Skip to content

created: Like post controller #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Rossville merged 1 commit into from
Nov 6, 2025
Merged

created: Like post controller #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions backend/controller/likeController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
const { Like, TargetType_ENUM } = require("../models/Like");
const Post = require("../models/Post");
const mongoose = require("mongoose");

/**
* @desc user can like the post of the other developers
* @route GET /posts/:id/like
*/
async function likePost(req, res) {
try {
const PostId = req.params.id;
if (!PostId)
return res.status(400).json({ msg: "Post can't be undefined" });
if (!mongoose.Types.ObjectId.isValid(PostId))
return res.status(400).json({ msg: "Post Id is not Valid" });
const postExists = Post.findById(PostId);
if (!postExists)
return res.status(404).json({ msg: "Post does not Exists" });
const likeExists = Like.findOne({
targetId: new mongoose.Types.ObjectId(PostId),
}).select("_id");
if (!likeExists) {
const likedPost = await Like.create({
targetType: TargetType_ENUM.POST,
count: 1,
targetId: PostId,
});
console.log(likedPost);
}
else{
const likeUpdated = await Like.updateOne({ targetId: PostId},{ $inc: {count: 1}});
console.log(likeUpdated);
}
return res.status(200).json({ msg: "Post Liked Successfully" });
} catch (err) {
console.log(err.stack);
return res.status(500).json({ msg: "Internal Server Error" });
}
}

module.exports = {
likePost,
};
10 changes: 8 additions & 2 deletions backend/models/Like.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ const LikeSchema = mongoose.Schema({
type: String,
enum: Object.values(TargetType_ENUM)
},
count: {
type: Number
},
targetId: {
type: mongoose.Schema.Types.ObjectId,
refPath: 'targetTypeRef'
Expand All @@ -23,6 +26,9 @@ const LikeSchema = mongoose.Schema({
strict: true
});

const like = mongoose.model('Like', LikeSchema);
const Like = mongoose.model('Like', LikeSchema);

module.exports = like;
module.exports = {
Like,
TargetType_ENUM
};
5 changes: 4 additions & 1 deletion backend/routes/user-route.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,19 @@
const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
const { createPost, showPost, showAllPost } = require('../controller/postController.js');
const { sendFollow } = require('../controller/followController.js');
const { likePost } = require('../controller/likeController.js');
const router = express.Router();
const app = express();

router.use(express.json());
router.post('/signup', isUserAuthenticated, generateToken, createUser);
router.post('/login', generateToken, loginUser);
router.get('/:id', findUser);
router.get('/:id', verifyToken, findUser);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix

AI 4 months ago

To fix this issue, add a rate limiting middleware, preferably at the router level or for the specific route(s) that perform database operations. We'll use the popular express-rate-limit package for simplicity and robustness.

  • Add the express-rate-limit import at the top of the file.
  • Instantiate a limiter, e.g. with reasonable defaults: 100 requests per 15 minutes per IP.
  • Apply the limiter middleware to at least the route /user/:id (line 14), and optionally to the other database-backed routes visible in this code snippet.

This only requires changes to backend/routes/user-route.js, specifically:

  • Import express-rate-limit
  • Initialize the limiter
  • Add limiter to the middleware chain for /user/:id route (router.get('/:id', ...)).
Suggested changeset 2
backend/routes/user-route.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/user-route.js b/backend/routes/user-route.js
--- a/backend/routes/user-route.js
+++ b/backend/routes/user-route.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const RateLimit = require('express-rate-limit');
 const isUserAuthenticated = require('../middleware/userAuthenticated.js');
 const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
 const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -8,10 +9,18 @@
 const router = express.Router();
 const app = express();
 
