IBT-learning · queenhabeebah · May 4, 2024 · May 6, 2024 · May 11, 2024 · May 11, 2024
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,9 @@
+.env
+
 notes/
 notes.*
 
 .vscode/
 
+
 node_modules/
diff --git a/5-database/assignments/db-assignment-2.md b/5-database/assignments/db-assignment-2.md
@@ -0,0 +1,51 @@
+# Database Assignment #2: Make a CRUD app with Mongoose
+
+For this assignment, you'll set up a simple CRUD app with five endpoints for our Recipe app.
+
+### Create a local database for your Recipe data
+
+You'll want to start with some starter data, so before you begin...
+
+1. pull the most recent `main` into your personal branch. You can find instructions for that on [server assignment #1](../../4-server/assignments/server-assignment-1.md)
+1. open Compass, and use the `+` symbol to "add database". You can name your database and the collection both "recipes"
+1. click the green "Add Data" button, and select "Import JSON or CSV file"
+1. Navigate to the `recipes.json` file that is in this repository, and upload it
+1. You should now see several documents with recipes!
+
+### Set up an express server
+
+This will be almost identical to your last assignment, but you'll install `mongoose` instead of `mongodb`
+
+### Create a Recipe Schema
+
+Create a Schema with the following fields:
+
+- title: string
+- author: string
+- instructions: string
+- ingredients: array of strings
+  - to indicate an array of strings use `ingredients: [String]` or `ingredients: [{type: String, maxlength: ...}]`
+
+What other requirements do you think should be set? What are reasonable `maxlength` values? Are they required? Should they have default values?
+
+### Connect to the mongodb server
+
+Now that your Schema is set, you can import it into your controller and start making queries. But first, you must connect to the database server.
+
+Follow how it's done in the `mongoose-schemas` lesson. Remember that the connection string must end with the name of _your_ local database, not mine and not the one from the example.
+
+Import the Recipe schema into your controller, and set up a "get all" endpoint with `await Recipe.find()`. You should now see all of your local recipe documents in Postman when you hit that endpoint.
+
+### Create your CRUD endpoints
+
+Set up and implement five endpoints:
+
+- Get all (return all documents)
+- Get one by ID (return a single document)
+- Create a new document (add a new document to the database)
+- Update an existing document by ID
+- Delete an existing document by ID
+
+### Extra challenge (optional)
+
+Make sure you're handling all possible user errors, and sending specific messages back that would help the user understand the problem.
diff --git a/5-database/assignments/db-assignment-3.md b/5-database/assignments/db-assignment-3.md
@@ -0,0 +1,37 @@
+# Database Assignment #3: Add users to your recipe app
+
+You have already written a CRUD app for recipes. Now let's add user authentication, so that anybody can read recipes but only certain users can add, update, or delete recipes. The goal is that when registered users create a recipe, they will "own" that recipe, so that only they are allowed to modify or delete it.
+
+### Add users to your app
+
+Add a `User` model and a `users.js` controller with endpoints for creating an account, and for logging in. (So far this will look very similar to what's in the [user-auth lesson notes](../user-auth/), and that's okay!) It's up to you whether you want to define any additional fields on the user schema, beyond `email` and `password`.
+
+### Add token validation
+
+Create a middleware that validates tokens, (this will also look very similar to the lesson,) and then apply that middleware _only_ to your Create, Update, and Delete endpoints (that part will be somewhat different from the lesson example!)
+
+Make sure your validation is fully working, and only valid users can access the restricted endpoints, before you proceed to the next step.
+
+### Now for the interesting part...
+
+If only users who created a recipe can make changes, that means our Schema needs to be updated to start recording who created each recipe. Each Recipe will have a `createdBy` field that stored an ObjectId, which represents a user in the database. (This is called a "foreign key", where a key from another collection is stored as a field on our documents.)
+
+1. Add a field to the Recipe schema that looks like this:
+   - `createdBy: mongoose.Schema.ObjectId` (it doesn't need more because we don't need to specify any other constraints on this field)
+1. Change your Create endpoint to add the validated user's `_id` to the Recipe object before you save it.
