diff --git a/README.md b/README.md
index 6476e67..8dd71a2 100644
--- a/README.md
+++ b/README.md
@@ -73,6 +73,10 @@
- ##### **password**: _String_ (required)
- ##### **firstname**: _String_ (required)
- ##### **lastname**: _String_ (required)
+ - ##### **billing**
+ - ##### **NIP**: _String_
+ - ##### **adress**: _String_
+ - ##### **companyName**: _String_
- ##### **restaurants**: [*mongoose.Types.ObjectId*]
- ##### **trialUsed**: _Boolean_
@@ -111,6 +115,14 @@
+- ### **/restaurant/delete**
+
+ - #### **POST**
+
+ Takes a **restaurantId** parameter and a **JWT token(header)**, and tries to remove the restaurant from the database and from user. If successfull returns **200**, if failed returns error with a code.
+
+
+
* ### **/img**
- #### **POST**
@@ -135,6 +147,22 @@
+* ### **/user/forgotpassword**
+
+ - #### **POST**
+
+ Takes **email** parameter and if it exists, generates and sends an pass reset link via the email to the owner of the account.
+
+
+
+* ### **/user/resetpass**
+
+ - #### **POST**
+
+ Takes **token, email, newPass** parameters and if everything checks out, changes user password to the supplied **newPass**.
+
+
+
- ### **/search**
- #### **GET**
diff --git a/models/users.js b/models/users.js
index f15d06b..2ea9179 100644
--- a/models/users.js
+++ b/models/users.js
@@ -18,6 +18,20 @@ const userSchema = mongoose.Schema({
type: String,
required: true,
},
+ billing: {
+ NIP: {
+ type: String,
+ required: true,
+ },
+ adress: {
+ type: String,
+ required: true,
+ },
+ companyName: {
+ type: String,
+ required: true,
+ },
+ },
restaurants: [mongoose.Types.ObjectId],
trialUsed: Boolean,
});
diff --git a/routes/routeRestaurant.js b/routes/routeRestaurant.js
index 58eea56..9c33d86 100644
--- a/routes/routeRestaurant.js
+++ b/routes/routeRestaurant.js
@@ -4,12 +4,14 @@ import {
addRestaurantToUser,
fetchRestaurant,
fetchAllDishesForRestaurant,
+ removeRestaurant,
} from "../services/databaseServices.js";
import {
decodeAndSanitize,
validateRestaurant,
handleError,
validateUserToken,
+ verifyRestaurantAccess,
} from "../services/services.js";
import Restaurant from "../models/restaurant.js";
@@ -63,8 +65,8 @@ router.post("/delete", async (req, res) => {
const token = req.headers["x-auth-token"];
const user = validateUserToken(token);
await validateRestaurant(req.body.restaurantId);
- //check access
- //delete restaurant
+ await verifyRestaurantAccess(req.body.restaurantId, user);
+ await removeRestaurant(req.body.restaurantId, user.id);
res.send("Restauracja została pomyślnie usunięta.");
} catch (error) {
handleError(error, res);
diff --git a/services/dataPrepServices.js b/services/dataPrepServices.js
index 751721a..b7e658a 100644
--- a/services/dataPrepServices.js
+++ b/services/dataPrepServices.js
@@ -31,6 +31,21 @@ export function composeNewContact(request) {
name: "UserID",
value: request._id,
},
+ {
+ type: "CUSTOM",
+ name: "NIP",
+ value: request.NIP,
+ },
+ {
+ type: "CUSTOM",
+ name: "CompanyName",
+ value: request.companyName,
+ },
+ {
+ type: "CUSTOM",
+ name: "CompanyAdress",
+ value: request.adress,
+ },
],
};
return contact;
@@ -44,6 +59,11 @@ export async function createUser(request) {
password: password,
firstname: request.body.firstname,
lastname: request.body.lastname,
+ billing: {
+ NIP: request.body.NIP,
+ adress: request.body.adress,
+ companyName: request.body.companyName,
+ },
});
return user;
}
diff --git a/services/databaseServices.js b/services/databaseServices.js
index 5ce5c9d..abc7c33 100644
--- a/services/databaseServices.js
+++ b/services/databaseServices.js
@@ -5,18 +5,34 @@ import { newError } from "./services.js";
export async function changeUserPass(userId, newPass) {
User.findByIdAndUpdate(userId, { $set: { password: newPass } }).catch((e) => {
- throw newError("Cannot change password", 500);
+ throw newError("Zmiana hasła nie powiodła się.", 500);
});
}
export async function removeDish(dishId) {
const deletedDoc = await Dish.findByIdAndDelete(dishId).catch((e) => {
- throw newError("Unable to delete Dish", 500);
+ throw newError("Usunięcie dania nie powiodło się.", 500);
});
await Restaurant.findByIdAndUpdate(deletedDoc.restaurantId, {
$pull: { dishes: dishId },
}).catch((error) => {
- throw newError("Unable to remove Dish from restaurant", 500);
+ throw newError("Usunięcie dania z restauracji nie powiodło się.", 500);
+ });
+}
+
