Merge branch 'develop' into website-backend-349

Author: bhk31

controllers/stocks.js

@@ -29,16 +29,36 @@ const fetchStocks = async (req, res) => {
   try {
     const allStock = await stocks.fetchStocks()
     return res.json({
-      message: 'Stocks returned successfully!',
+      message: allStock.length > 0 ? 'Stocks returned successfully!' : 'No stocks found',
       stock: allStock.length > 0 ? allStock : []
     })
   } catch (err) {
     logger.error(`Error while fetching stocks ${err}`)
     return res.boom.badImplementation('An internal server error occurred')
   }
 }
+/**
+ * Fetches all the stocks of the user
+ *
+ * @param req {Object} - Express request object
+ * @param res {Object} - Express response object
+ */
+const getSelfStocks = async (req, res) => {
+  try {
+    const { id: userId } = req.userData
+    const userStocks = await stocks.fetchUserStocks(userId)
+    return res.json({
+      message: userStocks.length > 0 ? 'User stocks returned successfully!' : 'No stocks found',
+      userStocks
+    })
+  } catch (err) {
+    logger.error(`Error while getting user stocks ${err}`)
+    return res.boom.badImplementation('An internal server error occurred')
+  }
+}
 
 module.exports = {
   addNewStock,
-  fetchStocks
+  fetchStocks,
+  getSelfStocks
 }

controllers/trading.js

@@ -1,4 +1,4 @@
-const tradeModel = require('../models/trading')
+const tradeService = require('../services/tradingService')
 /**
  * New Trading Request
  *
@@ -13,15 +13,15 @@ const trade = async (req, res) => {
       username,
       userId
     }
-    const { canUserTrade, errorMessage, userBalance } = await tradeModel.trade(tradeStockData)
+    const { canUserTrade, errorMessage, userBalance } = await tradeService.trade(tradeStockData)
 
     if (!canUserTrade) {
       return res.boom.forbidden(errorMessage)
     }
 
     return res.json({ userBalance })
   } catch (err) {
-    logger.error(`Error while updating task: ${err}`)
+    logger.error(`Error during trading: ${err}`)
     return res.boom.badImplementation('An internal server error occurred')
   }
 }

controllers/users.js

@@ -1,6 +1,5 @@
 
 const userQuery = require('../models/users')
-const accountOwners = require('../mockdata/appOwners')
 const imageService = require('../services/imageService')
 /**
  * Fetches the data about our users
@@ -23,22 +22,6 @@ const getUsers = async (req, res) => {
   }
 }
 
-/**
- * Fetches the data about our account Owners
- *
- * @param req {Object} - Express request object
- * @param res {Object} - Express response object
- */
-
-const getAccountOwners = async (req, res) => {
-  try {
-    return accountOwners
-  } catch (error) {
-    logger.error(`Error while fetching application owners: ${error}`)
-    return res.boom.badImplementation('Something went wrong please contact admin')
-  }
-}
-
 /**
  * Fetches the data about user with given id
  *
@@ -166,6 +149,5 @@ module.exports = {
   getSelfDetails,
   getUser,
   getUsernameAvailabilty,
-  getAccountOwners,
   postUserPicture
 }

docs/swaggerDefinition.js

@@ -524,6 +524,29 @@ const swaggerOptions = {
             }
           }
         },
+        userStocks: {
+          type: 'object',
+          properties: {
+            userId: {
+              type: 'string'
+            },
+            stockId: {
+              type: 'string'
+            },
+            stockName: {
+              type: 'string'
+            },
+            quantity: {
+              type: 'number'
+            },
+            orderValue: {
+              type: 'number'
+            },
+            initialStockValue: {
+              type: 'number'
+            }
+          }
+        },
         auctions: {
           type: 'object',
           properties: {

firebase.json

@@ -1,7 +1,7 @@
 {
   "emulators": {
     "firestore": {
-      "port": 8080
+      "port": 8081
     },
     "ui": {
       "enabled": true,

middlewares/authorization.js

@@ -1,13 +1,54 @@
-const { isSuperUser } = require('../models/members')
-module.exports = (req, res, next) => {
-  try {
-    const { username } = req.userData
-    if (!isSuperUser(username)) {
-      return res.boom.forbidden('You are not allowed to perform this action.')
+/**
+ * Describe the priority order of roles. Any route requiring `x` role is allowed
+ * for user having authority of role `x` or a higher authority.
+ * For e.g
+ * - Route requiring `superUser` role is only allowed for `super_user`.
+ * - Route requiring `appOwner` role is allowed for `superUser` and `app_owner`.
+ */
+const REQUIRED_ROLES_PRIORITY = {
+  superUser: ['super_user'],
+  appOwner: ['app_owner', 'super_user'],
+  default: ['default', 'super_user', 'app_owner']
+}
+
+/**
+ * Check if the user has enough authorization based on their role.
+ * User would have following roles schema -
+ * userRoles = {app_owner: true, super_user: true}
+ * @param {String} requiredRole - Required role level to authorize request.
+ * @param {Object} userRoles - Roles information of the current user.
+ * @returns {Boolean} - Whether the current user is authorized for required role level.
+ */
+const userHasPermission = (requiredRole, userRoles) => {
+  const allowedRoles = REQUIRED_ROLES_PRIORITY[`${requiredRole}`] || ['default']
+  return allowedRoles.some((role) => {
+    return Boolean(userRoles[`${role}`])
+  })
+}
+
+/**
+ * Create an authorization middleware for a route based on the required role needed
+ * for that route. Currently following roles are supported:
+ * - `authorizeUser('superUser')`
+ * - `authorizeUser('appOwner')`
+ * Note: This must be added on routes after the `authenticate` middleware.
+ * @param {String} requiredRole - The least role authority required for a route.
+ * @returns {Function} - A middleware function that authorizes given role.
+ */
+const authorizeUser = (requiredRole) => {
+  return (req, res, next) => {
+    const { roles = {} } = req.userData
+    // All users should have `default` role
+    roles.default = true
+
+    if (!userHasPermission(requiredRole, roles)) {
+      return res.boom.unauthorized('You are not authorized for this action.')
     }
     return next()
-  } catch (err) {
-    logger.error(err)
-    return res.boom.forbidden('You are not allowed to perform this action.')
   }
 }
+
+module.exports = {
+  authorizeUser,
+  userHasPermission
+}