+   - How do you know what the validated user's `_id` is? Try adding the user object to the `req` during the `tokenValidation` middelware. Remember that middlewares always have access to the request and response objects, and can modify them! Those modifications will then be received by the next function in the call stack.
+1. Change your Update endpoint to check whether the validated user matches the `createdBy` field on the recipe.
+   - Remember to include sensible error handling. What do you think would be the right HTTP status code for a request on a recipe the user doesn't own?
+1. Change your Delete endpoint to do the same thing!
+
+> NOTE: You will need multiple users in your database to thoroughly test these endpoints
+
+### Extra challenges
+
+##### Cookies
+
+In the next lesson I will demonstrate how to add the user's JWT to a browser cookie, but you already know everything you need to figure that out on your own! Don't worry too much about testing it, but if you like you could just open up any of your web-api assignments and have them manually make a fetch with your credentials, then check to see if your JWT is in Storage > Cookies
+
+##### Get all by user
+
+Try adding a new GET endpoint that returns all of the recipes that were created by a certain user. You will need to use `.find()` with a query object, similar to the query objects we use for `.findOne()`
diff --git a/5-database/assignments/db-final-project.md b/5-database/assignments/db-final-project.md
@@ -0,0 +1,85 @@
+# Database Final Project: Blog database
+
+Your blog currently has a server with one or more endpoints for serving data to the front-end. But right now, the data is just stored in a placeholder file. We want to set up a database to create and store actual data!
+
+We will want a database (I suggest "BlogAPI" unless your blog has a name) with two collections, for "posts" and "users". You should already have placeholder data from earlier phases of this project, now is the time to upload that through Compass as your "posts". You don't need to create the users collection manually, it will be created automatically by our schema constructor.
+
+## Set up your database
+
+Install `mongoose` and `dotenv` in your project. Write a `dbConnect` function that creates the mongodb connection via mongoose, and call that function in your `app.js`.
+
+Use dotenv! Remember the two kinds of things that must be stored in environment variables are:
+
+- secrets (such as JWT key and SALT)
+- anything related to the development environment, such as port numbers, and paths outside the package. The path to your database localhost will be one of these. Remember to include the name of your database at the end of the connection string
+
+## Add user authentication
+
+Even though you probably don't have a web client that includes the register and login actions, you will need those endpoints in order to create valid test users and generate tokens. We will worry about adding that functionality to the client in the next unit when we learn React!
+
+User authentication in MongoDB is fairly straightforward, so this can be very close to what you did for [users in the recipe app](./db-assignment-3.md). You will want to put more thought into the users schema for this one, though. What will "users" on your blog have? Take a look at how you designed your blog's user profile page, what is there? A bio, a tagline, a profile photo? Do they have a handle or display name that is different from their username? Make sure everything is represented on the user schema.
+
+Remember, not every field has to be required! In fact, only fields that a user _must_ fill out when they sign up for an account should be required.
+
+> Note: For now, if you have photos you can serve them as static files, like we learned in the Server unit. Have your documents store the _static path_ of the image. We will learn how to handle things like user-uploaded images in a later unit.
+
+## Create your Posts schema
+
+Your posts need to include at least these required fields:
+
+- body: String (this is the text of the post)
+- userId: ObjectId (the user who made the post)
+- createdAt: timestamp, we don't set these fields manually. See the [schemas lesson notes](../mongoose-schemas/models/Book.js) for an example
+
+What else? Again, look at your site design to see what else is included. Do posts have titles? Images? (Any information related to the user, such as their display name, can be accessed through the userId and doesn't need to be included on this schema separately.) Take the time to think through which fields are required and which are optional.
+
+Once your schema is created, go back to your endpoints and update them to use the schema.
+
+Now is a good time to think about which of your endpoints need to be behind token validation. Often the GET endpoints will be public and the POST, PUT, and DELETE endpoints will require authentication. But this is your blog site and your decision!
+
+## Test with your client!
+
+If you have updated your endpoints without changing their functionality, you shouldn't have to make any changes to calls to your public endpoints, and your blog site should still work as it previously does.
