DEV Community: Stillnoturdad

Dive into Database Fun with Sequelize Migrations: Users, Vouchers, and Gifts, Oh My!

Stillnoturdad — Mon, 23 Sep 2024 02:30:26 +0000

Alright, grab your favorite beverage, kick back, and let’s take a stroll through the magical land of Sequelize migrations! You may think creating tables and handling data is dry, but trust me, this little piece of code is full of hidden treasures. Let's break it down and see what's really going on under the hood.

1. The User Table: Who Are You, Really?
First up, we’ve got our trusty Users table. This is where the magic happens for anyone signing up on your app. Every user gets an ID (because anonymity? Not in this database!), and it's auto-incremented because let's face it, counting is hard. Plus, we can’t have two users with the same email. So, the database is like, “Hey, email, you’re unique. Be proud of it.”

The password is stored here too—though, hopefully, it's encrypted, because nobody wants to be that company with plain text passwords. Rounding things out, we have the timestamps for createdAt and updatedAt because, you know, little details kinda fun (yes its a bit confusing too but it's totally alright)


module.exports = {
  async up(queryInterface, Sequelize) {
    await queryInterface.createTable('Users', {
      id: {
        allowNull: false,
        autoIncrement: true,
        primaryKey: true,
        type: Sequelize.INTEGER
      },
      email: {
        type: Sequelize.STRING,
        unique: true
      },
      password: {
        type: Sequelize.STRING
      },
      createdAt: {
        allowNull: false,
        type: Sequelize.DATE
      },
      updatedAt: {
        allowNull: false,
        type: Sequelize.DATE
      }
    });
  },
  async down(queryInterface, Sequelize) {
    await queryInterface.dropTable('Users');
  }
};

2. Another table for our beloved deals! Voucher!!
Now that we’ve got users, let’s sprinkle some fun with vouchers! Whether it’s 10% off your next pizza or a "buy one, get one" deal on sunglasses, this Vouchers table is where all the action is. Each voucher has a title (think: “Super Saver Deal”), a tag (for organizing all that goodness), and an image URL so you can gaze lovingly at the deal of the day.

Once again, we’ve got those createdAt and updatedAt fields because, apparently, tracking is life

  async up(queryInterface, Sequelize) {
    await queryInterface.createTable('Vouchers', {
      id: {
        allowNull: false,
        autoIncrement: true,
        primaryKey: true,
        type: Sequelize.INTEGER
      },
      title: {
        type: Sequelize.STRING
      },
      tag: {
        type: Sequelize.STRING
      },
      imageUrl: {
        type: Sequelize.STRING
      },
      createdAt: {
        allowNull: false,
        type: Sequelize.DATE
      },
      updatedAt: {
        allowNull: false,
        type: Sequelize.DATE
      }
    });
  },
  async down(queryInterface, Sequelize) {
    await queryInterface.dropTable('Vouchers');
  }
};

3. AAAAND ANOTHER ONE!!

Moving on to the Gifts table—because who doesn’t like to give (and receive) a little something special? This table connects users with vouchers in a delightful dance of generosity. Each gift has a message (probably something like “Here’s that pizza I owe you!”), and it links a sender and receiver (both users) with a fancy voucher.

The database, being the responsible type, doesn’t let anything slide, so we’ve got references to both the Users and Vouchers tables to ensure everything matches up. And, of course, there’s a status field for when you want to know if your pizza coupon is still good or expired (tragic).

  async up(queryInterface, Sequelize) {
    await queryInterface.createTable('Gifts', {
      id: {
        allowNull: false,
        autoIncrement: true,
        primaryKey: true,
        type: Sequelize.INTEGER
      },
      message: {
        type: Sequelize.STRING
      },
      senderId: {
        type: Sequelize.INTEGER,
        references: {
          model: "Users",
          key: "id"
        }
      },
      amount: {
        type: Sequelize.INTEGER
      },
      voucherId: {
        type: Sequelize.INTEGER,
        references: {
          model: "Vouchers",
          key: "id"
        }
      },
      receiverId: {
        type: Sequelize.INTEGER,
        references: {
          model: "Users",
          key: "id"
        }
      },
      status: {
        type: Sequelize.STRING
      },
      createdAt: {
        allowNull: false,
        type: Sequelize.DATE
      },
      updatedAt: {
        allowNull: false,
        type: Sequelize.DATE
      }
    });
  },
  async down(queryInterface, Sequelize) {
    await queryInterface.dropTable('Gifts');
  }
};