+export async function removeRestaurant(restaurantId, userId) {
+ const deletedDoc = await Restaurant.findByIdAndDelete(restaurantId).catch(
+ (e) => {
+ throw newError("Usunięcie nie powiodło się.", 500);
+ }
+ );
+ await User.findByIdAndUpdate(userId, {
+ $pull: { restaurants: restaurantId },
+ }).catch((e) => {
+ throw newError(
+ "Usunięcie restauracji z użytkownika nie powiodło się.",
+ 500
+ );
});
}
diff --git a/services/services.js b/services/services.js
index b56ea91..28bdb54 100644
--- a/services/services.js
+++ b/services/services.js
@@ -27,20 +27,21 @@ export function handleError(error, responseObject) {
}
export async function validateRestaurant(id) {
- if (!mongoose.Types.ObjectId.isValid(id)) throw newError("Invalid ID", 204);
+ if (!mongoose.Types.ObjectId.isValid(id))
+ throw newError("Nieprawidłowy ID", 204);
let valid = await Restaurant.exists({ _id: id });
- if (valid !== true) throw newError("Restaurant doesn't exist", 404);
+ if (valid !== true) throw newError("Restauracja nie istnieje w bazie.", 404);
return true;
}
export function decodeAndSanitize(query) {
- if (!query) throw newError("Nothing to sanitize...", 204);
+ if (!query) throw newError("Brak danych.", 204);
return sanitizer.sanitize.keepUnicode(decodeURI(query));
}
export async function checkPassword(password, hash) {
const result = await bcrypt.compare(password, hash);
- if (!result) throw newError("Wrong password :(", 401);
+ if (!result) throw newError("Hasło nieprawidłowe", 401);
}
export function generateAuthToken(user) {
@@ -49,6 +50,7 @@ export function generateAuthToken(user) {
email: user.email,
firstname: user.firstname,
lastname: user.lastname,
+ billing: user.billing,
id: user.id,
restaurants: user.restaurants,
},
@@ -76,39 +78,58 @@ export function generatePasswordResetLink(email) {
}
export async function checkEmailTaken(email) {
- if (!email) throw newError("No input email", 204);
+ if (!email) throw newError("Brak adresu email", 204);
await User.exists({ email: email }).then((res) => {
if (res) {
- throw newError("Email is taken", 409);
+ throw newError("Adres email zajęty", 409);
}
});
}
export function validateUserToken(token) {
- if (!token) throw newError("Invalid user token", 401);
- const verified = jwt.verify(token, jwtSecret, { ignoreExpiration: false });
- if (!verified) throw newError("Invalid user token", 401);
+ if (!token) throw newError("Brak dostępu", 401);
+ const verified = jwt
+ .verify(token, jwtSecret, { ignoreExpiration: false })
+ .catch((e) => {
+ throw newError("Brak dostępu", 401);
+ });
+ if (!verified) throw newError("Brak dostępu", 401);
return verified;
}
export async function validateDishId(id) {
if (!mongoose.Types.ObjectId.isValid(id)) {
- throw newError("Invalid ID", 400);
+ throw newError("Niewłaściwy ID", 400);
}
const dishDoesExist = Dish.exists({ _id: id });
- if (!dishDoesExist) throw newError("Dish doesn't exist", 404);
+ if (!dishDoesExist) throw newError("Te danie nie istnieje w bazie.", 404);
}
export async function verifyDishAccess(dishId, decodedToken) {
- const fetch = await User.findById(decodedToken.id, "restaurants");
+ const fetch = await User.findById(decodedToken.id, "restaurants").catch(
+ (error) => {
+ throw newError("Nie znaleziono użytkownika.", 500);
+ }
+ );
const restaurants = fetch.restaurants;
const restaurantId = await Dish.findById(dishId, "restaurantId").catch(
(error) => {
- throw newError("Couldn't fetch Dish", 404);
+ throw newError("Nie znaleziono dania.", 404);
}
);
const valid = restaurants.includes(restaurantId.restaurantId);
- if (!valid) throw newError("You don't have access to this Dish.", 401);
+ if (!valid) throw newError("Nie masz dostępu do tego dania.", 401);
+}
+
+export async function verifyRestaurantAccess(restaurantId, decodedToken) {
+ const fetch = await User.findById(decodedToken.id, "restaurants").catch(
+ (error) => {
+ throw newError("Nie znaleziono użytkownika.", 500);
+ }
+ );
+ const restaurants = fetch.restaurants;
+ const valid = restaurants.includes(restaurantId);
+ if (!valid) throw newError("Nie masz dostępu do tej restauracji.", 401);
}
export function yearFromNowDate() {
@@ -141,7 +162,7 @@ export async function hashPass(pass) {
const hash = await bcrypt.hash(pass, salt);
return hash;
} catch (error) {
- throw newError("Internal error", 500);
+ throw newError("Błąd", 500);
}
}