Systems-Development-and-Frameworks · ilonae · Nov 27, 2020 · Nov 27, 2020 · Dec 2, 2020 · Dec 2, 2020
diff --git a/backend/.env b/backend/.env
@@ -0,0 +1 @@
+JWT_SECRET=thecountryroads
diff --git a/backend/package.json b/backend/package.json
@@ -12,9 +12,14 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "apollo-datasource-rest": "^0.9.5",
+    "apollo-datasource": "^0.7.2",
     "apollo-server": "^2.19.0",
+    "bcrypt": "^5.0.0",
+    "dotenv": "^8.2.0",
     "graphql": "^15.4.0",
+    "graphql-middleware": "^4.0.2",
+    "graphql-shield": "^7.4.2",
+    "jsonwebtoken": "^8.5.1",
     "nodemon": "^2.0.6"
   },
   "devDependencies": {

diff --git a/backend/src/DataSource/posts-data-source.js b/backend/src/DataSource/posts-data-source.js
@@ -1,29 +1,29 @@
-const { RESTDataSource } = require('apollo-datasource-rest');
+const {DataSource} = require('apollo-datasource');
 const {UserInputError} = require('apollo-server');
 const crypto = require('crypto');
 
 class Post {
   constructor (data) {
-    this.id = crypto.randomBytes(16).toString('hex')
-    this.voters = []
-    this.votes = 0
-    Object.assign(this, data)
+    this.id = crypto.randomBytes(16).toString('hex');
+    this.voters = [];
+    this.votes = 0;
+    Object.assign(this, data);
   }
 }
 
-class PostsDataSource extends RESTDataSource {
+class PostsDataSource extends DataSource {
 
   constructor() {
     super();
-    this.posts = []
+    this.posts = [];
   }
 
   async allPosts () {
-    return this.posts
+    return this.posts;
   }
 
   initialize({context}) {
-    //console.log('PostsDataSource: ', context)
+    this.context = context;
   }
 
   async createPost (data) {
@@ -32,28 +32,11 @@ class PostsDataSource extends RESTDataSource {
     return newPost
   }
 
-  async upvotePost(id, currUser) {
+  async votePost(id, currUser, value) {
     const post = this.posts.find(e => e.id == id);
     if (post) {
       if(!post.voters.find(voters => voters.name == currUser.name)){
-        post.votes++
-        post.voters.push(currUser)
-        return post
-      }
-      else{
-        throw new UserInputError("This user voted on this post already", {invalidArgs: [currUser]});
-      }
-    }
-    else{
-      throw new UserInputError("No post with this ID", {invalidArgs: [id]});
-    }
-  }
-
-  async downvotePost(id, currUser) {
-    const post = this.posts.find(e => e.id == id);
-    if (post) {  
-      if(!post.voters.find(voters => voters.name == currUser.name)){
-        post.votes--
+        post.votes+=value
         post.voters.push(currUser)
         return post
       }
@@ -67,13 +50,27 @@ class PostsDataSource extends RESTDataSource {
   }
 
   async deletePost (id) {
+
     const post = this.posts.find(e => e.id == id);
+
     if (post) {
-      const deleteIndex = this.posts.indexOf(post);
-      this.posts.splice(deleteIndex,1);
-     return post;
+      const currUser = await this.context.dataSources.usersDataSrc.getUser(this.context.decodedJwt.id);
+
+      if(currUser) {
+
+        if( currUser.id == post.author.id) {
+
+          const deleteIndex = this.posts.indexOf(post);
+          this.posts.splice(deleteIndex,1);
+
+          return post;
+
+        }else {
+          throw new Error("Only authors of a post are allowed to delete their own posts.");
+        }
+      }
     }
-    else{
+    else {
       throw new UserInputError("No post with this ID", {invalidArgs: [id]});
     }
 

diff --git a/backend/src/DataSource/users-data-source.js b/backend/src/DataSource/users-data-source.js
@@ -1,24 +1,49 @@
-const { RESTDataSource } = require('apollo-datasource-rest');
+const {DataSource} = require('apollo-datasource');
+const {createAccessToken} = require('../token')
+const crypto = require('crypto');
+const bcrypt = require('bcrypt');
 
 class User{
-  constructor(name){
-    this.name = name
+  constructor(data){
+    this.id = crypto.randomBytes(16).toString('hex')
+    data.password = bcrypt.hashSync(data.password, 10);
+    Object.assign(this, data);
   }
 }
 
-class UsersDataSource extends RESTDataSource {
+class UsersDataSource extends DataSource {
 
   constructor() {
     super();
     this.users = []
   }
 
-  initialize({context}) {
-    //console.log('UsersDataSource: ', context)
+  async getUser(id) {
+    return this.users.find(user => user.id === id);
   }
 
