feat: add swagger and fix the bugs after testing

Author: Varun-Kolanu

Readme.md

@@ -0,0 +1,31 @@
+# Codefest'25 - IIT (BHU)
+
+This is the backend for Codefest'25, fest conducted by CSE department of IIT (BHU) Varanasi.
+
+## Setup
+
+- Fork the repository into your account
+- Clone the forked repository
+- Install the dependencies using the following command:
+
+  ```bash
+  npm i
+  ```
+
+- Create a .env in the root folder using the .env.example given
+- Run the development server using:
+  ```bash
+  npm run dev
+  ```
+- Open `http://localhost:{PORT}/api-docs` to see the API documentation
+
+## Contribution
+
+- Create a branch for the task you're assigned with
+- Make changes in that branch
+- Commit your changes and push to the your forked repo.
+- Open a pull request to the upstream (this main repo) and wait for a maintainer to merge your PR.
+
+- Every now and then, do `git fetch --all` and `git rebase upstream/main` to keep your fork synced with the upstream.
+
+- If you can't see upstream in `git remote -v`, do `git remote add upstream "https://github.com/codefest-iit-bhu/codefest_backend_25"` to add the upstream

app.js

@@ -13,6 +13,8 @@ import memberRouter from "./routes/members.js";
 import caRouter from "./routes/ca.js";
 import eventRouter from "./routes/events.js";
 import userRouter from "./routes/user.js";
+import swaggerUi from "swagger-ui-express";
+import { loadSwaggerWithDynamicUrl } from "./utils/features.js";
 
 export const app = express();
 
@@ -22,19 +24,23 @@ app.use(express.json());
 app.use(cookieParser());
 app.use(
   cors({
-    origin: [process.env.LOCAL_FRONTEND_URL, process.env.FRONTEND_URL],
+    origin: ["*"],
     methods: ["GET", "POST", "PUT", "PATCH", "DELETE"],
     credentials: true,
   })
 );
 
+const swaggerDocument = loadSwaggerWithDynamicUrl("./docs/swagger.yaml")
+
+app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
+
 app.use(passport.initialize());
 passport.use(
   new GoogleStrategy(
     {
       clientID: process.env.GOOGLE_CLIENT_ID,
       clientSecret: process.env.GOOGLE_CLIENT_SECRET,
-      callbackURL: `${backendUrl}/Oauth2/google/callback`,
+      callbackURL: `${backendUrl}/api/v1/Oauth2/google/callback`,
       scope: ["profile", "email"],
     },
     async function (accessToken, refreshToken, profile, cb) {
@@ -44,12 +50,12 @@ passport.use(
 );
 
 app.get(
-  "/Oauth2/google",
+  "/api/v1/Oauth2/google",
   passport.authenticate("google", { scope: ["profile", "email"] })
 );
 
 app.get(
-  "/Oauth2/google/callback",
+  "/api/v1/Oauth2/google/callback",
   passport.authenticate("google", {
     failureRedirect: `${frontendUrl}/`,
     session: false,

controllers/auth.js

@@ -31,7 +31,7 @@ export const signup = async (req, res, next) => {
 
     let user = await User.findOne({ email });
     if (user) {
-      return next(new ErrorHandler("User Already Exist", 404));
+      return next(new ErrorHandler("User Already Exist", 400));
     }
 
     const hashedpswd = await bcrypt.hash(password, 10);
@@ -71,7 +71,18 @@ export const googleCallback = async (user, req, res, next) => {
 
     if (!googleUser.password)
       res.redirect(`${frontendUrl}/setPassword?email=${email}`);
-    else res.redirect(`${frontendUrl}/main?email=${email}`);
+    else {
+      const refreshToken = await generateRefreshToken(googleUser);
+      const token = jwt.sign({ _id: user._id }, process.env.JWT_SECRET, {
+        expiresIn: "30m",
+      });
+      res.cookie("token", token, {
+        httpOnly: true,
+        maxAge: 30 * 60 * 1000, // 30 minutes
+        sameSite: process.env.NODE_ENV === "development" ? "lax" : "none",
+        secure: process.env.NODE_ENV === "development" ? false : true,
+      }).redirect(`${frontendUrl}/main?refreshToken=${refreshToken}`);
+    }
   } catch (error) {
     next(error);
   }
@@ -84,12 +95,12 @@ export const login = async (req, res, next) => {
     const user = await User.findOne({ email }).select("+password");
 
