Add additional information to User schema

Author: guanquann

backend/user-service/controller/auth-controller.ts

@@ -25,7 +25,7 @@ export async function handleLogin(req: AuthenticatedRequest, res: Response): Pro
         },
         process.env.JWT_SECRET as string,
         {
-          expiresIn: "1d",
+          expiresIn: "7d",
         }
       );
       return res

backend/user-service/controller/user-controller.ts

@@ -12,15 +12,31 @@ import {
   updateUserById as _updateUserById,
   updateUserPrivilegeById as _updateUserPrivilegeById,
 } from "../model/repository";
+import { validateEmail, validateUsername, validatePassword } from "../utils/validators";
 import { IUser } from "../model/user-model";
 
 export async function createUser(req: Request, res: Response): Promise<Response> {
   try {
     const { username, email, password } = req.body;
+    const existingUser = await _findUserByUsernameOrEmail(username, email);
+    if (existingUser) {
+      return res.status(409).json({ message: "username or email already exists" });
+    }
+
     if (username && email && password) {
-      const existingUser = await _findUserByUsernameOrEmail(username, email);
-      if (existingUser) {
-        return res.status(409).json({ message: "username or email already exists" });
+      const { isValid: isValidUsername, message: usernameMessage } = validateUsername(username);
+      if (!isValidUsername) {
+        return res.status(400).json({ message: usernameMessage });
+      }
+
+      const { isValid: isValidEmail, message: emailMessage } = validateEmail(email);
+      if (!isValidEmail) {
+        return res.status(400).json({ message: emailMessage });
+      }
+
+      const { isValid: isValidPassword, message: passwordMessage } = validatePassword(password);
+      if (!isValidPassword) {
+        return res.status(400).json({ message: passwordMessage });
       }
 
       const salt = bcrypt.genSaltSync(10);
@@ -71,8 +87,17 @@ export async function getAllUsers(req: Request, res: Response): Promise<Response
 
 export async function updateUser(req: Request, res: Response): Promise<Response> {
   try {
-    const { username, email, password } = req.body;
-    if (username || email || password) {
+    const { username, email, password, profile_picture_url, first_name, last_name, biography } =
+      req.body;
+    if (
+      username ||
+      email ||
+      password ||
+      profile_picture_url ||
+      first_name ||
+      last_name ||
+      biography
+    ) {
       const userId = req.params.id;
       if (!isValidObjectId(userId)) {
         return res.status(404).json({ message: `User ${userId} not found` });
@@ -92,12 +117,21 @@ export async function updateUser(req: Request, res: Response): Promise<Response>
         }
       }
 
-      let hashedPassword: string = "";
+      let hashedPassword: string | undefined;
       if (password) {
         const salt = bcrypt.genSaltSync(10);
         hashedPassword = bcrypt.hashSync(password, salt);
       }
-      const updatedUser = await _updateUserById(userId, username, email, hashedPassword);
+      const updatedUser = await _updateUserById(
+        userId,
+        username,
+        email,
+        hashedPassword,
+        profile_picture_url,
+        first_name,
+        last_name,
+        biography
+      );
       return res.status(200).json({
         message: `Updated data for user ${userId}`,
         data: formatUserResponse(updatedUser as IUser),
@@ -168,5 +202,10 @@ export function formatUserResponse(user: IUser) {
     email: user.email,
     isAdmin: user.isAdmin,
     createdAt: user.createdAt,
+
+    profile_picture_url: user.profile_picture_url,
+    first_name: user.first_name,
+    last_name: user.last_name,
+    biography: user.biography,
   };
 }

backend/user-service/model/repository.ts

@@ -1,6 +1,7 @@
 import UserModel, { IUser } from "./user-model";
 import "dotenv/config";
 import { connect } from "mongoose";
+import { faker } from "@faker-js/faker";
 
 export async function connectToDB() {
   const mongoDBUri: string | undefined = process.env.DB_CLOUD_URI;
@@ -17,7 +18,13 @@ export async function createUser(
   email: string,
   password: string
 ): Promise<IUser> {
-  return new UserModel({ username, email, password }).save();
+  return new UserModel({
+    username,
+    email,
+    password,
+    first_name: faker.person.firstName(),
+    last_name: faker.person.lastName(),
+  }).save();
 }
 
 export async function findUserByEmail(email: string): Promise<IUser | null> {
@@ -49,7 +56,11 @@ export async function updateUserById(
   userId: string,
   username: string,
   email: string,
-  password: string
+  password: string | undefined,
+  profile_picture_url: string,
+  first_name: string,
+  last_name: string,
+  biography: string
 ): Promise<IUser | null> {
   return UserModel.findByIdAndUpdate(
     userId,
@@ -58,6 +69,10 @@ export async function updateUserById(
         username,
         email,
         password,
+        profile_picture_url,
+        first_name,
+        last_name,
+        biography,
       },
     },
     { new: true } // return the updated user