4. Seeding with Data: The Grand Finale
What’s a database without some actual data to play with? This is where the seeding part comes in. We’re pulling in some pre-made vouchers from a JSON file and injecting them right into the database. But wait, before doing that, we’re wiping out any existing IDs, so it feels fresh and clean. Then, we set the createdAt and updatedAt values to the current date because, well, we like to keep things real-time.

With a flick of a command, we’ve bulk inserted our voucher data. And if you ever need to undo it? No problem. There’s a bulkDelete waiting in the wings to clean things up.



'use strict';

/** @type {import('sequelize-cli').Migration} */
module.exports = {
  async up (queryInterface, Sequelize) {
    let data = require('../hacktiv_voucher.json').map(el => {
      delete el.id
      el.createdAt = el.updatedAt = new Date()
      return el
    })
    await queryInterface.bulkInsert("Vouchers", data, {})
  },

  async down (queryInterface, Sequelize) {
    await queryInterface.bulkDelete("Vouchers", null, {})
  }
};



And There You Have It!
In just a few lines of code, we’ve built a mini ecosystem where users can grab some vouchers and send gifts to their friends. Each migration ensures the database is structured perfectly, and with the seed data, we’ve already got some vouchers to start the fun.

Now that our database is up and running, it’s time to go out there and treat yourself (and maybe a friend) to a gift!

API OVERVIEW

Stillnoturdad — Sun, 22 Sep 2024 18:19:43 +0000

In this article, we’ll walk through a simple event ticketing system built with Node.js and Express. This system allows users to view discount codes, send event tickets, and manage tickets (such as claiming or deleting them). Let's break down how the API works!

Get All Discount Codes (GET /discounts) Imagine you have a bunch of discount codes for events, and you want users to be able to see them. This endpoint does exactly that by fetching all available discount codes from the database.

app.get('/discounts', async (req, res, next) => {
    try {
        let discounts = await DiscountCode.findAll();
        res.status(200).json(discounts);
    } catch (error) {
        next(error);
    }
});

The GET /discounts route retrieves all discount codes from the DiscountCode model.
If everything goes smoothly, it returns the discount codes in JSON format with a 200 OK status.
In case of an error (e.g., database issues), it passes the error to the error-handling middleware.

Send an Event Ticket (POST /tickets/:discountId) This endpoint allows a user to send an event ticket to someone else, using a discount code. The user can send a custom message along with the ticket.

app.post('/tickets/:discountId', async (req, res, next) => {
    try {
        let { message, quantity, recipientId } = req.body;
        let { discountId } = req.params;
        let discount = await DiscountCode.findByPk(discountId);
        if (!discount) throw ({ name: "Custom", status: 404, message: "Discount not found" });

        let ticket = await EventTicket.create({
            message,
            senderId: req.member.id,
            quantity,
            discountId: discount.id,
            recipientId
        });
        res.status(201).json(ticket);
    } catch (error) {
        next(error);
    }
});

The user provides the discountId (via URL parameter), recipientId, a message, and the number of tickets (quantity) in the request body.
The discount code is fetched from the database to ensure it exists. If not, the API throws an error.
If everything checks out, the event ticket is created with the sender's ID, recipient's ID, and the associated discount code.
The response contains the newly created ticket, with a 201 Created status.

