ananto30 / golpo-express Goto Github PK

Context

We want to show author image with the post.

Task

• Add author_image in Post model.
• When creating the post add author_image from the userMeta.image or user.google_picture.

Context

As we are parsing url and save its data, we need to show that information in the response and replace the existing format.

Task

• /api/post GET and /api/post/user/:username GET should return the following fields -
  • author
  • url
  • title
  • description
  • image
  • site_name
  • favicon
  • created_at
  • commentCount: int
  • loveCount: int
  • tags: array
• /api/post/:id should return the following fields
  • author
  • url
  • title
  • description
  • image
  • site_name
  • favicon
  • created_at
  • comments: array
  • loves: array
  • tags: array

currently all the input validations and sanitization is being done manually in each controller.

I would like to propose a middleware that takes care of validation and sanitization according to a schema as required by the API.

Context

In frontend we have tag filtering. So we want to show posts by tags.

Task

• In /api/post GET api, parse query param tags
• tags can be array.
• Filter the posts by tags.
• Create new function, please don't use getAllPosts

Context

We want simple configuration and fast response. SO LET'S DO IT 🚀

Context

Currently, there are some vulnerabilities in packages. If we do npm install we get the message 9 vulnerabilities (2 low, 6 moderate, 1 high). If we do npm audit we get this -

# npm audit report

braces  <2.3.1
Regular Expression Denial of Service - https://npmjs.com/advisories/786
No fix available
node_modules/braces
  micromatch  0.2.0 - 2.3.11
  Depends on vulnerable versions of braces
  Depends on vulnerable versions of parse-glob
  node_modules/micromatch
    anymatch  1.2.0 - 1.3.2
    Depends on vulnerable versions of micromatch
    node_modules/anymatch
      chokidar  1.0.0-rc1 - 2.1.8
      Depends on vulnerable versions of anymatch
      Depends on vulnerable versions of glob-parent
      node_modules/chokidar
        babel-cli  *
        Depends on vulnerable versions of chokidar
        node_modules/babel-cli

glob-parent  <5.1.2
Severity: moderate
Regular expression denial of service - https://npmjs.com/advisories/1751
No fix available
node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of anymatch
  Depends on vulnerable versions of glob-parent
  node_modules/chokidar
    babel-cli  *
    Depends on vulnerable versions of chokidar
    node_modules/babel-cli
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base
    parse-glob  >=2.1.0
    Depends on vulnerable versions of glob-base
    node_modules/parse-glob
      micromatch  0.2.0 - 2.3.11
      Depends on vulnerable versions of braces
      Depends on vulnerable versions of parse-glob
      node_modules/micromatch
        anymatch  1.2.0 - 1.3.2
        Depends on vulnerable versions of micromatch
        node_modules/anymatch

ini  <1.3.6
Prototype Pollution - https://npmjs.com/advisories/1589
fix available via `npm audit fix`
node_modules/fsevents/node_modules/ini

tar  <=4.4.17 || 5.0.0 - 5.0.9 || 6.0.0 - 6.1.8
Severity: high
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization - https://npmjs.com/advisories/1770
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning - https://npmjs.com/advisories/1771
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1779
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links - https://npmjs.com/advisories/1780
fix available via `npm audit fix`
node_modules/fsevents/node_modules/tar

10 vulnerabilities (3 low, 6 moderate, 1 high)

To address issues that do not require attention, run:
  npm audit fix

Some issues need review, and may require choosing
a different dependency.

Task

• Fix the dependency so there's no vulnerability

Context

People want to save/bookmark a post in their list. We should listen to them!

Task

• Add new model BookmarkPost with fields -
  • username
  • post_ids: array
• Add new endpoint /api/post/:postId/bookmark POST api
• Get the user from token and add the post_id in the model.
• Add new endpoint /api/post/bookmarks
• Get the user from token and get the list of post ids from the model, then get all the posts by the ids.

Context

We allow to love post by /api/post/:postId/love. So now we need to show that in the /api/post GET API

Task

• Count loves and add it as a field called loveCount in response of getAllPostsWithCommentCount. I think change the name of the method too 😅
• Add a new field isLovedByMe in the response.
• From token get user's username and check if the user in post's loves. If exists make isLovedByMe true, else false.

Context

Currently, there are no logs for errors. So it's hard to debug in production or even in dev.

