IntersogLABs · SSosedova · Aug 17, 2015 · Aug 24, 2015 · Aug 24, 2015 · Aug 30, 2015
diff --git a/app.js b/app.js
@@ -1,24 +1,44 @@
+GLOBAL._ = require('underscore');
+GLOBAL.sha1 = require('sha1');
+GLOBAL.ObjectID = require('mongodb').ObjectID;
+GLOBAL.async = require('async');
+
 var express = require('express');
 var bodyParser = require('body-parser');
-GLOBAL._ = require('underscore');
-var fs= require('fs')
+var fs = require('fs')
 var app = express();
-GLOBAL.DB = {
-    save:function(){
-        fs.writeFileSync('./db.json',JSON.stringify(this))
-    },
-    restore: function(){
-        GLOBAL.DB = _.extend(GLOBAL.DB,JSON.parse(fs.readFileSync('./db.json','utf-8')))
-    }
-}
-GLOBAL.DB.restore();
-DB.users = DB.users || [];
-DB.posts = DB.posts || [];
+var MongoClient = require('mongodb').MongoClient
+var url = 'mongodb://localhost:27017/socialNetwork'; 
+
+MongoClient.connect(url, function(err, db){
+
+    console.log("Connected corretly to server");
+
+    GLOBAL.DB = db; 
+    GLOBAL.UsersCollection = DB.collection('users');
+    GLOBAL.PostsCollection = DB.collection('posts');
+
+    app.listen(100)
+})
 
+console.log("run");
+
+app.use(function(req, res, next) {
+    res.header('Access-Control-Allow-Origin', '*');
+    res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE,OPTIONS');
+    res.header('Access-Control-Allow-Headers', 'Content-Type, Authorization, Content-Length, X-Requested-With');
+
+    // intercept OPTIONS method
+    if ('OPTIONS' == req.method) {
+      res.send(200);
+    }
+    else {
+      next();
+    }
+});
 
 app.use(bodyParser.json())
 app.use(function (req, res, next) {
-    console.log(req.originalUrl)
     if(req.originalUrl =='/register'){
         next(null);
         return;
@@ -30,18 +50,29 @@ app.use(function (req, res, next) {
     var parts = req.headers['authorization'].split(":")
     var nick = parts[0];
     var pwd = parts[1];
-    var user = _.find(DB.users, function (usr) {
-        return usr.nick == nick && pwd == usr.pwd;
-    })
-    if (!user) {
+    DB.collection('users').findOne({nick:nick,pwd:sha1(pwd)}, function(err,data){
+        if (data) {
+            req.currentUser = data;
+            next(null);
+            return
+        }
         res.status(401).send({message: "invalid user or password"})
-        return;
-    }
-    req.currentUser =user;
-    next(null);
+    })
 })
-require('./controllers/user')(app)
-require('./controllers/post')(app)
 
+require('./controllers/user')(app);
+require('./controllers/post')(app);
 
-app.listen(100)
+GLOBAL.deletePwd = function(users){
+    if (_.isArray(users)){
+        return _.map(users, function(user){
+            var userCopy = _.clone(user)
+            delete userCopy.pwd;
+            return userCopy;
+        })
+    } else {
+        var userCopy = _.clone(users)
+        delete userCopy.pwd;
+        return userCopy;
+    }
+}
diff --git a/controllers/post.js b/controllers/post.js
@@ -1,18 +1,112 @@
-module.exports=function(app){
-    app.post('/user/:id/wall',function(req,res){
+module.exports = function(app){
+
+    app.post('/user/:id/wall', function(req, res){
+
         if(!req.body.content){
             res.status(400).send({message:'content required'})
             return;
         }
         var post = {
-            content:req.body.content,
-            id:Date.now(),
-            authorId:req.currentUser.id,
-            ownerId:req.params.id
+            content: req.body.content,
+            authorId: {$ref: "users", $id: req.currentUser._id},
+            ownerId: {$ref: "users", $id: new ObjectID(req.params.id)}
         };
-        DB.posts.push(post)
-        DB.save();
-        res.send(post);
+
+        PostsCollection.insert(post, function(err, data){
+            res.send(post);
+        })
+    })
+
+    app.get('/posts', function(req, res){
+
+        PostsCollection
+            .find({})
+            .toArray(function(err, posts){
+                async.mapLimit(
+                    posts, 
+                    5, 
+                    function(post, next){
+                        UsersCollection.findOne({_id: post.authorId.oid}, function(err, data){
+
+                            post.author = deletePwd(data);
+
+                            UsersCollection.findOne({_id: post.ownerId.oid}, function(err, data){
+                                post.owner = deletePwd(data);
+                                delete post.authorId;
+                                delete post.ownerId;
+                                next(null, post);
+                            })
+                        })
+                    }, 
+                    function(err, data){
+                        res.send(data);
+                    }
+                )
+        })
+    })
+
+    app.get('/posts/:id', function(req, res){
+       PostsCollection.findOne({_id: new ObjectID(req.params.id)}, function(err, post){
+            if(!post){
+                res.status(404).send({message:"not found"})
+                return;
+            }
+            UsersCollection.findOne({_id: post.authorId.oid}, function(err, data){
+                post.author = deletePwd(data);
+
+                UsersCollection.findOne({_id: post.ownerId.oid}, function(err, data){
+                    post.owner = deletePwd(data);
+                    delete post.authorId;
+                    delete post.ownerId;
+                    res.send(post)
+                })
+            })
+
+        })
+    })
+
+    app.put('/posts/:id', function(req,res){
+        PostsCollection.findOne({_id: new ObjectID(req.params.id)}, function(err, post){
+            if(!post){
+                res.status(404).send({message:"not found"})
+                return;
+            }
+            if(req.currentUser._id.toString() != post.authorId.oid.toString()){
+                res.status(405).send({message: "Not Allowed"})
+                return;
+            }
+            if(!req.body.content){
+                res.status(400).send({message:'content required'})
+            return;
+            }
+
+            PostsCollection.update(
+                {_id: post._id},
+                {$set: {content: req.body.content}},
+                function(err, data){
+                    post.content = req.body.content
+                    res.send(post)    
+                }
+            )
+        })
+    })
+
+    app.delete('/posts/:id', function(req, res){
+        PostsCollection.findOne({_id: new ObjectID(req.params.id)}, function(err, post){
+            if(!post){
+                res.status(404).send({message:"not found"})
+                return;
+            }
+            if(!(req.currentUser._id.toString() == post.authorId.oid.toString() || req.currentUser._id.toString() == post.ownerId.oid.toString())){
+                res.status(405).send({message: "Not Allowed"})
+                return;
+            }  
+            PostsCollection.remove({_id: new ObjectID(req.params.id)}, function(err, post){
+               res.send("deleted") 
+            })
+
+        })
+
     })
 
 }