implemented first tests and basic functionality

src/db.ts

@@ -0,0 +1,90 @@
+import mongoose from 'mongoose';
+import cfenv from 'cfenv';
+
+// database urls, prod db url is retrieved automatically
+const TESTING_URL = 'mongodb://localhost/dfopdb_test';
+const DEV_URL = 'mongodb://localhost/dfopdb';
+
+export default class db {
+  private static state = {  // db object and current mode (test, dev, prod)
+    db: null,
+    mode: null,
+  };
+
+  static connect (mode = '', done: Function = () => {}) {  // set mode to test for unit/integration tests, otherwise skip parameter. done is also only needed for testing
+    if (this.state.db) return done();  // db is already connected
+
+    // find right connection url
+    let connectionString: string = "";
+    if (mode === 'test') {  // testing
+      connectionString = TESTING_URL;
+      this.state.mode = 'test';
+    }
+    else if(process.env.NODE_ENV === 'production') {
+      let services = cfenv.getAppEnv().getServices();
+      for (let service in services) {
+        if(services[service].tags.indexOf("mongodb") >= 0) {
+          connectionString = services[service]["credentials"].uri;
+        }
+      }
+      this.state.mode = 'prod';
+    }
+    else {
+      connectionString = DEV_URL;
+      this.state.mode = 'dev';
+    }
+
+    // connect to db
+    mongoose.connect(connectionString, {useNewUrlParser: true, useUnifiedTopology: true}, err => {
+      if (err) done(err);
+    });
+    mongoose.connection.on('error', console.error.bind(console, 'connection error:'));
+    mongoose.connection.once('open', () => {
+      console.log(`Connected to ${connectionString}`);
+      this.state.db = mongoose.connection;
+      done();
+    });
+  }
+
+  static getState () {
+    return this.state;
+  }
+
+  static drop (done: Function = () => {}) {  // drop all collections of connected db (only dev and test for safety reasons ;)
+    if (!this.state.db || this.state.mode === 'prod') return done();  // no db connection or prod db
+    this.state.db.db.listCollections().toArray((err, collections) => {  // get list of all collections
+      if (collections.length === 0) {  // there are no collections to drop
+        return done();
+      }
+      else {
+        let dropCounter = 0;  // count number of dropped collections to know when to return done()
+        collections.forEach(collection => {  // drop each collection
+          this.state.db.dropCollection(collection.name, () => {
+            console.log('dropped collection ' + collection.name);
+            if (++ dropCounter >= collections.length) {  // all collections dropped
+              done();
+            }
+          });
+        });
+      }
+    });
+  }
+
+  static loadJson (json, done: Function = () => {}) {  // insert given JSON data into db, uses core mongodb methods
+    if (!this.state.db || !json.hasOwnProperty('collections') || json.collections.length === 0) {
+      return done();
+    }  // no db connection or nothing to load
+
+    let loadCounter = 0;  // count number of loaded collections to know when to return done()
+    Object.keys(json.collections).forEach(collectionName => {  // create each collection
+      this.state.db.createCollection(collectionName, (err, collection) => {
+        collection.insertMany(json.collections[collectionName], () => {  // insert JSON data
+          console.log('loaded collection ' + collectionName);
+          if (++ loadCounter >= Object.keys(json.collections).length) {  // all collections loaded
+            done();
+          }
+        });
+      });
+    });
+  }
+};

src/globals.ts

@@ -0,0 +1,11 @@
+const globals = {
+  levels: [
+    'read',
+    'write',
+    'maintain',
+    'dev',
+    'admin'
+  ]
+};
+
+export default globals;

src/index.ts

@@ -1,37 +1,16 @@
-import cfenv from 'cfenv';
 import express from 'express';
-import mongoose from 'mongoose';
+import bodyParser from 'body-parser';
 import swagger from 'swagger-ui-express';
 import jsonRefParser, {JSONSchema} from '@apidevtools/json-schema-ref-parser';
+import db from './db';
 
 
 // tell if server is running in debug or production environment
 console.log(process.env.NODE_ENV === 'production' ? '===== PRODUCTION =====' : '===== DEVELOPMENT =====');
 