Task

• Add a central logger to log errors.
• Or log where necessary.

Context

People can make mistakes, do wrong comments on the wrong posts. So we should allow them to delete that.

Task

• Add new endpoint /api/post/:postId/comment/:commentId/delete
• Add new controller method for deleteComment
• Check the tokenUser is the author of the comment, if not send 400 with errors = not allowed.
• Add new service method for deleteComment. The Post model has the comment in the array, so pop it carefully 😉

Context

As we will be allowing users to filter the posts with tags, we need to store tags somewhere and show them with the post to allow filtering in frontend.

Task

• Make a list of tags (can be a local list in a constants.js file)
  • Music
  • Game
  • Nature
  • Calm
  • Funny
  • Startup
  • Life
  • Travel
  • Food
  • Entrepreneurship
  • Education
  • Health
  • Love
  • Design
  • Writing
  • Technology
  • Self-Improvement
  • Business
  • Sports
  • Art
  • Open-Source
  • Programming
• In /model/post.model.js Post model add tags list (list of strings, from above tags).
• In /service/post.service.js add tags from request body.
• Add a new endpoint /api/post/tags to list all the tags.

Context

We want to show notifications to users when someone comments on their post.

Task

• Create Notification model containing -
  • post_id
  • username
  • comment_author
  • created_at
  • clicked
• When someone comments on a post, create a new Notification entry in db where post_id is the post where someone commented. username is whom's post someone commented. comment_author is the username of the commenter. created_at is the time.now() and clicked is false.
• Create an endpoint /api/notification/:username GET to get notifications of a user by username.
• Create an endpoint /api/notification/:id/clicked POST to make clicked true for the user. Please ensure that the token user and the clicked notification's username is same, otherwise throw error.

Context

We should not allow any adult link sharing in our community. So filter them.
Currently there is a filter that works for exact match. We need to fix it for checking any URL that contains an adult sites.

Task

• Fix current validator validateUrl in post.controller. The valid URL check is fine, but the adult one is not working without exact match. It should work if any url contains adult sites.
• If needed add this check inside the createPost method in post.controller
• Add more adult URLs in contstants.js file.

Context

We will allow users to love a post like Twitter.

Task

• In model/post.model.js Post model add new array loves
• In router/post.js add new POST endpoint /:postId/love
• Endpoint will take nothing in the body
• Get the user by token
• Add the username in Post model in service/post.service.js

Context

As we will only allow users to share links from now on, we will only take URL in /api/post POST request.

Task

• /api/post takes text in body, change it to 'url`.
• Strictly verify it's a URL.
• Put some backlisted domains like adult sites, just use a local array. If url domain in this list, send a error message "Adult contents are not allowed".

Context

We want to suggest users to the logged in user to follow. For now just suggest random people 😜

Task

• Make an API /api/user/suggest
• Get random 5 people from database, also ensure that those people are not already followed and not the user itself.

Context

We want a new feature "Follow" like Twitter.

Task

• User model will have two array fields following and followers.
• If user A follows user B, add user B's username in user A's following list and user A's username in user B's followers list.
• Endpoint will be under /api/user namespace - /api/user/follow POST.
• Verify request body only takes username
• If username exists in DB, do the saving as above 👆
  (Get the requesting user from token)

Context

As we will move to only link sharing, we need to extract the link's content called "Link Preview".

Task

• Add a method in service/post.service.js that will take parameter url and extract meta data from it.
• You can use libraries like https://www.npmjs.com/package/link-preview-js or follow tutorials like this - https://dev.to/orkhanjafarovr/generate-link-preview-cover-with-nodejs-22a
• We need at least these fields -
  • image
  • title
  • description
  • siteName
  • favicon
• If possible extract other relevant fields that can be used later.

Context

We want to show in frontend if the user has any chats unread. So we need an endpoint where user will send that he already seen that chat.

Task

• Add new api /api/chat/:receiver/:chatId/seen in routes and controller. The api takes no body.
• Conversation model has a field called seen, implement a chatSeen function in conversation.service that store the chat id's seen true for the specific receiver. Get the sender user by token.

Context

We want to show simple user feed for now. As we are supporting following users from now, we want to prioritize following users post in the feed.

Task

• Make an API /api/post/feed
• Get posts of the following users of the token user.
• If there's more than 50 post, return the response.
• If less than 50, get other users posts and append after the following users posts, then return.