+// Rate limiter: max 100 requests per 15 minutes per IP
+const limiter = RateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+  standardHeaders: true, // Return rate limit info in the RateLimit-* headers
+  legacyHeaders: false, // Disable the X-RateLimit-* headers
+});
+
 router.use(express.json());
 router.post('/signup', isUserAuthenticated, generateToken, createUser);
 router.post('/login', generateToken, loginUser);
-router.get('/:id', verifyToken, findUser);
+router.get('/:id', limiter, verifyToken, findUser);
 router.post('/post/create', verifyToken, createPost);
 router.get('/post/:id', verifyToken, showPost);
 router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
EOF
@@ -1,4 +1,5 @@
const express = require('express');
const RateLimit = require('express-rate-limit');
const isUserAuthenticated = require('../middleware/userAuthenticated.js');
const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -8,10 +9,18 @@
const router = express.Router();
const app = express();

// Rate limiter: max 100 requests per 15 minutes per IP
const limiter = RateLimit({
windowMs: 15 * 60 * 1000,
max: 100,
standardHeaders: true, // Return rate limit info in the RateLimit-* headers
legacyHeaders: false, // Disable the X-RateLimit-* headers
});

router.use(express.json());
router.post('/signup', isUserAuthenticated, generateToken, createUser);
router.post('/login', generateToken, loginUser);
router.get('/:id', verifyToken, findUser);
router.get('/:id', limiter, verifyToken, findUser);
router.post('/post/create', verifyToken, createPost);
router.get('/post/:id', verifyToken, showPost);
router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
backend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/package.json b/backend/package.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.20.0",
     "mongoose": "^8.19.2",
-    "zod": "^4.1.12"
+    "zod": "^4.1.12",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "cors": "^2.8.5",
EOF
@@ -16,7 +16,8 @@
"jsonwebtoken": "^9.0.2",
"mongodb": "^6.20.0",
"mongoose": "^8.19.2",
"zod": "^4.1.12"
"zod": "^4.1.12",
"express-rate-limit": "^8.2.1"
},
"devDependencies": {
"cors": "^2.8.5",
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

Copilot Autofix

AI 4 months ago

The best way to fix this is to add a rate limiting middleware to the Express router in backend/routes/user-route.js. We should use a widely adopted package like express-rate-limit, as recommended. This involves installing the package (express-rate-limit), requiring it at the top of the file, configuring an appropriate limiter (e.g., limit to 100 requests per 15 minutes), and applying it specifically to the route(s) which access the database, notably /users/:id (the route in question), or to all router routes if appropriate.

Specifically:

  • In backend/routes/user-route.js, add express-rate-limit as an import.
  • Define a rate limiter middleware variable (e.g., const rateLimit = require('express-rate-limit'); and configure it).
  • Apply this limiter to the /users/:id route (router.get('/:id', limiter, verifyToken, findUser);) or, if desired, to all router routes.
  • Ensure the imports and uses are placed appropriately near relevant code.
Suggested changeset 2
backend/routes/user-route.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/user-route.js b/backend/routes/user-route.js
--- a/backend/routes/user-route.js
+++ b/backend/routes/user-route.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const rateLimit = require('express-rate-limit');
 const isUserAuthenticated = require('../middleware/userAuthenticated.js');
 const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
 const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -7,11 +8,10 @@
 const { likePost } = require('../controller/likeController.js');
 const router = express.Router();
 const app = express();
-
 router.use(express.json());
 router.post('/signup', isUserAuthenticated, generateToken, createUser);
 router.post('/login', generateToken, loginUser);
-router.get('/:id', verifyToken, findUser);
+router.get('/:id', limiter, verifyToken, findUser);
 router.post('/post/create', verifyToken, createPost);
 router.get('/post/:id', verifyToken, showPost);
 router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
EOF
@@ -1,4 +1,5 @@
const express = require('express');
const rateLimit = require('express-rate-limit');
const isUserAuthenticated = require('../middleware/userAuthenticated.js');
const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -7,11 +8,10 @@
const { likePost } = require('../controller/likeController.js');
const router = express.Router();
const app = express();