     if (!user) {
-      return next(new ErrorHandler("Invalid Email!", 404));
+      return next(new ErrorHandler("Invalid Email!", 400));
     }
 
     const isMatch = await bcrypt.compare(password, user.password);
     if (!isMatch) {
-      return next(new ErrorHandler("Invalid Password!", 404));
+      return next(new ErrorHandler("Invalid Password!", 400));
     }
 
     const refreshToken = await generateRefreshToken(user);
@@ -107,15 +118,19 @@ export const login = async (req, res, next) => {
 };
 
 export const profile = (req, res) => {
-  res.status(200).json({
-    success: true,
-    user: req.user,
-  });
+  res.status(200).json(req.user);
 };
 
 export const passwordSetter = async (req, res, next) => {
   try {
     const { email, password } = req.body;
+
+    if (!validator.isLength(password, { min: 8 })) {
+      return next(
+        new ErrorHandler("Password must be minimum 8 characters", 400)
+      );
+    }
+
     const user = await User.findOne({ email }).select("+password");
 
     if (!user) {
@@ -140,9 +155,9 @@ export const passwordSetter = async (req, res, next) => {
 
 export const logout = async (req, res, next) => {
   try {
-    const refreshToken = req.headers["X-Refresh-Token"];
+    const refreshToken = req.headers["x-refresh-token"];
     if (!refreshToken)
-      return next(new ErrorHandler("Please provide refresh token", 404));
+      return next(new ErrorHandler("Please provide refresh token", 400));
 
     await Session.deleteOne({ user: req.user._id, refreshToken });
 
@@ -164,18 +179,18 @@ export const logout = async (req, res, next) => {
 
 export const refreshJwt = async (req, res, next) => {
   try {
-    const refreshToken = req.headers["X-Refresh-Token"];
+    const refreshToken = req.headers["x-refresh-token"];
     if (!refreshToken)
       return next(new ErrorHandler("Please provide refresh token", 404));
 
-    const decoded = jwt.decode(refToken, process.env.JWT_SECRET);
+    const decoded = jwt.decode(refreshToken, process.env.JWT_SECRET);
     if (!decoded) return next(new ErrorHandler("Invalid refresh token", 404));
 
     const session = Session.findOne({ user: decoded._id });
     if (!session) return next(new ErrorHandler("No session found", 404));
 
     saveCookie(
-      user,
+      { "_id": session.user },
       res,
       next,
       200,
@@ -192,7 +207,7 @@ export const verifyEmail = async (req, res, next) => {
     const { email, otp } = req.body;
     const verification = await Verification.findOne({ email });
     if (!verification || verification.code != otp)
-      return next(new ErrorHandler("OTP Invalid or Expired", 404));
+      return next(new ErrorHandler("OTP Invalid or Expired", 400));
     const user = await User.create({
       name: verification.name,
       email: verification.email,

controllers/ca.js

@@ -1,11 +1,12 @@
 import ErrorHandler from "../middlewares/error.js";
 import { CARequest } from "../models/ca_request.js";
+import { User } from "../models/user.js";
 
 export const register = async (req, res, next) => {
   try {
     const request = await CARequest.findOne({ user: req.user._id });
     if (request)
-      return next(new ErrorHandler("CA Request already exists", 404));
+      return next(new ErrorHandler("CA Request already exists", 400));
     const { institute, userDescription } = req.body;
     await CARequest.create({
       user: req.user._id,
@@ -45,19 +46,38 @@ export const getAllRequests = async (req, res, next) => {
 
