completed both tasks #8
Conversation
|
|
||
| // All the given method require token. | ||
| // So be sure to check for it before doing any stuff | ||
| // HINT: Create a middleware for above :) | ||
|
|
||
| //ok lets create a middleware XD |
| catch(err){ | ||
| return false; | ||
| } | ||
| }; | ||
| const getAllToDo = async (req, res) => { |
There was a problem hiding this comment.
When I haven't created any todo, I get an empty array.
| try{ | ||
| const token = req.body.token || req.query.token || | ||
| req.headers["x-access-token"] || req.headers.token || | ||
| req.headers.authorization.split(' ')[1]; | ||
| if (!token) | ||
| return false; | ||
| else | ||
| return token; | ||
| } | ||
| catch(err){ | ||
| return false; |
There was a problem hiding this comment.
be specific with the message. If i dont give any token, I should get no token provided. If token is given, but invalid then message should be invalid token given.
| }; | ||
|
|
||
| const createToDo = async (req, res) => { | ||
| // Check for the token and create a todo | ||
| // or throw error correspondingly | ||
| const token = verification(req,res); | ||
| if(token != false){ |
There was a problem hiding this comment.
instead of token!=false, use simply token.
| createdBy: foundToken.user}); | ||
| newTodo.save(function(err){ | ||
| if(!err) | ||
| res.status(200).json({id: req.params.id, title: newTodo.title}) |
There was a problem hiding this comment.
Wrong details are being sent here. It will be newTodo._id
| } | ||
| else{ | ||
| res.status(401).json({detail: "No such user found!!"}) | ||
| } | ||
| }; | ||
|
|
||
| const createToDo = async (req, res) => { |
There was a problem hiding this comment.
able to create a todo with " ",
| }) | ||
| } | ||
| else | ||
| res.status(401).json({detail: "No such user found!!"}) | ||
| }; | ||
|
|
||
| const getParticularToDo = async (req, res) => { |
There was a problem hiding this comment.
I am able to access todo using other tokens. A major flaw. Seems middleware would need update.
| if(foundUsers){ | ||
| users = []; | ||
| foundUsers.forEach(function(user){ | ||
| users.push({ |
There was a problem hiding this comment.
I am not able to see which todo is created by whom by response only.
|
Marks: Authentication wasn't done properly which was the major reason. |
No description provided.