router.use(express.json());
router.post('/signup', isUserAuthenticated, generateToken, createUser);
router.post('/login', generateToken, loginUser);
router.get('/:id', verifyToken, findUser);
router.get('/:id', limiter, verifyToken, findUser);
router.post('/post/create', verifyToken, createPost);
router.get('/post/:id', verifyToken, showPost);
router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
backend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/package.json b/backend/package.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.20.0",
     "mongoose": "^8.19.2",
-    "zod": "^4.1.12"
+    "zod": "^4.1.12",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "cors": "^2.8.5",
EOF
@@ -16,7 +16,8 @@
"jsonwebtoken": "^9.0.2",
"mongodb": "^6.20.0",
"mongoose": "^8.19.2",
"zod": "^4.1.12"
"zod": "^4.1.12",
"express-rate-limit": "^8.2.1"
},
"devDependencies": {
"cors": "^2.8.5",
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.
router.post('/post/create', verifyToken, createPost);
router.get('/post/:id', verifyToken, showPost);
router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
router.post('/people', verifyToken, getAllUser);
router.post('/follow/:id', verifyToken, sendFollow);
router.put('/posts/:id/like', verifyToken, likePost);

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
authorization
Loading
, but is not rate-limited.

Copilot Autofix

AI 4 months ago

The best way to fix this issue is to add a rate-limiting middleware to the relevant route handler(s), specifically to the endpoint /posts/:id/like, which is potentially vulnerable to abuse. This can be efficiently done using a standard middleware package like express-rate-limit. Import express-rate-limit, configure a limiter (e.g., allowing 10 requests per minute per IP, or any reasonable threshold), and apply this limiter to the put route for post likes. All edits should be made directly in backend/routes/user-route.js, above or within the relevant region, without altering the route’s existing logic or authentication flow.

Suggested changeset 2
backend/routes/user-route.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/user-route.js b/backend/routes/user-route.js
--- a/backend/routes/user-route.js
+++ b/backend/routes/user-route.js
@@ -5,6 +5,14 @@
 const { createPost, showPost, showAllPost } = require('../controller/postController.js');
 const { sendFollow } = require('../controller/followController.js');
 const { likePost } = require('../controller/likeController.js');
+const rateLimit = require('express-rate-limit');
+
+// Limit repeated likes on posts to prevent abuse (e.g., 10/min/IP)
+const likeLimiter = rateLimit({
+  windowMs: 60 * 1000, // 1 minute window
+  max: 10, // limit each IP to 10 requests per windowMs
+  message: 'Too many like requests from this IP, please try again after a minute'
+});
 const router = express.Router();
 const app = express();
 
@@ -17,6 +25,6 @@
 router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
 router.post('/people', verifyToken, getAllUser);
 router.post('/follow/:id', verifyToken, sendFollow);
-router.put('/posts/:id/like', verifyToken, likePost);
+router.put('/posts/:id/like', verifyToken, likeLimiter, likePost);
 
 module.exports = router;
\ No newline at end of file
EOF
@@ -5,6 +5,14 @@
const { createPost, showPost, showAllPost } = require('../controller/postController.js');
const { sendFollow } = require('../controller/followController.js');
const { likePost } = require('../controller/likeController.js');
const rateLimit = require('express-rate-limit');

// Limit repeated likes on posts to prevent abuse (e.g., 10/min/IP)
const likeLimiter = rateLimit({
windowMs: 60 * 1000, // 1 minute window
max: 10, // limit each IP to 10 requests per windowMs
message: 'Too many like requests from this IP, please try again after a minute'
});
const router = express.Router();
const app = express();

@@ -17,6 +25,6 @@
router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
router.post('/people', verifyToken, getAllUser);
router.post('/follow/:id', verifyToken, sendFollow);
router.put('/posts/:id/like', verifyToken, likePost);
router.put('/posts/:id/like', verifyToken, likeLimiter, likePost);

module.exports = router;
backend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/package.json b/backend/package.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.20.0",
     "mongoose": "^8.19.2",
-    "zod": "^4.1.12"
+    "zod": "^4.1.12",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "cors": "^2.8.5",
EOF
@@ -16,7 +16,8 @@
"jsonwebtoken": "^9.0.2",
"mongodb": "^6.20.0",
"mongoose": "^8.19.2",
"zod": "^4.1.12"
"zod": "^4.1.12",
"express-rate-limit": "^8.2.1"
},
"devDependencies": {
"cors": "^2.8.5",
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.