Get Event Tickets Received (GET /tickets) This endpoint fetches all the event tickets a user has received. It also includes details about the discount associated with each ticket.

app.get('/tickets', async (req, res, next) => {
    try {
        let tickets = await EventTicket.findAll({
            include: {
                model: DiscountCode,
                as: "discount",
                attributes: ["id", "title", "description"]
            },
            where: {
                recipientId: req.member.id
            }
        });
        if (tickets.length === 0) throw({ name: "Custom", status: 404, message: "Tickets not found" });
        res.status(200).json(tickets);
    } catch (error) {
        next(error);
    }
});

This route fetches all tickets where the current user is the recipient (recipientId matches the logged-in user).
The response includes details about the discount code associated with each ticket (ID, title, and description).
If no tickets are found, a 404 Not Found error is returned.
Otherwise, the tickets are returned with a 200 OK status.

Claim an Event Ticket (PATCH /tickets/:id/claim) Once a user has received a ticket, they can claim it. This endpoint marks a ticket as "claimed."

app.patch('/tickets/:id/claim', authorization, async (req, res, next) => {
    try {
        await EventTicket.update({ status: "claimed" }, {
            where: { id: req.params.id }
        });
        res.status(200).json({ message: "Ticket has been claimed" });
    } catch (error) {
        next(error);
    }
});

The route accepts a ticket ID (:id) and updates the status of that ticket to "claimed."
The authorization middleware ensures the user is authorized to claim the ticket.
After successfully updating the status, the server responds with a 200 OK and a success message.

Delete an Event Ticket (DELETE /tickets/:id) This route allows the user to delete a specific event ticket.

Code:
javascript
Copy code
app.delete('/tickets/:id', authorization, async (req, res, next) => {
try {
await EventTicket.destroy({ where: { id: req.params.id } });
res.status(200).json({ message: "Ticket has been deleted" });
} catch (error) {
next(error);
}
});

The ticket is deleted based on its ID.
The authorization middleware ensures that only the rightful owner of the ticket can delete it.
After successful deletion, a 200 OK status is returned along with a confirmation message.

Middlewares For Baby Programmers

Stillnoturdad — Sun, 22 Sep 2024 18:15:13 +0000

In a secure web application, it's crucial to ensure that only authenticated users can access certain routes. Additionally, specific actions, such as modifying or deleting data, should only be allowed for users with proper permissions. This is where authentication and authorization come into play.

In this article, we’ll break down a simple implementation of authentication and authorization middleware in a Node.js application using Express.

1. Authentication Middleware

Authentication is the process of verifying that a user is who they claim to be. In this example, we use a JWT (JSON Web Token) to validate the user's identity before they can access protected routes.

const authentication = async (req, res, next) => {
    try {
        let { authorization } = req.headers;
        if (!authorization) throw { name: "InvalidToken" }; // No token provided

        const [bearer, token] = authorization.split(" ");
        if (bearer !== "Bearer") throw { name: "InvalidToken" }; // Invalid token format

        const payload = verifyToken(token); // Verify the token and get user data
        const member = await Member.findByPk(payload.id); // Find the user in the database

        if (!member) throw { name: "InvalidToken" }; // No matching user found

        req.member = { id: member.id }; // Attach user data to the request
        next(); // Pass to the next middleware or route handler
    } catch (error) {
        next(error); // Handle errors
    }
};

The token is expected to be in the Authorization header (formatted as Bearer token).
The middleware verifies if the token is present and properly formatted.
Using verifyToken(), it checks if the token is valid and decodes the user's data.
The user's ID from the token payload is used to find them in the database.
If successful, the user's ID is attached to the request (req.member), allowing other routes to know who the user is.
If the token is missing, invalid, or the user doesn’t exist, an error is thrown.

2. Authorization Middleware

Authorization controls what actions an authenticated user is allowed to perform. In this case, the authorization middleware ensures that a user can only interact with tickets they own.

const authorization = async (req, res, next) => {
    try {
        let recipientId = req.member.id; // The authenticated user's ID
        let ticketId = req.params.id; // The ticket ID from the request

        let ticket = await EventTicket.findByPk(ticketId); // Find the ticket in the database
        if (!ticket) throw { name: "Custom", status: 404, message: "Ticket not found" }; // If ticket doesn't exist
        if (recipientId !== ticket.recipientId) throw { name: "Unauthorized" }; // If user doesn't own the ticket

        next(); // If authorized, proceed to the next middleware or route handler
    } catch (error) {
        next(error); // Handle errors
    }
};

The middleware retrieves the authenticated user’s ID (req.member.id) and the ticket ID from the request parameters (req.params.id).
It checks if the ticket exists in the database.
It ensures that the logged-in user (the recipient) is the owner of the ticket. If the user doesn’t own the ticket, an "Unauthorized" error is thrown.
If the user is authorized, the middleware passes control to the next handler.