 export const updateRequest = async (req, res, next) => {
   try {
+    const { status, institute, userDescription, adminMessage } = req.body
     let request = await CARequest.findOne({ _id: req.params.id });
     if (!request) return next(new ErrorHandler("CA request not found", 404));
-    if (req.body.status) request.status = req.body.status;
+    if (req.user.role !== "admin" && status != "pending") {
+      return next(
+        new ErrorHandler(
+          "You are not allowed to approve or reject this request",
+          403
+        )
+      );
+    }
+    if (status) {
+      request.status = status;
+      if (req.user.role === "admin" && status === "approved") {
+        await User.findByIdAndUpdate(request.user, { role: "ca" });
+      }
+
+      if (req.user.role === "admin" && status !== "approved" && request.status === "approved") {
+        await User.findByIdAndUpdate(request.user, { role: "user" });
+      }
+    }
+
     if (req.user.role !== "admin") {
-      if (req.body.institute) request.institute = req.body.institute;
-      if (req.body.userDescription)
-        request.userDescription = req.body.userDescription;
+      if (institute) request.institute = institute;
+      if (userDescription)
+        request.userDescription = userDescription;
     } else {
-      if (req.body.adminMessage) request.adminMessage = req.body.adminMessage;
+      if (adminMessage) request.adminMessage = adminMessage;
     }
     const updatedRequest = await request.save();
     if (!updatedRequest)
-      return next(new ErrorHandler("CA request couldn't be updated", 404));
+      return next(new ErrorHandler("CA request couldn't be updated", 500));
     res.status(200).json(updatedRequest);
   } catch (error) {
     next(error);

controllers/events.js

@@ -1,18 +1,22 @@
 import { Events } from "../models/events.js";
 import ErrorHandler from "../middlewares/error.js";
+import { convertToDate } from "../utils/features.js";
 
 export const addEvent = async (req, res, next) => {
   try {
     if (req.user.role !== "admin") {
       return next(new ErrorHandler("Only admin can access", 403));
     }
 
-    const { eventId, maxMembers, eventDeadline } = req.body;
+    // eventDeadline in the format DD-MM-YYYY
+    let { eventId, maxMembers, eventDeadline } = req.body;
 
     if (await Events.findOne({ eventId })) {
       return next(new ErrorHandler("Event already exists", 400));
     }
 
+    eventDeadline = convertToDate(eventDeadline);
+
     const event = await Events.create({
       eventId,
       maxMembers,

controllers/members.js

@@ -7,6 +7,7 @@ export const joinTeam = async (req, res, next) => {
   try {
     const { teamCode } = req.body;
     const team = await Team.findOne({ teamCode });
+    if (!team) return next(new ErrorHandler("Team not found", 404))
     const members = await Members.find({ team: team._id });
 
     if (!team) {
@@ -51,7 +52,7 @@ export const joinTeam = async (req, res, next) => {
 
 export const getMembers = async (req, res, next) => {
   try {
-    const { teamId } = req.body;
+    const { teamId } = req.params;
 
     const members = await Members.find({ team: teamId }).populate("user");
     if (members.length === 0) {

controllers/team.js

@@ -86,7 +86,7 @@ export const changeLeader = async (req, res, next) => {
       team: team._id,
     });
     if (!member) {
-      return next(new ErrorHandler("Member Not Found", 404));
+      return next(new ErrorHandler("Member Not Found in the team", 404));
     }
 
     team.teamLeader = newLeader;
@@ -102,10 +102,56 @@ export const changeLeader = async (req, res, next) => {
 
 export const getTeams = async (req, res, next) => {
   try {
-    const teams = await Members.find({ user: req.user._id }).populate(
-      "team",
-      "user"
-    );
+    const teams = await Team.aggregate([
+      {
+        $lookup: {
+          from: "members",
+          localField: "_id",
+          foreignField: "team",
+          as: "members",
+        },
+      },
+      {
+        $match: {
+          "members.user": req.user._id,
+        },
+      },
+      {
+        $lookup: {
+          from: "users",
+          localField: "members.user",
+          foreignField: "_id",
+          as: "userDetails",
+        },
+      },
+      {
+        $addFields: {
+          members: {
+            $map: {
+              input: "$members",
+              as: "member",
+              in: {
+                $mergeObjects: [
+                  "$$member",
+                  {
+                    user: {
+                      $arrayElemAt: [
+                        "$userDetails",
+                        { $indexOfArray: ["$userDetails._id", "$$member.user"] },
+                      ],
+                    },
+                  },
+                ],
+              },
+            },
+          },
+        },
+      },
+      {
+        $unset: "userDetails",
+      },
+    ]);
+
     res.status(200).json(teams);
   } catch (error) {
     next(error);
@@ -115,7 +161,8 @@ export const getTeams = async (req, res, next) => {
 export const nameAvailable = async (req, res, next) => {
   try {
     const { name } = req.body;
-    if (await Team.findOne({ name: name }))
+    const team = await Team.findOne({ teamName: name })
+    if (team)
       return res.status(200).json({ status: "failure" });
     else return res.status(200).json({ status: "success" });
   } catch (error) {