bump up coverage

app/Exceptions/Handler.php

@@ -9,6 +9,8 @@
 use Illuminate\Validation\UnauthorizedException;
 use Illuminate\Validation\ValidationException;
 use Throwable;
+use Tymon\JWTAuth\Exceptions\JWTException;
+use Tymon\JWTAuth\Exceptions\TokenInvalidException;
 
 class Handler extends ExceptionHandler
 {
@@ -46,7 +48,7 @@ public function render($request, Throwable $throwable)
             ], Response::HTTP_UNAUTHORIZED);
         }
 
-        if ($throwable instanceof \Tymon\JWTAuth\Exceptions\JWTException) {
+        if ($throwable instanceof JWTException || $throwable instanceof TokenInvalidException) {
             return response()->json([
                 'error' => $throwable->getMessage()
             ], Response::HTTP_UNAUTHORIZED);
@@ -62,6 +64,10 @@ public function render($request, Throwable $throwable)
             return response()->json(['error' => $throwable->getMessage()]);
         }
 
+        if ($throwable instanceof ApiException) {
+            return response()->json(['error' => $throwable->getMessage()], Response::HTTP_UNAUTHORIZED);
+        }
+
         return parent::render($request, $throwable);
     }
 }

app/Http/Controllers/AuthController.php

@@ -60,19 +60,19 @@ public function logout()
      */
     public function loginViaMagicLink(Request $request, LocationService $locationService)
     {
-        try {
-            $location = $locationService->getLocation($request);
-            $userEmailFromRequest = $request->get("email");
-
-            if (!$location && !$userEmailFromRequest) {
-                return response()->json([
-                    'action_required' => true,
-                    'required' => [
-                        'email' => 'Looks like this is your first time signing in with magiclink! Kindly provide your registered email for verification.',
-                    ]
-                ], Response::HTTP_UNPROCESSABLE_ENTITY);
-            }
+        $location = $locationService->getLocation($request);
+        $userEmailFromRequest = $request->get("email");
 
+        if (!$location && !$userEmailFromRequest) {
+            return response()->json([
+                'action_required' => true,
+                'required' => [
+                    'email' => 'Looks like this is your first time signing in with magiclink! Kindly provide your registered email for verification.',
+                ]
+            ], Response::HTTP_UNPROCESSABLE_ENTITY);
+        }
+
+        try {
             if (!$location && $userEmailFromRequest) {
                 $location = LocationService::getLocationByUserEmail($userEmailFromRequest);
 

app/Http/Controllers/CommentController.php

@@ -6,14 +6,16 @@
 
 use App\Exceptions\ApiException;
 use App\Models\Comment;
+use App\Models\Recipe;
 use Illuminate\Http\Request;
 use Illuminate\Support\Arr;
 use Illuminate\Support\Facades\Log;
 use Tymon\JWTAuth\Facades\JWTAuth;
+use Tymon\JWTAuth\JWT;
 
 class CommentController extends Controller
 {
-    public function addComment(Request $request)
+    public function addComment(Request $request, JWT $jwtAuth)
     {
         /** @phpstan-ignore-next-line */
         if ($user = JWTAuth::parseToken()->user()) {
@@ -26,19 +28,19 @@ public function addComment(Request $request)
                 try {
                     $comment = new Comment([
                         'user_id' => $user->getKey(),
-                        'recipe_id' => Arr::get($payload, 'resource-id'),
+                        'recipe_id' => Recipe::findOrFail(Arr::get($payload, 'resource-id')),
                         'comment' => Arr::get($payload, 'comment')
                     ]);
 
                     return response()->json(['created' => $comment->save()]);
                 } catch (\Exception $exception) {
                     Log::debug(
                         'comment creation failed.',
-                        ['error' => $exception, 'payload' => $payload]
+                        ['error' => $exception->getMessage(), 'payload' => $payload]
                     );
 
                     return response()->json([
-                        'error', 'There was an error processing this request. Please try again later.'
+                        'error' => 'There was an error processing this request. Please try again later.'
                     ], 400);
                 }
             }
@@ -50,22 +52,25 @@ public function addComment(Request $request)
     public function destroyComment(Request $request)
     {
         /** @phpstan-ignore-next-line */
-        if (JWTAuth::parseToken()->user()) {
-
+        if ($user = JWTAuth::parseToken()->user()) {
             $payload = $request->only(['comment-id']);
+            $comment = Comment::findOrFail($request->only(['comment-id']))->first();
 
-            try {
-                $comment = Comment::findOrFail($request->only(['comment-id']))->first();
-                return response()->json(['deleted' => $comment->delete()]);
-            } catch (\Exception $exception) {
-                Log::debug(
-                    'comment deletion failed.',
-                    ['error' => $exception, 'payload' => $payload]
-                );
+            if ($user->isSuper() || $user->ownsComment($payload['comment-id'])) {
+                try {
+                    return response()->json(['deleted' => $comment->delete()]);
+                } catch (\Exception $exception) {
+                    Log::debug(
+                        'comment deletion failed.',
+                        ['error' => $exception, 'payload' => $payload]
+                    );
 
-                return response()->json([
-                    'error' => 'There was an error processing this request. Please try again later.'
-                ], 400);
+                    return response()->json([
+                        'error' => 'There was an error processing this request. Please try again later.'
+                    ], 400);
+                }
+            } else {
+                throw new ApiException('You are not suthorized to perfrom this action.');
             }
         }
 

app/Models/Comment.php

@@ -5,10 +5,13 @@
 namespace App\Models;
 
 use Carbon\Carbon;
+use Illuminate\Database\Eloquent\Factories\HasFactory;
 use Illuminate\Database\Eloquent\Model;
 
 class Comment extends Model
 {
+    use HasFactory;
+
     /**
      * @var array<string>
      */

app/Models/User.php

@@ -308,4 +308,9 @@ public function getTiktokVideosAttribute(): Collection
 
         return collect(json_decode($tikTokUser->videos, true));
     }
+
+    public function ownsComment(int $commentId)
+    {
+        return Comment::findOrFail($commentId)->user_id == $this->getKey();
+    }
 }

app/Services/AuthService.php

@@ -7,6 +7,7 @@
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Auth;
+use Illuminate\Support\Facades\Log;
 
 class AuthService
 {
@@ -29,16 +30,19 @@ public function login(Request $request): \Illuminate\Http\JsonResponse
         return response()->json(['token' => $token], Response::HTTP_OK);
     }
 
-    /**
-     * @return \Illuminate\Http\JsonResponse|Response
-     */
-    public function logout()
+    public function logout(): \Illuminate\Http\JsonResponse|Response
     {
         try {
             Auth::logout();
-
             return response()->noContent();
         } catch (\Exception $exception) {
+            Log::info(
+                'Not found or Invalid Credentials.',
+                [
+                    'errorMsg' => $exception->getMessage()
+                ]
+            );
+
             return response()->json(
                 [
                     'Not found or Invalid Credentials.'