3. Error Handling Middleware

The error-handling middleware ensures that errors caught during the request lifecycle are properly handled and returned as responses.

app.use((error, req, res, next) => {
    let status = error.status || 500; // Default to 500 if status isn't provided
    let message = error.message || "Internal server error"; // Default message

    switch (error.name) {
        case "SequelizeValidationError":
        case "SequelizeUniqueConstraintError":
            status = 400;
            message = error.errors[0].message; // Handle Sequelize validation errors
            break;
        case "InvalidToken":
        case "JsonWebTokenError":
            status = 401;
            message = "Invalid token"; // Handle token errors
            break;
        case "Unauthorized":
            status = 403;
            message = "You are not authorized"; // Handle unauthorized access
            break;
    }
    res.status(status).json({ message }); // Send error response
});

How It Works:
This middleware catches any errors passed down by the next(error) function.
Depending on the error type, it sets the appropriate status code (e.g., 401 for invalid tokens, 403 for unauthorized actions, etc.).
A relevant message is returned to the client, helping users understand what went wrong.

Implementing Registration and Login

Stillnoturdad — Sun, 22 Sep 2024 18:06:11 +0000

Implementing Member Registration and Login in a Node.js Application
In modern web applications, user registration and authentication are fundamental functionalities. In this article, we'll go over how to implement member registration and login using a simple Node.js Express API. We'll be focusing on creating secure user accounts and handling authentication using JWT (JSON Web Token).

Member Registration (POST /register) When a new user registers for your platform, the registration route is responsible for securely creating a new user record in the database. This involves capturing the user's details (such as email and password) and saving them after hashing the password for security purposes.

// Member Registration: POST /register
app.post('/register', async (req, res, next) => {
    try {
        let { email, password } = req.body;

        // Create new member with email and password
        let member = await Member.create({ email, password });

        // Return the new member's ID and email
        res.status(201).json({ id: member.id, email: member.email });
    } catch (error) {
        // Handle errors and pass to error middleware
        next(error);
    }
});

How It Works:
Request Body: The API expects an email and password in the request body.
Member Creation: The Member.create() function creates a new user in the database with the provided email and password.
Response: Upon successful registration, the response returns the new member's id and email with an HTTP status code of 201 (Created).
This route ensures that user data is securely saved and password hashing is implemented behind the scenes (not shown here, but typically done using libraries like bcryptjs).

Member Login (POST /login) The login route allows an existing user to authenticate by providing their email and password. After validating the credentials, a JWT token is generated and returned to the user, which they can use to authenticate subsequent requests.

Code Breakdown:

// Member Login: POST /login
app.post('/login', async (req, res, next) => {
    try {
        let { email, password } = req.body;

        // Check if email and password are provided
        if (!email) throw ({ name: "Custom", message: "Email is required" });
        if (!password) throw ({ name: "Custom", message: "Password is required" });

        // Find the member by email
        let member = await Member.findOne({ where: { email } });

        // Validate if the member exists and the password is correct
        if (!member || !comparePassword(password, member.password)) throw { name: "InvalidUser" };

        // Generate JWT token for the authenticated user
        res.status(200).json({ access_token: signToken({ id: member.id }) });
    } catch (error) {
        // Handle errors and pass to error middleware
        next(error);
    }
});

How It Works:

Request Body: The API expects the email and password in the request body.

Validation:
The code checks whether both email and password fields are present in the request.
It looks up the user in the database using the provided email. If no user is found or the password does not match, an error is thrown.

Password Comparison: The comparePassword() function (typically using bcryptjs) checks whether the provided password matches the hashed password stored in the database.