 
-// get mongodb address from server, otherwise set to localhost
-let connectionString: string = "";
-if(process.env.NODE_ENV === 'production') {
-  let services = cfenv.getAppEnv().getServices();
-  for (let service in services) {
-    if(services[service].tags.indexOf("mongodb") >= 0) {
-      connectionString = services[service]["credentials"].uri;
-    }
-  }
-}
-else {
-  connectionString = 'mongodb://localhost/dfopdb';
-}
-mongoose.connect(connectionString, {useNewUrlParser: true, useUnifiedTopology: true});
-
-// connect to mongodb
-let db = mongoose.connection;
-db.on('error', console.error.bind(console, 'connection error:'));
-db.once('open', () => {
-  console.log(`Connected to ${connectionString}`);
-});
-
-
+// mongodb connection
+db.connect();
 
 // create Express app
 const app = express();
@@ -40,8 +19,17 @@ app.disable('x-powered-by');
 // get port from environment, defaults to 3000
 const port = process.env.PORT || 3000;
 
+//middleware
+app.use(express.json({ limit: '5mb'}));
+app.use(express.urlencoded({ extended: false, limit: '5mb' }));
+app.use(bodyParser.json());
+app.use((err, req, res, ignore) => {  // bodyParser error handling
+  res.status(400).send({status: 'Invalid JSON body'});
+});
+
 // require routes
 app.use('/', require('./routes/root'));
+app.use('/', require('./routes/user'));
 
 // Swagger UI
 let oasDoc: JSONSchema = {};
@@ -53,7 +41,19 @@ jsonRefParser.bundle('oas/oas.yaml', (err, doc) => {
 });
 app.use('/api', swagger.serve, swagger.setup(oasDoc, {defaultModelsExpandDepth: -1, customCss: '.swagger-ui .topbar { display: none }'}));
 
-// hook up server to port
-app.listen(port, () => {
-  console.log(`Listening on http;//localhost:${port}`);
+app.use((req, res) => {  // 404 error handling
+  res.status(404).json({status: 'Not found'});
 });
+
+app.use((err, req, res, ignore) => {  // internal server error handling
+  console.error(err);
+  res.status(500).json({status: 'Internal server error'});
+});
+
+
+// hook up server to port
+const server = app.listen(port, () => {
+  console.log(`Listening on http://localhost:${port}`);
+});
+
+module.exports = server;

src/models/user.ts

@@ -0,0 +1,13 @@
+import mongoose from 'mongoose';
+
+const UserSchema = new mongoose.Schema({
+  name: String,
+  email: String,
+  pass: String,
+  key: String,
+  level: String,
+  location: String,
+  device_name: String
+});
+
+export default mongoose.model('user', UserSchema);

src/routes/root.spec.ts

@@ -1,19 +1,58 @@
 import supertest from 'supertest';
 import should from 'should/as-function';
+import db from '../db';
 
 
-let server = supertest.agent('http://localhost:3000');
+describe('/', () => {
+  let server;
 
-describe('Testing /', () => {
-  it('returns the message object', done => {
-    server
+  before(done => {
+    process.env.port = '2999';
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+     if (err) return done(err);
+     db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns the root message', done => {
+    supertest(server)
       .get('/')
       .expect('Content-type', /json/)
-      .expect(200)
-      .end(function(err, res) {
-        should(res.statusCode).equal(200);
+      .expect(200, (err, res) => {
         should(res.body).be.eql({message: 'API server up and running!'});
         done();
       });
   });
 });
+
+describe('Testing unknown routes', () => {
+  let server;
+
+  before(done => {
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+     if (err) return done(err);
+     db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns a 404 message', done => {
+    supertest(server)
+      .get('/unknownroute')
+      .expect(404);
+    done();
+  });
+});