+
+For any endpoints you put behind token validation, you will need to add something to your `fetch` calls. They will need a second argument that looks like this:
+
+```javascript
+    fetch(`http://localhost:4000/api/...`, {
+      headers: {
+        authorization: token goes here...,
+      },
+    })
+```
+
+You will just paste in a hard-coded token here for testing purposes, but once we implement real login behavior, the client will be able to get the user's token from the cookies.
+
+#### CORS
+
+Depending on your browser, you may get a "Cross-Origin Resource Sharing" error in your browser. We will talk more about CORS in a later unit, but in the meantime you can probably circumvent the error with these steps
+
+- run `npm i cors` in your npm package
+- in your app.js
+  - `import cors from "cors"` at the top
+  - `app.use(cors())` somewhere _before_ you apply your controllers
+
+## Thinking forward
+
+Right now your client doesn't do a whole lot, so you might only have a couple of GET endpoints. Soon the app will need to do a lot more! Can you "write ahead" some endpoints that will be ready for the next phase of this project? What are the actions we foresee? Creating, editing, and deleting posts are obvious ones. Can you think of anything else a user might be able to do in your blog app?
+
+What about users? Can they change their bios, display names, or anything else? (Leave profile photos for a future unit, for now let's keep using hard-coded ones, or not include them at all.) Can users delete their whole profiles?
+
+If you're adding CRUD endpoints for users, does it make sense for those to be in the same controller as the authorization-related endpoints, `register` and `login`? Think about separation of concerns. It's okay to add more controllers if it keeps things tidy!
+
+(You may be tempted at this point to start thinking about likes and comments, but unless you are feeling very confident with this material I will discourage you from making the project overly complicated at this phase. Likes and comments will probably require more schemas, and more thought about foreign key relationships.)
+
+I leave it to you how much of this you want to do now, but I will warn you that React is a big topic and the next projects will be big lifts! If you write these endpoints now, later you will be glad you did.
+
+Again, it's not necessary to implement this functionality in your client yet. Just write the endpoints and test them with Postman. Don't forget to include tokens as needed, and don't forget that your tokens expire!
+
+## Refreshers (optional)
+
+Unless you really love writing event listeners, I don't think that actually implementing new functionality (such as creating posts) into your client at this point will be a good use of your time. We will soon be learning a whole new approach to writing web clients.
+
+However, some of the actions we will be implementing soon will require new designs. Take some time to think about all these user actions, and whether they're already reflected in your blog's HTML. Where will users add new posts from? Is there a field at the top of the home page, or is it a separate page? What about login? Registering a new account? Editing or deleting a post?
+
+Now would be a great time to build new pages or adjust your existing pages to prepare for the next phases of the project. Any structural HTML you write will be usable in React, but don't worry about making the forms actually submit or anything like that.
diff --git a/5-database/assignments/recipes.json b/5-database/assignments/recipes.json
@@ -10,5 +10,11 @@
     "author": "Danny Burrow",
     "ingredients": ["whole pork shoulder", "bbq spice mix"],
     "instructions": "Pat pork shoulder dry and liberally coat with salt and spices. Place on a rack in oven at 225F for 8-12 hours, until roast is fall-apart tender. Cool slightly, then shred. Mix with skimmed and strained pan drippings as desired. "
+  },
+  {
+    "title": "Grilled Chicken",
+    "author": "Habeebah Aleilo",
+    "ingredients": ["whole chicken", "spice", "herbs", "oil", "salt"],
+    "instructions": "Marinate the chicken with a blend of spices, herbs, salt, and oil, let it sit for at least an hour, then grill over medium heat until golden brown and fully cooked, turning occasionally."