Check failure

Code scanning / CodeQL

Missing rate limiting High

This route handler performs
a database access
Loading
, but is not rate-limited.

Copilot Autofix

AI 4 months ago

The best way to fix the problem is to add rate-limiting middleware to the relevant endpoint(s), ensuring that requests to endpoints that trigger database actions (such as liking a post) cannot be abused to cause excessive load. In this context, the route /posts/:id/like should have a rate limiter. This can be achieved using a well-established package such as express-rate-limit. The typical fix comprises:

  • Installing express-rate-limit (if not already present).
  • Importing express-rate-limit at the top of the file.
  • Defining a suitable rate limiter (e.g., limiting to 10 likes per minute per user/IP).
  • Adding the rate limiter as middleware to the PUT /posts/:id/like route handler.

These changes should be made only within the shown code in backend/routes/user-route.js, specifically above line 20, so as not to alter unrelated code or introduce code outside the scope shown.

Suggested changeset 2
backend/routes/user-route.js

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/routes/user-route.js b/backend/routes/user-route.js
--- a/backend/routes/user-route.js
+++ b/backend/routes/user-route.js
@@ -1,4 +1,5 @@
 const express = require('express');
+const rateLimit = require('express-rate-limit');
 const isUserAuthenticated = require('../middleware/userAuthenticated.js');
 const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
 const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -17,6 +18,6 @@
 router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
 router.post('/people', verifyToken, getAllUser);
 router.post('/follow/:id', verifyToken, sendFollow);
-router.put('/posts/:id/like', verifyToken, likePost);
+router.put('/posts/:id/like', verifyToken, rateLimiterLikePost, likePost);
 
 module.exports = router;
\ No newline at end of file
EOF
@@ -1,4 +1,5 @@
const express = require('express');
const rateLimit = require('express-rate-limit');
const isUserAuthenticated = require('../middleware/userAuthenticated.js');
const {createUser, loginUser, findUser, getAllUser} = require('../controller/userController.js');
const {generateToken, verifyToken} = require('../middleware/tokenVerification.js');
@@ -17,6 +18,6 @@
router.post('/posts', verifyToken, showAllPost); // this should work with GET request but it is not working, instead it returing a 404 on send request in GET format
router.post('/people', verifyToken, getAllUser);
router.post('/follow/:id', verifyToken, sendFollow);
router.put('/posts/:id/like', verifyToken, likePost);
router.put('/posts/:id/like', verifyToken, rateLimiterLikePost, likePost);

module.exports = router;
backend/package.json
Outside changed files

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/backend/package.json b/backend/package.json
--- a/backend/package.json
+++ b/backend/package.json
@@ -16,7 +16,8 @@
     "jsonwebtoken": "^9.0.2",
     "mongodb": "^6.20.0",
     "mongoose": "^8.19.2",
-    "zod": "^4.1.12"
+    "zod": "^4.1.12",
+    "express-rate-limit": "^8.2.1"
   },
   "devDependencies": {
     "cors": "^2.8.5",
EOF
@@ -16,7 +16,8 @@
"jsonwebtoken": "^9.0.2",
"mongodb": "^6.20.0",
"mongoose": "^8.19.2",
"zod": "^4.1.12"
"zod": "^4.1.12",
"express-rate-limit": "^8.2.1"
},
"devDependencies": {
"cors": "^2.8.5",
This fix introduces these dependencies
Package Version Security advisories
express-rate-limit (npm) 8.2.1 None
Copilot is powered by AI and may make mistakes. Always verify output.

module.exports = router;
Loading