models/members.js

@@ -37,16 +37,6 @@ const fetchMembers = async () => {
   }
 }
 
-/**
- * Checks whether the user is a superuser
- * @return {Boolean}
- */
-
-const isSuperUser = (username) => {
-  return username === 'ankush'
-}
-
 module.exports = {
-  fetchMembers,
-  isSuperUser
+  fetchMembers
 }

models/stocks.js

@@ -1,5 +1,7 @@
 const firestore = require('../utils/firestore')
 const stocksModel = firestore.collection('stocks')
+const userStocksModel = firestore.collection('user-stocks')
+
 /**
  * Adds Stocks
  *
@@ -38,7 +40,65 @@ const fetchStocks = async () => {
   }
 }
 
+/**
+ * Fetches the user stocks
+ * @return {Promise<userStocks|object>}
+ */
+const fetchUserStocks = async (userId, stockId = null) => {
+  try {
+    let userStocksRef = ''
+    const query = userStocksModel.where('userId', '==', userId)
+    if (stockId) {
+      userStocksRef = await query.where('stockId', '==', stockId).get()
+      const [userStocks] = userStocksRef.docs
+      if (userStocks) {
+        return { id: userStocks.id, ...userStocks.data() }
+      }
+      return {}
+    }
+
+    userStocksRef = await query.get()
+    const userStocks = []
+    userStocksRef.forEach((stock) => {
+      userStocks.push({
+        id: stock.id,
+        ...stock.data()
+      })
+    })
+    return userStocks
+  } catch (err) {
+    logger.error('Error retrieving user stocks', err)
+    throw err
+  }
+}
+
+/**
+ * Update Users Stocks
+ * @return {Promise<userStocks|object>}
+ */
+const updateUserStocks = async (userId, stockData) => {
+  try {
+    const userStocks = await fetchUserStocks(userId, stockData.stockId)
+    if (!userStocks.id) {
+      await userStocksModel.add({
+        userId,
+        ...stockData
+      })
+      return true
+    }
+
+    const userStocksRef = userStocksModel.doc(userStocks.id)
+    const res = await userStocksRef.update(stockData)
+    return !!res
+  } catch (err) {
+    logger.error('Error updating users stocks', err)
+    throw err
+  }
+}
+
 module.exports = {
   addStock,
-  fetchStocks
+  fetchStocks,
+  fetchUserStocks,
+  updateUserStocks
 }

public/apiSchema.json

@@ -1,8 +1,8 @@
 const express = require('express')
 const router = express.Router()
 const authenticate = require('../middlewares/authenticate')
-const authorization = require('../middlewares/authorization')
-const { addNewStock, fetchStocks } = require('../controllers/stocks')
+const { authorizeUser } = require('../middlewares/authorization')
+const { addNewStock, fetchStocks, getSelfStocks } = require('../controllers/stocks')
 const { createStock } = require('../middlewares/validators/stocks')
 
 /**
@@ -62,6 +62,36 @@ router.get('/', fetchStocks)
  *           schema:
  *             $ref: '#/components/schemas/errors/badImplementation'
  */
-router.post('/', authenticate, authorization, createStock, addNewStock)
+router.post('/', authenticate, authorizeUser('superUser'), createStock, addNewStock)
+
+/**
+ * @swagger
+ * /stocks/user/self:
+ *  get:
+ *   summary: Used to get all the stocks of the user
+ *   tags:
+ *     - User Stocks
+ *   responses:
+ *     200:
+ *       description: returns stocks of the user
+ *       content:
+ *         application/json:
+ *           schema:
+ *             $ref: '#/components/schemas/userStocks'
+ *     401:
+ *       description: unAuthorized
+ *       content:
+ *         application/json:
+ *           schema:
+ *             $ref: '#/components/schemas/errors/unAuthorized'
+ *     500:
+ *       description: badImplementation
+ *       content:
+ *         application/json:
+ *           schema:
+ *             $ref: '#/components/schemas/errors/badImplementation'
+ */
+
+router.get('/user/self', authenticate, getSelfStocks)
 
 module.exports = router