-
Notifications
You must be signed in to change notification settings - Fork 201
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added middleware for subscribe API #1102
base: develop
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Nit:- can you please connect issue ticket in description |
middlewares/validators/challenges.js
Outdated
@@ -17,6 +17,22 @@ const createChallenge = async (req, res, next) => { | |||
} | |||
}; | |||
|
|||
const subscribeToChallenge = async (req, res, next) => { | |||
const schema = joi.object().strict().keys({ | |||
userId: joi.string().guid({ version: 'uuidv4' }).required(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please explain why you used version: 'uuidv4'
?
because I am not seeing it is used anywhere in backend repo validator file
cc: @heyrandhir @RitikJaiswal75
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We actually dont need this here. @arpit01923 Could you point me to the file where we are using uuid in userid?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write tests where you return bad request error for something that does not follow the schema
middlewares/validators/challenges.js
Outdated
@@ -17,6 +17,22 @@ const createChallenge = async (req, res, next) => { | |||
} | |||
}; | |||
|
|||
const subscribeToChallenge = async (req, res, next) => { | |||
const schema = joi.object().strict().keys({ | |||
userId: joi.string().guid({ version: 'uuidv4' }).required(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We actually dont need this here. @arpit01923 Could you point me to the file where we are using uuid in userid?
middlewares/validators/challenges.js
Outdated
const subscribeToChallenge = async (req, res, next) => { | ||
const schema = joi.object().strict().keys({ | ||
userId: joi.string().guid({ version: 'uuidv4' }).required(), | ||
challengeId: joi.string().guid({ version: 'uuidv4' }).required(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not just keep the id as string? to compare that id is unique we need some some other userIds, but since here a single user id is being passed we are ok considering the user id as string.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok got it @RitikJaiswal75, removed uuid from validator
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write the tests for the validator written
|
||
router.get("/", authenticate, challenges.fetchChallenges); | ||
router.post("/", authenticate, createChallenge, challenges.createChallenge); | ||
router.post("/subscribe", authenticate, challenges.subscribeToChallenge); | ||
router.post("/subscribe", authenticate, subscribeToChallenge, challenges.subscribeToChallenge); |
Check failure
Code scanning / CodeQL
Missing rate limiting High
authorization
This route handler performs
authorization
This route handler performs
authorization
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please add test case coverage stats
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a picture of coverage that shows, how many lines of code were covered and branches are covered.
middlewares/validators/challenges.js
Outdated
next(); | ||
} catch (error) { | ||
logger.error(`Error validating subscribeToChallenge payload : ${error}`); | ||
res.boom.badRequest(error.details[0].message); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @arpit01923, sending the exact error message to the end user might be harmful and can expose critical information on the backend Making us prone to external threats.
We already have a response saved in constants file which can be used here to send back to the end user.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
error message changed
test/unit/models/challenges.test.js
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please write a test for the middleware in tests/unit/middleware.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added middleware for /challenge/subscribe API. So that -
Issue - #1017