search

cpsc455-bugstorm / TravelersTea

A Trip Planning App that tailors travel itineraries based on user preferences and providing detailed information about destinations; making travel planning less daunting and more enjoyable.
https://travelerstea-906d.onrender.com
MIT License
6 stars 2 forks source link

Auth Middleware #189

Closed AndyLiang1 closed 9 months ago

AndyLiang1 commented 10 months ago

What was implemented

12 changed files:

AuthMiddleware.js has the middleware, populates the field req.userId on success. TripModel.js added isPublic in anticipation of generateItineraryLink, currently does nothing.

(10 changed files left)

BE Users UserController.js made it so authentication token now has the user's ID too.

(9 changed files left)

Google Coordinates Added error handling, error message concatenation.

(8 changed files left)

BE Trips TripRoute.js now uses the authMiddleware (line 8) Changed all requests to take in userId from the req.userId field instead. The req.userId gets populated from the AuthMiddleware.js Added next() so that error is logged too (Note: Didn't do this for every function, only the CRUD's)

TrpController.js Removed all instances of userId being returned as part of the response Added error message concatenation When editing and deleting, also filters for the userId. This way, user1 cannot delete user2's trips, even user1 got "authenticated" using their own auth token.

(6 changed files left)

FE Users thunk.js merely put accessToken into local storage. I named it travelersTea_accessToken to not clash with any other accessTokens that may be in your local storage. usersSlice.js only stored username into userSlice. In future maybe we have more info haha.

(4 changed files left)

FE Trips thunk.js remove userId in params since now we use accessToken. service.js made it so axios sends the request with our token for these 4 routes

NewTripForm.js merely removed accessing user's id from the slice, as its not there anymore. SessionController.js remove userId in params since now we use accessToken.

L0Lmaker commented 10 months ago

Could you add a description for this PR, looks like there are a few different changes apart from the auth middleware. Also dont forget to resolve merge conflicts

AndyLiang1 commented 9 months ago

Could you add a description for this PR, looks like there are a few different changes apart from the auth middleware. Also dont forget to resolve merge conflicts

Resolved in discord chat!