   }
 ]
diff --git a/5-database/mongoose-schemas/app.js b/5-database/mongoose-schemas/app.js
@@ -0,0 +1,17 @@
+import express from "express"
+import cors from "cors"
+import { dbConnect } from "./db.js"
+
+const app = express()
+const PORT = 4000
+
+app.use(express.json())
+app.use(cors())
+
+import router from "./controllers/books.js"
+app.use("/books", router)
+
+app.listen(PORT, () => {
+  dbConnect()
+  console.log(`[server]: listening on port ${PORT}`)
+})
diff --git a/5-database/mongoose-schemas/controllers/books.js b/5-database/mongoose-schemas/controllers/books.js
@@ -0,0 +1,75 @@
+import express from "express"
+const router = express.Router()
+import { mongoose } from "../db.js"
+
+import Book from "../models/Book.js"
+
+router.get("/", async (req, res) => {
+  // the queries work exactly the same as they do on the driver
+  // so .find() with no arguments returns the entire collection
+  const books = await Book.find()
+  res.send(books)
+})
+
+router.get("/find/:bookId", async (req, res) => {
+  if (mongoose.Types.ObjectId.isValid(req.params.bookId)) {
+    // .findOne() returns a single document, according to the given filter object
+    const book = await Book.findOne({ _id: req.params.bookId })
+    book ? res.json(book) : res.status(404).send("book not found")
+  } else {
+    res.status(404).send("invalid book id")
+  }
+})
+
+router.post("/", async (req, res) => {
+  try {
+    const newBook = new Book(req.body)
+    // when adding new documents, .save() is a separate operation
+    // in case we want to make any changes to the document
+    // in between creating it and sending it to the database
+    await newBook.save()
+    res.send(`added ${req.body.title} by ${req.body.author}`)
+  } catch (err) {
+    res.status(422).send(err.errors.title)
+  }
+})
+
+router.put("/update/:bookId", async (req, res) => {
+  if (mongoose.Types.ObjectId.isValid(req.params.bookId)) {
+    const filter = { _id: req.params.bookId }
+    const body = req.body
+    const options = { upsert: true }
+    // upsert means "update or insert"
+    // it will create a new document if it can't find any that match the filter
+    // it is "false" by default, so we only need to set this option
+    // if we want it to be true
+
+    const book = await Book.updateOne(filter, body, options)
+    console.log(book)
+    if (book.modifiedCount === 1) {
+      res.send("book successfully updated")
+    } else if (book.upsertedCount === 1) {
+      res.send("book successfully added")
+    } else {
+      res.send("operation failed")
+    }
+  } else {
+    res.status(404).send("invalid book id")
+  }
+})
+
+router.delete("/delete/:bookId", async (req, res) => {
+  if (mongoose.Types.ObjectId.isValid(req.params.bookId)) {
+    const filter = { _id: req.params.bookId }
+    const book = await Book.deleteOne(filter)
+    if (book.deletedCount === 1) {
+      res.send("successfully deleted")
+    } else {
+      res.send("something went wrong")
+    }
+  } else {
+    res.status(404).send("invalid book id")
+  }
+})
+
+export default router
diff --git a/5-database/mongoose-schemas/db.js b/5-database/mongoose-schemas/db.js
@@ -0,0 +1,12 @@
+import mongoose from "mongoose"
+
+const dbConnect = async () => {
+  try {
+    await mongoose.connect("mongodb://localhost:27017/BooksAPI")
+    console.log(`[database]: connected to db`)
+  } catch (err) {
+    console.warn(`[database error]: ${err}`)
+  }
+}
+
+export { dbConnect, mongoose }
diff --git a/5-database/mongoose-schemas/models/Book.js b/5-database/mongoose-schemas/models/Book.js
@@ -0,0 +1,27 @@
+import { mongoose } from "../db.js"
+
+const Book = new mongoose.Schema(
+  {
+    title: {
+      type: String,
+      required: true,
+      maxlength: 150,
+      trim: true,
+    },
+    author: {
+      type: String,
+      required: false,
+      default: "Author Unknown",
+      maxlength: 150,
+    },
+    ratings: [{ type: String, maxlength: 50 }],
+    //   genre: {
+    //     type: String,
+    //     required: false,
+    //     enum: ["nonfiction", "history", "whatever"],
+    //   },
+  },
+  { timestamps: true }
+)
+
+export default mongoose.model("book", Book)