SERVER4: Security and Authentication

- Allow user to manage  their own favorite dishes

conFusion-Express/app.js

@@ -22,6 +22,7 @@ var users = require('./routes/users');
 var dishRouter = require('./routes/dishRouter');
 var promoRouter = require('./routes/promoRouter');
 var leaderRouter = require('./routes/leaderRouter');
+var favoriteRouter = require('./routes/favoriteRouter');
 
 var app = express();
 
@@ -55,6 +56,7 @@ app.use('/users', users);
 app.use('/dishes', dishRouter);
 app.use('/promotions', promoRouter);
 app.use('/leadership', leaderRouter);
+app.use('/favorites', favoriteRouter);
 
 // catch 404 and forward to error handler
 app.use(function (req, res, next) {

conFusion-Express/models/favorites.js

@@ -0,0 +1,19 @@
+var mongoose = require('mongoose');
+var Schema = mongoose.Schema;
+
+var favoriteSchema = new Schema({
+    customer: {
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'User'
+    },
+    dishes: [{
+        type: mongoose.Schema.Types.ObjectId,
+        ref: 'Dish'
+    }]
+}, {
+    timestamps: true
+});
+
+var Favorites = mongoose.model('Favorite', favoriteSchema);
+
+module.exports = Favorites;

conFusion-Express/routes/dishRouter.js

@@ -9,7 +9,7 @@ var dishRouter = express.Router();
 dishRouter.use(bodyParser.json());
 
 dishRouter.route('/')
-    .all()
+    .all(Verify.verifyOrdinaryUser)
 
     .get(function (req, res, next) {
         Dishes.find({})

conFusion-Express/routes/favoriteRouter.js

@@ -0,0 +1,76 @@
+var express = require('express');
+var bodyParser = require('body-parser');
+var mongoose = require('mongoose');
+
+var Favorites = require('../models/favorites');
+var Verify = require('./verify');
+
+var favoriteRouter = express.Router();
+favoriteRouter.use(bodyParser.json());
+
+favoriteRouter.route('/')
+    .all(Verify.verifyOrdinaryUser)
+
+    .get(function (req, res, next) {
+        Favorites.findOne({customer: req.decoded._doc._id})
+            .populate(['customer', 'dishes'])
+            .exec(function (err, favorite) {
+                if (err) throw err;
+                res.json(favorite);
+            });
+    })
+
+    .post(function (req, res) {
+        Favorites.findOne({customer: req.decoded._doc._id}, function (err, favorite) {
+            if (!favorite) {
+                favorite = new Favorites({
+                    customer: req.decoded._doc._id
+                });
+            }
+            if (favorite.dishes.indexOf(req.body._id) === -1) {
+                favorite.dishes.push(req.body);
+            }
+            favorite.save(function (err, favorite) {
+                if (err) throw err;
+                res.json(favorite);
+            });
+        });
+    })
+
+    .delete(function (req, res) {
+        Favorites.findOne({customer: req.decoded._doc._id}, function (err, favorite) {
+            if (err) throw err;
+            if (favorite) {
+                Favorites.findByIdAndRemove(favorite._id, function (err, resp) {
+                    if (err) throw err;
+                    res.json(resp);
+                });
+            }
+        });
+    });
+
+favoriteRouter.route('/:favoriteId')
+    .all(Verify.verifyOrdinaryUser)
+
+    .delete(function (req, res) {
+        Favorites.findOne({customer: req.decoded._doc._id}, function (err, favorite) {
+            if (err) throw err;
+            favorite.dishes = favorite.dishes.filter(function (dish) {
+                return dish != req.params.favoriteId;   // typeof(dish)=object, typeof(id)=string
+            });
+
+            if (favorite.dishes.length > 0) {
+                favorite.save(function (err, resp) {
+                    if (err) throw err;
+                    res.json(resp);
+                });
+            } else {
+                Favorites.findByIdAndRemove(favorite._id, function (err, resp) {
+                    if (err) throw err;
+                    res.json(resp);
+                });
+            }
+        });
+    });
+
+module.exports = favoriteRouter;