JWT Token Generation: If the credentials are valid, the signToken() function generates a JWT with the user's id as the payload. This token is sent back to the client in the response, and it can be used for subsequent authenticated requests.

ROUTER IS NOT THAT HARD THEY SAID

Stillnoturdad — Sun, 22 Sep 2024 18:01:23 +0000

Understanding app.js and router.js in a Node.js Application
When building a Node.js application, especially with frameworks like Express, it's important to organize your project efficiently. Two critical components of this structure are the app.js file and the router system. These components help manage the flow of requests and improve the maintainability of the codebase.

In this article, we’ll explore the roles of app.js and router.js, how they work together, and why they are important in building scalable and modular applications.

1. What is app.js?

The app.js file is the entry point of your Node.js application. It initializes the Express application, sets up middleware, and defines how requests are handled by routing them to different parts of the application.

const express = require('express');
const app = express();
const { Member, EventTicket, DiscountCode } = require("./models");
const { comparePassword } = require('./helpers/bcryptjs');
const { signToken, verifyToken } = require('./helpers/jwt');

app.use(express.urlencoded({ extended: true }));
app.use(express.json());

// Root Endpoint
app.get('/', (req, res) => {
  res.send('Welcome');
});

2. What is router.js?

The router.js file defines the application's routes and connects them to their respective controllers or handlers. This keeps the routing logic clean and modular, separating the core server logic (app.js) from the individual route definitions.
**
Key Responsibilities of router.js:**
Define the endpoints (routes) of the application.
Delegate the request handling to controllers or handler functions.
Support different HTTP methods such as GET, POST, PUT, DELETE, etc.
Enable modular routing by grouping related routes.

Example of router.js:

// AUTH 
router.post('/register', UserController.register);
router.post('/login', UserController.login);

module.exports = router;

Route Delegation: app.js directs incoming requests to the appropriate route using app.use(). The routes are defined in router.js and specify how the requests are handled.

Scalability: As your application grows, more routes and features will be added. Instead of placing all routes in app.js, they can be split into multiple files and grouped logically (e.g., userRouter.js, postRouter.js), improving maintainability and scalability.

4. Benefits of Using app.js and router.js
Separation of Concerns: Keeping route definitions separate from application logic results in cleaner and more maintainable code.
Easier Testing: With clear separation, it's easier to test routes independently without worrying about the rest of the application.
Modular Routing: Group related routes together, which is especially helpful as the application grows.

Conclusion
Both app.js and router.js are critical parts of a well-structured Node.js and Express application. app.js handles the initialization, middleware setup, and server configuration, while router.js defines the routing structure, connecting each endpoint to its corresponding controller or handler. This organization promotes cleaner, modular, and maintainable code that scales well as your application grows.

How to: AUTHENTICATION

Stillnoturdad — Sun, 22 Sep 2024 17:40:05 +0000

When building web applications, it's important to manage user authentication securely. Two essential libraries for this are:

bcryptjs – used to hash and compare passwords securely.
JSON web token – used to sign and verify JWT tokens for user authentication.

We will cover how to implement these two libraries in your Node.js application for secure password management and token-based authentication.

How to: Use bcryptjs and jsonwebtoken in Node.js
When building web applications, it's important to manage user authentication securely. Two essential libraries for this are:

1. Install the library:

Instal package

npm install bcryptjs

Now let me show you how to do the magic.

2 . Hashing and Compare Password Like A Pro

Same old, same old, make a new js file and always remember to require the package.

const { hashSync, compareSync } = require("bcryptjs");

module.exports = {
    hashPassword: (password) => hashSync(password), 
    comparePassword: (password, hashed) => compareSync(password, hashed
};

How it works:

hashSync(password): Hashes the user's password.
compareSync(password, hashedPassword): Compares the plain text password with the hashed version to validate user login.

