Redo data validation #17
Conversation
src/types/schema.json
Outdated
There was a problem hiding this comment.
can i leave this here?
src/routers/user.ts
Outdated
| @@ -41,15 +45,17 @@ userRouter.put('/', async (req, res) => { | |||
| console.error(`Error: ${e} - Status Code ${res.statusCode}`); | |||
| } | |||
| }); | |||
| */ | |||
There was a problem hiding this comment.
there isn't any spec for updating a user in the new schema. do we still want this router?
There was a problem hiding this comment.
Generally looks great. I think you might be able to move the AJV compilations to the tops of the files. You can remove all of the new Course() and friends calls, you will just pass the validated data right to the db. Then when checking for valid data and what not, make sure that when invalid data is given or required data is missing that a error response is sent. (some cases you check for valid data and respond properly but no response is given if the data is missing)
src/routers/course.ts
Outdated
| const checkPost = ajv.compile(schemas.CourseCreate); | ||
| const checkPut = ajv.compile(schemas.CourseUpdate); | ||
|
|
||
| const ERROR_RESPONSE = 'Course not found.'; | ||
|
|
||
| courseRouter.get('/:id', async (req, res) => { | ||
| try { | ||
| const id = req.params.id; | ||
| const userID = req.header('userID'); | ||
|
|
||
| if (id && userID) { |
There was a problem hiding this comment.
If you want to, you could invert this statement
if(!id || !userID) {
throw ...
}
// do normal stuff here
src/routers/semester.ts
Outdated
| // }; | ||
|
|
||
| // TODO: call db operation | ||
| res.status(200); // + .json(semester) |
There was a problem hiding this comment.
Need the else statement here as well (or invert the if statement and throw)
src/routers/semester.ts
Outdated
| res.send('Semester deleted'); | ||
| if (id && userID) { | ||
| // TODO: call db operation | ||
| res.status(200); |
There was a problem hiding this comment.
Need the else statement here
| } | ||
| if (!id || !userID) throw Error(`invalid ${id ? 'user' : 'course'} id`); | ||
|
|
||
| // TODO: call db operation |
There was a problem hiding this comment.
Add a note for the create methods that we will want to make sure that we set the body.ownerId property to userID as we don't want people to be able to create items for other people.
This branch strips out all dynamoose calls from the routers and adds data validation using AJV given our new shiny schema!