myContacts-backend

Author: anand-py

.vscode/launch.json

@@ -0,0 +1,7 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": []
+}

package-lock.json

@@ -13,6 +13,7 @@
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "express-async-handler": "^1.2.0",
+    "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.3.0",
     "mongoose": "^8.0.3",
     "punycode": "^2.3.1"

package.json

@@ -1,17 +1,17 @@
 const mongoose = require("mongoose");
 
-
-const connectDb = async ()=>{
-    try{    
-        const connect = await mongoose.connect(process.env.CONNECTION_STRING);
-        console.log("Database Connected", 
-        connect.connection.host, 
-        connect.connection.name
-        );
-    }catch(err){
-        console.log(err)
-        process.exit(1)
-    }
+const connectDb = async () => {
+  try {
+    const connect = await mongoose.connect(process.env.CONNECTION_STRING);
+    console.log(
+      "Database connected: ",
+      connect.connection.host,
+      connect.connection.name
+    );
+  } catch (err) {
+    console.log(err);
+    process.exit(1);
+  }
 };
 
 module.exports = connectDb;

src/config/dbConnection.js

@@ -1,74 +1,90 @@
 const asyncHandler = require("express-async-handler");
 const Contact = require("../models/contactModel");
-
 //@desc Get all contacts
-//@route GET/api/contacts
-//@access public
-
-const getContacts = asyncHandler(async (req,res)=>{
-    const contacts = await Contact.find();
-    return res.status(200).json(contacts)
-});
-//@desc create contacts
-//@route POST/api/contacts
-//@access public
-const createContact = asyncHandler(async (req,res)=>{
-    console.log("The req body is :", req.body)
-    const {name, email, phone} = req.body;
-    if(!name || !email || !phone){
-        res.status(400);
-        throw new Error("All Fields are mandatory")
-    }
-    const contact = await Contact.create({
-        name,
-        email,
-        phone
-    })
-    res.status(201).json(contact)
+//@route GET /api/contacts
+//@access private
+const getContacts = asyncHandler(async (req, res) => {
+  const contacts = await Contact.find({ user_id: req.user.id });
+  res.status(200).json(contacts);
 });
 
-//@desc Get  contact by id
-//@route GET/api/contacts:id
-//@access public
+//@desc Create New contact
+//@route POST /api/contacts
+//@access private
+const createContact = asyncHandler(async (req, res) => {
+  console.log("The request body is :", req.body);
+  const { name, email, phone } = req.body;
+  if (!name || !email || !phone) {
+    res.status(400);
+    throw new Error("All fields are mandatory !");
+  }
+  const contact = await Contact.create({
+    name,
+    email,
+    phone,
+    user_id: req.user.id,
+  });
 
-const getContact = asyncHandler(async (req,res)=>{
-    const contact = await Contact.findById(req.params.id);
-    if(!contact){
-        res.status(404);
-        throw new Error("Contact not found")
-    }
-    res.status(200).json(contact)
+  res.status(201).json(contact);
 });
 
-//@desc update contacts
-//@route PUT/api/contacts/:id
-//@access public
-const updateContact = asyncHandler(async (req,res)=>{
-    const contact = await Contact.findById(req.params.id);
-    if(!contact){
-        res.status(404);
-        throw new Error("Contact not found")
-    }
-
-    const updatedContact = await Contact.findByIdAndUpdate(req.params.id, req.body,{new : true})
-    res.status(200).json(updatedContact)
+//@desc Get contact
+//@route GET /api/contacts/:id
+//@access private
+const getContact = asyncHandler(async (req, res) => {
+  const contact = await Contact.findById(req.params.id);
+  if (!contact) {
+    res.status(404);
+    throw new Error("Contact not found");
+  }
+  res.status(200).json(contact);
 });
 
-//@desc delete contact
-//@route delete/api/contacts/:id
-//@access public
-const deleteContact =  asyncHandler(async (req,res)=>{
-    const contact = await Contact.findById(req.params.id);
-    if(!contact){
-        res.status(404);
-        throw new Error("Contact not found")
-    }
-    const deletedContect = await Contact.findOneAndDelete();
-    res.status(200).json(contact); 
-});
+//@desc Update contact
+//@route PUT /api/contacts/:id
+//@access private
+const updateContact = asyncHandler(async (req, res) => {
+  const contact = await Contact.findById(req.params.id);
+  if (!contact) {
+    res.status(404);
+    throw new Error("Contact not found");
+  }
 
+  if (contact.user_id.toString() !== req.user.id) {
+    res.status(403);
+    throw new Error("User don't have permission to update other user contacts");
+  }
 
+  const updatedContact = await Contact.findByIdAndUpdate(
+    req.params.id,
+    req.body,
+    { new: true }
+  );
 
-module.exports = {getContacts,createContact, getContact, deleteContact,updateContact}
+  res.status(200).json(updatedContact);
+});
 
+//@desc Delete contact
+//@route DELETE /api/contacts/:id
+//@access private
+const deleteContact = asyncHandler(async (req, res) => {
+  const contact = await Contact.findById(req.params.id);
+  if (!contact) {
+    res.status(404);
+    throw new Error("Contact not found");
+  }
+  if (contact.user_id.toString() !== req.user.id) {
+    res.status(403);
+    throw new Error("User don't have permission to update other user contacts");
+  }
+  await Contact.deleteOne({ _id: req.params.id });
+  res.status(200).json(contact);
+});
 
+module.exports = {
+  getContacts,
+  createContact,
+  getContact,
+  updateContact,
+  deleteContact,
+};