3. Using jsonwebtoken for Token-Based Authentication

Install the package:

npm install jsonwebtoken

jsonwebtoken allows us to create a secure token (JWT) for each authenticated user. This token is sent to the client and can be used to authenticate the user on subsequent requests.

const { sign, verify } = require('jsonwebtoken');
const secretkey = "yoursecretkey"; // Secret key to sign the token

module.exports = {
    logToken: (payload) => log(payload, secretkey), // Create JWT token
    verifyToken: (token) => verify(token, secretkey)  // Verify JWT token
};

How it works:
signToken(payload): Creates a signed JWT with the given payload (e.g., user data) using a secret key.

verifyToken(token): Verifies the authenticity of the JWT token using the same secret key.

basic image

Stillnoturdad — Fri, 13 Sep 2024 00:48:27 +0000

CRUD USING STATIC METHOD

Stillnoturdad — Wed, 04 Sep 2024 01:57:58 +0000

Read data from databases

static async getAllProdHouse() {
    try {
      const index = `
      SELECT cn.*, ph."name_fromnameTable"
      FROM "ClassName2" cn
      JOIN "ClassName1" cI
      ON cn."ClassName1Id" = cI.id
      ORDER BY cn.dateoryear DESC/ASC
    `
      const {rows} = await pool.query(index);
      const object = Factory.bulkname(rows);

      return object;
    } catch (error) {
      throw error;
    }
  }
}

Create Data

static async createThings(name, Id) {
  try {
    let validation = this.validation(name);
    if (validation.length > 0) {
      throw validation;
    }
    const query = `
      INSERT INTO "ClassName2" ("name")
      VALUES ($1,) `;
    await pool.query(query, [name]);
  } catch (error) {
    throw error;

Delete Data

static async deleteTable(id) {
  try {
    const findCn = await this.findCnById(id);

    if (findCn.length === 0) {
      throw new Error("data cn not found");
    }

    const query = 'delete from "cn" where id = $1';

    await pool.query(query, [id]);
  } catch (error) {
    throw error;
  }
}

Find Data

static async findCnById(id) {
  try {
    const index = `
      SELECT cn.*, ph."name_fromnameTable"
      FROM "ClassName2" cn
      JOIN "ClassName1" cI
      ON cn."ClassName1Id" = cI.id
      WHERE cn.id = $1
    `;

    const { rows } = await pool.query(query, [id]);
    const instance = Factory.bulkCn(rows);

    return instance;
  } catch (error) {
    throw error;
  }
}

Update Data

static async updateCn(id, name) {
  try {
    let validation = this.validation(name, date);

    if (validation.length > 0) {
      throw validation;
    }

    const query = `
      UPDATE "Cn"
      SET "name" = $1,
          "date" = $2,

      WHERE "id" = $5
    `;

    await pool.query(query, [name, date id]);
  } catch (error) {
    throw error;
  }
}

Validation Data

static validation(name, date) {
  let errors = [];

  if (!name) {
    errors[0] = "name empty";
  }

  return errors;
}
}

Module.export = Model

How to read multiple value from web

Stillnoturdad — Tue, 03 Sep 2024 22:47:45 +0000

In Node.js, working with data often involves reading from files and inserting those data into databases. Below is how to read JSON data from a file, process it, and format it for a SQL INSERT statement:

Using fs.readFile method to read the contents of a file
Use JSON.parse to convert the JSON string into an object
Iterates over each element in the JSON array using .map(). Inside the .map() function, specific fields from each JSON object are restructured.

Example:
const dataEntries = JSON.parse(await fs.readFile('./filename.json', 'utf-8')) .map(element => { const { value1, value2 } = element; return('${value1}', '${value2}'); });

CONFIGURE EXPRESS WITH .EJS TEMPLATE

Stillnoturdad — Sun, 01 Sep 2024 19:30:10 +0000

Usually, I use the classic starter one.
Expressjs.com

const express = require('express')
const app = express()
const port = 3000

app.set('view engine', 'pug')
app.use(express.urlencoded({ extended: true }))
app.use('/', require("./routers"))

app.listen(port, () => {
    console.log(`YOU'RE IN ${port}`)
})

When you use the res.render('anyClassViewName') , Express will search for any .ejs file in your views directory and then render it.

Express.urlencoded is made to handle urlencoded payloads. You can use the { extended: true } option to deal with complex objects, arrays, and nested objects, or you can set it to 'false' for simpler data parsing.