verifyIsOwnerOrAdmin(req, res, next) {
-  if (req.user.isAdmin) {
+export function verifyIsOwnerOrAdmin(req: AuthenticatedRequest, res: Response, next: NextFunction) {
+  if (req.user?.isAdmin) {
     return next();
   }
 
   const userIdFromReqParams = req.params.id;
-  const userIdFromToken = req.user.id;
+  const userIdFromToken = req.user?.id;
+
   if (userIdFromReqParams === userIdFromToken) {
     return next();
   }