src/routes/user.spec.ts

@@ -0,0 +1,75 @@
+import supertest from 'supertest';
+import should from 'should/as-function';
+import db from '../db';
+import userModel from '../models/user';
+
+
+describe('/user/new', () => {
+  let server;
+
+  before(done => {
+    process.env.port = '2999';
+    db.connect('test', done);
+  });
+  beforeEach(done => {
+    delete require.cache[require.resolve('../index')];  // prevent loading from cache
+    server = require('../index');
+    db.drop(err => {  // reset database
+      if (err) return done(err);
+      db.loadJson(require('../test/db.json'), done);
+    });
+  });
+  afterEach(done => {
+    server.close(done);
+  });
+  it('returns the added user data', done => {
+    supertest(server)
+      .post('/user/new')
+      .send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
+      .expect('Content-type', /json/)
+      .expect(200, (err, res) => {
+        if (err) return done(err);
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('email', 'john.doe@bosch.com');
+        should(res.body).have.property('name', 'johndoe');
+        should(res.body).have.property('level', 'read');
+        should(res.body).have.property('location', 'Rng');
+        should(res.body).have.property('device_name', 'Alpha II');
+        done();
+      });
+  });
+  it('stores the data', done => {
+    supertest(server)
+      .post('/user/new')
+      .send({email: 'john.doe@bosch.com', name: 'johndoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
+      .expect(200, err => {
+        if (err) return done(err);
+        userModel.find({name: 'johndoe'}).lean().exec( 'find', (err, data) => {
+          if (err) return done(err);
+          should(data).have.lengthOf(1);
+          should(data[0]).have.only.keys('_id', 'name', 'pass', 'email', 'level', 'location', 'device_name', 'key', '__v');
+          should(data[0]).have.property('_id');
+          should(data[0]).have.property('name', 'johndoe');
+          should(data[0]).have.property('email', 'john.doe@bosch.com');
+          should(data[0]).have.property('pass').not.eql('Abc123!#');
+          should(data[0]).have.property('level', 'read');
+          should(data[0]).have.property('location', 'Rng');
+          should(data[0]).have.property('device_name', 'Alpha II');
+          done();
+        });
+      });
+  });
+  it('rejects a username already in use', done => {
+    supertest(server)
+      .post('/user/new')
+      .send({email: 'j.doe@bosch.com', name: 'janedoe', pass: 'Abc123!#', level: 'read', location: 'Rng', device_name: 'Alpha II'})
+      .expect(400, err => {
+        if (err) return done(err);
+        userModel.find({name: 'janedoe'}).lean().exec( 'find', (err, data) => {
+          if (err) return done(err);
+          should(data).have.lengthOf(1);
+          done();
+        });
+      });
+  });  // TODO: authentication
+});

src/routes/user.ts

@@ -0,0 +1,31 @@
+import express from 'express';
+import mongoose from 'mongoose';
+import bcrypt from 'bcryptjs';
+import UserValidate from './validate/user';
+import UserModel from '../models/user';
+
+const router = express.Router();
+
+router.get('/users', (req, res) => {
+  res.json({message: 'users up and running!'});
+});
+
+router.post('/user/new', (req, res, next) => {
+  // validate input
+  const {error, value: user} = UserValidate.input(req.body);
+  if(error !== undefined) {
+    res.status(400).json({status: 'Invalid body format'});
+    return;
+  }
+
+  user.key = mongoose.Types.ObjectId();  // use object id as unique API key
+  bcrypt.hash(user.pass, 10, (err, hash) => {  // password hashing
+    user.pass = hash;
+    new UserModel(user).save((err, data) => {  // store user
+      if (err) next(err);
+      res.json(UserValidate.output(data.toObject()));
+    });
+  });
+});
+
+module.exports = router;

src/routes/validate/user.ts

@@ -0,0 +1,44 @@
+import joi from '@hapi/joi';
+import globals from "../../globals";
+
+export default class UserValidate {  // validate input for user
+  static input (data) {
+    return joi.object({
+      name: joi.string()
+        .alphanum()
+        .lowercase()
+        .required(),
+
+      email: joi.string()
+        .email({minDomainSegments: 2})
+        .lowercase()
+        .required(),
+
+      pass: joi.string()
+        .pattern(new RegExp('^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[!"#$%&\'()*+,-.\\/:;<=>?@[\\]^_`{|}~])(?=\\S+$).{8,}$'))
+        .required(),
+
+      level: joi.string()
+        .valid(...globals.levels)
+        .required(),
+
+      location: joi.string()
+        .alphanum()
+        .required(),
+
+      device_name: joi.string()
+        .required()
+    }).validate(data);
+  }
+
+  static output (data) {  // validate output from database for needed properties, strip everything else
+    return joi.object({
+      _id: joi.any(),
+      name: joi.string(),
+      email: joi.string(),
+      level: joi.string(),
+      location: joi.string(),
+      device_name: joi.string()
+    }).validate(data, {stripUnknown: true}).value;
+  }
+}

src/test/db.json

@@ -0,0 +1,17 @@
+{
+  "collections": {
+    "users": [
+      {
+        "_id": "5ea0450ed851c30a90e70894",
+        "email": "jane.doe@bosch.com",
+        "name": "janedoe",
+        "pass": "$2a$10$KDKZjCsgDXwhtKdXZ9oG2ueDuCZsRKOMSqHuBfCM/2R0V6DRns.sy",
+        "level": "write",
+        "location": "Rng",
+        "device_name": "Alpha I",
+        "key": "5ea0450ed851c30a90e70899",
+        "__v": 0
+      }
+    ]
+  }
+}