backend/user-service/model/user-model.ts

@@ -6,6 +6,11 @@ export interface IUser extends Document {
   password: string;
   createdAt?: Date;
   isAdmin: boolean;
+
+  profile_picture_url?: string;
+  first_name?: string;
+  last_name?: string;
+  biography?: string;
 }
 
 const UserModelSchema: Schema<IUser> = new mongoose.Schema({
@@ -32,6 +37,23 @@ const UserModelSchema: Schema<IUser> = new mongoose.Schema({
     required: true,
     default: false,
   },
+  profile_picture_url: {
+    type: String,
+    required: false,
+  },
+  first_name: {
+    type: String,
+    required: false,
+  },
+  last_name: {
+    type: String,
+    required: false,
+  },
+  biography: {
+    type: String,
+    required: false,
+    default: "Hello World!",
+  },
 });
 
 const UserModel = mongoose.model<IUser>("UserModel", UserModelSchema);

backend/user-service/package-lock.json

@@ -17,16 +17,19 @@
     "@types/express": "^4.17.21",
     "@types/jsonwebtoken": "^9.0.7",
     "@types/node": "^22.5.5",
+    "@types/validator": "^13.12.2",
     "nodemon": "^3.1.4",
     "tsx": "^4.19.1",
     "typescript": "^5.6.2"
   },
   "dependencies": {
+    "@faker-js/faker": "^9.0.1",
     "bcrypt": "^5.1.1",
     "cors": "^2.8.5",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
     "jsonwebtoken": "^9.0.2",
-    "mongoose": "^8.5.4"
+    "mongoose": "^8.5.4",
+    "validator": "^13.12.0"
   }
 }

backend/user-service/package.json

@@ -6,5 +6,9 @@ export interface AuthenticatedRequest extends Request {
     username: string;
     email: string;
     isAdmin: boolean;
+    profile_picture_url?: string;
+    first_name?: string;
+    last_name?: string;
+    biography?: string;
   };
 }

backend/user-service/types/request.d.ts

@@ -0,0 +1,73 @@
+import validator from "validator";
+
+export function validateEmail(email: string): { isValid: boolean; message: string | null } {
+  if (!validator.isEmail(email)) {
+    return { isValid: false, message: "Email format is invalid" };
+  }
+  return { isValid: true, message: null };
+}
+
+export function validatePassword(password: string): { isValid: boolean; message: string | null } {
+  if (password.length < 8) {
+    return { isValid: false, message: "Password must be at least 8 characters long" };
+  }
+
+  if (!/[a-z]/.test(password)) {
+    return { isValid: false, message: "Password must contain at least 1 lowercase letter" };
+  }
+
+  if (!/[A-Z]/.test(password)) {
+    return { isValid: false, message: "Password must contain at least 1 uppercase letter" };
+  }
+
+  if (!/\d/.test(password)) {
+    return { isValid: false, message: "Password must contain at least 1 digit" };
+  }
+
+  if (!/[ `!@#$%^&*()_+\-=\[\]{};':"\\|,.<>\/?~]/.test(password)) {
+    return { isValid: false, message: "Password must contain at least 1 special character" };
+  }
+
+  return { isValid: true, message: null };
+}
+
+export function validateUsername(username: string): { isValid: boolean; message: string | null } {
+  if (!validator.isLength(username, { min: 6, max: 30 })) {
+    return { isValid: false, message: "Username must be between 6 and 30 characters long" };
+  }
+
+  if (!/^[a-zA-Z0-9._]+$/.test(username)) {
+    return {
+      isValid: false,
+      message: "Username must only contain alphanumeric characters, underscores, and full stops",
+    };
+  }
+
+  return { isValid: true, message: null };
+}
+
+export function validateName(
+  name: string,
+  type: "first name" | "last name"
+): { isValid: boolean; message: string | null } {
+  if (!validator.isLength(name, { max: 50 })) {
+    return { isValid: false, message: `${type} must be at most 50 characters long` };
+  }
+
+  if (!/^[a-zA-Z0-9\s]+$/.test(name)) {
+    return {
+      isValid: false,
+      message: `${type} must only contain alphanumeric characters and white spaces`,
+    };
+  }
+
+  return { isValid: true, message: null };
+}
+
+export function validateBiography(biography: string): { isValid: boolean; message: string | null } {
+  if (!validator.isLength(biography, { max: 255 })) {
+    return { isValid: false, message: "Biography must be at most 255 characters long" };
+  }
+
+  return { isValid: true, message: null };
+}