-  async getUser(name) {
-    return this.users.find(user => user.name === name);
+  getUserByEmail(email) {
+    return this.users.find(user => user.email === email);
+  }
+
+  async signup(name, email, password) {
+    //trim
+    email = email.trim();
+    password = password.trim();
+
+    /*
+      Validate:
+      - Make sure the email address is not taken by another user.
+      - Accept only passwords with a length of at least 8 characters.
+    */
+    if(this.getUserByEmail(email) || password.length < 8){
+      return null;
+    }
+
+    const newUser = new User({name, email, password});
+    this.users.push(newUser);
+
+    return createAccessToken(newUser.id);
   }
 
   async allUsers() {

diff --git a/backend/src/Permissions/user-rules.js b/backend/src/Permissions/user-rules.js
@@ -0,0 +1,9 @@
+const {rule} = require('graphql-shield');
+
+const isAuthenticated = rule({ cache: 'contextual' })(
+    async (parent, args, context, info) => {
+        return !!(await context.dataSources.usersDataSrc.getUser(context.decodedJwt.id));
+    },
+)
+
+module.exports = {isAuthenticated}
diff --git a/backend/src/context.js b/backend/src/context.js
@@ -0,0 +1,24 @@
+require('dotenv').config();
+const jwt = require('jsonwebtoken');
+
+const context = ({req}) => {
+
+    let token = req.headers.authorization || '';
+    token = token.replace('Bearer ', '');
+
+    try {
+        const decodedJwt = jwt.verify(
+          token,
+          process.env.JWT_SECRET
+        );
+
+        console.log(decodedJwt)
+
+        return {decodedJwt};
+
+    } catch(e) {
+        return {}
+    }
+}
+
+module.exports = {context};
diff --git a/backend/src/resolver.js b/backend/src/resolver.js
@@ -1,32 +1,33 @@
 const resolvers = {
     Query: {
       posts: async (parent, args, context) => {
-        return await context.dataSources.postsDataSrc.allPosts()
+        return await context.dataSources.postsDataSrc.allPosts();
       },
       users: async (parent, args, context) => {
-        return await context.dataSources.usersDataSrc.allUsers()
+        return await context.dataSources.usersDataSrc.allUsers();
       }
     },
     User: {
       posts: async (parent, args, context) => {
         let posts = await context.dataSources.postsDataSrc.allPosts();
-        return posts.filter(e => e.author.name == parent.name)
+        return posts.filter(e => e.author.name == parent.name);
       }
     },
     Mutation: {
       write: async (parent, args, context) => {
-        console.log('Mutation.write.postInput', args.post)
-        return await context.dataSources.postsDataSrc.createPost(args.post)
+        return await context.dataSources.postsDataSrc.createPost(args.post);
       },
       upvote: async (parent, args, context) => {
-        console.log('Mutation.upvote.args', args)
-        return await context.dataSources.postsDataSrc.upvotePost(args.id, args.voter)
+        return await context.dataSources.postsDataSrc.votePost(args.id, args.voter, 1);
       },
       downvote: async (parent, args, context) => {
-        return await context.dataSources.postsDataSrc.downvotePost(args.id, args.voter)
+        return await context.dataSources.postsDataSrc.votePost(args.id, args.voter, -1);
       },
       delete: async (parent, args, context) => {
-        return await context.dataSources.postsDataSrc.deletePost(args.id)
+        return await context.dataSources.postsDataSrc.deletePost(args.id);
+      },
+      signup: async (parent, args, context) => {
+        return await context.dataSources.usersDataSrc.signup(args.name, args.email, args.password);
       }
     }
 };

diff --git a/backend/src/schema.js b/backend/src/schema.js
@@ -1,39 +1,47 @@
-const {gql } = require('apollo-server');
+const {gql} = require('apollo-server');
 
 const typeDefs = gql`
-type Post {
-  id: ID!
-  title: String!
-  votes: Int!
-  author: User!
-  voters:[User]
-}
-
-type User {
-  name: ID!
-  posts: [Post]
-}
-
-type Query {
-  posts: [Post]
-  users: [User]
-}
-
-type Mutation {
-  write(post: PostInput!): Post
-  delete(id: ID!): Post
-  upvote(id: ID!, voter: UserInput!): Post
-  downvote(id: ID!, voter: UserInput!): Post
-}
-
-input PostInput {
-  title: String!
-  author: UserInput!
-}
-
-input UserInput {
-  name: String!
-}
+  type Post {
+    id: ID!
+    title: String!
+    votes: Int!
+    author: User!
+  }
+
+  type User {
+    # ⚠️ attributes 'id' and 'name' have changed!
+    # 'id' now represents a randomly generated string, similar to 'Post.id'
+    id: ID!
+    name: String!
+    email: String!
+    posts: [Post]
+  }
+
+  type Query {
+    posts: [Post]
+    users: [User]
+  }
+
+  type Mutation {
+    write(post: PostInput!): Post
+    upvote(id: ID!): Post
+    downvote(id: ID!): Post
+    delete(id: ID!): Post
+
+    """
+    returns a signed JWT or null
+    """
+    login(email: String!, password: String!): String
+
+    """
+    returns a signed JWT or null
+    """
+    signup(name: String!, email: String!, password: String!): String
+  }
+
+  input PostInput {
+    title: String!
+  }
 `;
 
 module.exports = typeDefs