Create user's friends workflow (#3)

Author: Matheus Ishiyama

src/app.js

@@ -8,5 +8,6 @@ app.use(express.urlencoded({ extended: true }));
 //* routes
 app.use("/user", require("./routes/user"));
 app.use("/auth", require("./routes/auth"));
+app.use("/friend", require("./routes/friends"));
 
 module.exports = app;

src/controllers/user.js

@@ -16,6 +16,7 @@ const UserController = {
             verified: false,
             password: hashPassword,
             createdAt: Date.now(),
+            friendList: [],
         });
         await newUser.save();
 
@@ -39,6 +40,88 @@ const UserController = {
 
         return res.status(200).json({ message: "User confirmed" });
     },
+
+    async addPending(req, res) {
+        const userId = req.userId;
+        const newPendingId = req.body.friendId;
+
+        //* add friendId to pending status
+        await User.findOneAndUpdate(
+            { _id: userId },
+            { $push: { pending: newPendingId } }
+        );
+
+        //* add userId to request status in friendUser
+        await User.findOneAndUpdate(
+            { _id: newPendingId },
+            { $push: { requests: userId } }
+        );
+
+        return res.status(200).json({ message: "Pending added" });
+    },
+
+    async removePending(req, res) {
+        const userId = req.userId;
+        const removePendingId = req.body.friendId;
+
+        //* remove friendId from pending status
+        await User.findOneAndUpdate(
+            { _id: userId },
+            { $pull: { pending: removePendingId } }
+        );
+
+        //* remove userId from request status in friendUser
+        await User.findOneAndUpdate(
+            { _id: removePendingId },
+            { $pull: { requests: userId } }
+        );
+
+        return res.status(200).json({ message: "Pending removed" });
+    },
+
+    async addFriend(req, res) {
+        const userId = req.userId;
+        const newFriendId = req.body.friendId;
+
+        //* add newFriend to user's friends
+        await User.findOneAndUpdate(
+            { _id: userId },
+            {
+                $push: { friendList: newFriendId },
+                $pull: { requests: newFriendId },
+            }
+        );
+
+        //* add user to newFriend's friends
+        await User.findOneAndUpdate(
+            { _id: newFriendId },
+            {
+                $push: { friendList: userId },
+                $pull: { pending: userId },
+            }
+        );
+
+        return res.status(200).json({ message: "Friend added" });
+    },
+
+    async removeFriend(req, res) {
+        const userId = req.userId;
+        const removeFriendId = req.body.friendId;
+
+        //* remove friend from user's friends
+        await User.findOneAndUpdate(
+            { _id: userId },
+            { $pull: { friendList: removeFriendId } }
+        );
+
+        //* remove user from friends's friends
+        await User.findOneAndUpdate(
+            { _id: removeFriendId },
+            { $pull: { friendList: userId } }
+        );
+
+        return res.status(200).json({ message: "Friend removed" });
+    },
 };
 
 module.exports = UserController;

src/middlewares/authenticate.js

@@ -0,0 +1,27 @@
+const jwt = require("jsonwebtoken");
+require("dotenv").config();
+
+const authenticate = (req, res, next) => {
+    const authHeader = req.headers.authorization;
+    if (!authHeader)
+        return res.status(401).json({ message: "No token provided" });
+
+    const parts = authHeader.split(" ");
+
+    if (!(parts.length === 2))
+        return res.status(401).json({ message: "Token error" });
+
+    const [scheme, token] = parts;
+
+    if (!/^Bearer$/i.test(scheme))
+        return res.status(401).json({ message: "Token malformatted" });
+
+    jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
+        if (err) return res.status(401).json({ message: "Invalid token" });
+
+        req.userId = decoded.id;
+        next();
+    });
+};
+
+module.exports = authenticate;

src/middlewares/validateFriend.js

@@ -0,0 +1,24 @@
+const User = require("../models/user");
+
+const validateFriend = async (req, res, next) => {
+    const { friendId } = req.body;
+
+    if (!friendId)
+        return res.status(400).json({ message: "No friendId provided" });
+
+    try {
+        const isValid = await User.findOne({ _id: friendId });
+
+        if (!isValid)
+            return res.status(404).json({ message: "User not found" });
+
+        if (!isValid.verified)
+            return res.status(404).json({ message: "User not found" });
+    } catch (error) {
+        return res.status(404).json({ message: "User not found" });
+    }
+
+    next();
+};
+
+module.exports = validateFriend;

src/models/user.js

@@ -9,6 +9,9 @@ const User = new database.Schema(
         verified: Boolean,
         password: String,
         createdAt: Date,
+        friendList: Array,
+        pending: Array,
+        requests: Array,
     },
     {
         versionKey: false,

src/routes/friends.js

@@ -0,0 +1,28 @@
+const express = require("express");
+const friendRoutes = express.Router();
+const userController = require("../controllers/user");
+const authenticate = require("../middlewares/authenticate");
+const validateFriend = require("../middlewares/validateFriend");
+
+friendRoutes.put("/pending/add", authenticate, validateFriend, (req, res) => {
+    userController.addPending(req, res);
+});
+
+friendRoutes.put(
+    "/pending/remove",
+    authenticate,
+    validateFriend,
+    (req, res) => {
+        userController.removePending(req, res);
+    }
+);
+
+friendRoutes.put("/accept", authenticate, validateFriend, (req, res) => {
+    userController.addFriend(req, res);
+});
+
+friendRoutes.put("/decline", authenticate, validateFriend, (req, res) => {
+    userController.removeFriend(req, res);
+});
+
+module.exports = friendRoutes;

src/services/authenticate.js

@@ -21,7 +21,10 @@ const authenticate = async (username, password, res) => {
             if (!userExists.verified)
                 return res.status(401).json({ message: "User unverified" });
 
-            const token = jwt.sign(userExists.username, process.env.JWT_SECRET);
+            const token = jwt.sign(
+                { id: userExists._id },
+                process.env.JWT_SECRET
+            );
 
             return res.status(202).json({ token });
         }