ksquareincmx / poc-chef-server Goto Github PK
View Code? Open in Web Editor NEWWanna order tortas? We gotcha covered fam!
License: MIT License
poc-chef-server's People
Contributors
Watchers
poc-chef-server's Issues
User sub-app policies
Implement filterRoles, onlyOwner, appendUser policies for the User sub-app.
See List of Current Events
As a user I want to be able to see the list of current events.
Constraints
- User must be logged in
Scenario 1
User tries to see the list of current events
System Response: shows the list current events
Request:
GET /api/v1/events?type=current
accept: application/json
Response:
HTTP 1.1 200 Ok
{
"events": [
{
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
}
]
}
Scenario 2
User tries to see the list of current events, but the user is
not logged in
System Response: notifies the user that is not logged in
Request:
GET /api/v1/events?type=current
accept: application/json
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to see the list of current events, but the service is not available
System Response: notifies the user that the service is not available
Request:
GET /api/v1/events?type=current
accept: application/json
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
Add typescript
Add typescript for static type-checking, configure scripts to start, build, run, etc the project using typescript
add: test strategy to backend
For the backend, we will be using mocha + chai + nyc.
update readme
We must keep the README file up to date. Please add the missing info
update types
Some functions don't have a return type, fix it. Other returns Promise<any> type and some variables don't have a defined type, put types
Add authProvider model
add OrderProduct model
Here's the UML diagram
Add user login
As user i want login with google account
Request
{
"idToken": "51z49fae-8b45-4gce-ba3r-fa44b72c71d4"
}
Response
HTTP 1.1 200 Ok
{
"id": "58f89fae-8b54-4cce-ba3b-fa44b72c71d4",
"email": "[email protected]",
"role": "user",
"authProviderId": "51z49fae-8b45-4gce-ba3r-fa44b72c71d4"
}
See List of Past Events
As a user I want to be able to see the list of past events.
Constraints
- User must be logged in
Scenario 1
User tries to see the list of past events
System Response: shows the list past events
Request:
GET /api/v1/events?type=past
accept: application/json
Response:
HTTP 1.1 200 Ok
{
"events": [
{
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
}
]
}
Scenario 2
User tries to see the list of past events, but the user is
not logged in
System Response: notifies the user that is not logged in
Request:
GET /api/v1/events?type=past
accept: application/json
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to see the list of current events, but the service is not available
System Response: notifies the user that the service is not available
Request:
GET /api/v1/events?type=past
accept: application/json
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
Mark many events as finished
As a user, I want to be able to mark many events as finished.
Constraints
- User must be logged in
Scenario 1
Admin tries to mark many events as finished.
System Response: notifies the user that the events were marked as finished
Request:
POST /api/v1/events/actions
accept: application/json
{
"action": "mark_as_finished",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 200 Ok
Scenario 2
User tries to mark many events as finished, but the user is not logged in
System Response: notifies the user that is not logged in
Request:
POST /api/v1/events/actions
accept: application/json
{
"action": "mark_as_finished",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to mark many events as finished, but the service is not available
System Response: notifies the user that the service is not available
Request:
POST /api/v1/events/actions
accept: application/json
{
"action": "mark_as_finished",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
add: eslint configuration
extend prettier config
add EventOrder model
Mark many orders as paid
As a user I want to be able to mark many orders as paid.
Constraints
- User must be logged in
Scenario 1
Admin tries to mark many orders as paid.
System Response: notifies the user that the orders were marked as paid
Request:
PATH /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_paid",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 200 Ok
Scenario 2
User tries to mark many orders as paid, but the user is not logged in
System Response: notifies the user that is not logged in
Request:
PATH /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_paid",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to mark many orders as paid, but the service is not available
System Response: notifies the user that the service is not available
Request:
PATH /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_paid",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
Event Product Validation
Add a new validation to check if any of the products sent in the event exist in the product data source. This validation is used when creating and updating an order.
Add login for partners
With partner/ admin partner account I want to login with email and password.
Request
POST /v1/auth/login
{
"admin": "[email protected]",
"password": "adminpassword"
}
Response
HTTP 1.1 200 Ok
{
"id": "58f89fae-8b54-4cce-ba3b-fa44b72c71d4",
"email": "[email protected]",
"role": "admin partner"
}
Constraints:
- email is required, and must be valid
- password is required and must be valid
add: db support
Event Action Partner app accepts only one id
Event Action for the Partner app will only accept one UUID instead of an array of UUID.
add user model
Here's the UML diagram
Add docker file
Add docker file for development env and production enviroment
add: google login support
update order model
Here's the UML diagram
add product model
Here's the UML diagram
Refactor js files
Now Typescript is configurated, refactor code using Typescript features and change file extension from .js to .ts
Create Event
As a user I want to create a new event
Input data:
- event name
- start date
- end date
- start hour
- end hour
- poc chuc torta unitary price
- shrimp torta unitary price
Constraints:
- user must be logged in
- event name is required and must be a string
- start date is required and must be in epoch format, and cannot be before the current day
- end date is required, must be in epoch format and cannot be before start date
- start hour is required and must be in minutes (from 0 to 24 * 60)
- end hour is required, must be in minutes (from 0 to 24 * 60) and cannot be before start hour
- poc chuc torta unitary price must be a non-negative number
- shrimp torta unitary price must be a non-negative number
Scenario 1
user tries to create new user with the following data
- event name: Tortas app
- start date: today
- end date: tomorrow
- start hour: 10am
- end hour: 11am
- poc chuc torta unitary price: 10
- camaron torta unitary price: 12
System Response: notifies the user that the event was created
Request
POST /api/v1/events
Accept: application/json
{
"event_name": "Tortastic",
"start_date": 1000, // epoch,
"end_date": 1000, // epoch
"start_hour", 1000, // epoch
"end_hour": 1000,
"poc_chuc_torta_unitary_price": 10,
"shrimp_torta_unitary_price": 12,
}
Response
HTTP 1.1 201 Created
{
"id": "1",
"event_name": "Tortastic",
"start_date": 1000, // epoch,
"end_date": 1000, // epoch
"start_hour", 1000, // epoch
"end_hour": 1000,
"poc_chuc_torta_unitary_price": 10,
"shrimp_torta_unitary_price": 12,
}
Scenario 2: user inputs wrong data
the user tries to create a new event but inputs the wrong data,
Request
GET /api/v1/events
Accept: application/json
{
"event_name": "",
"start_date": -1000, // epoch,
"end_date": -1000, // epoch
"start_hour", -1000, // epoch
"end_hour": -999
}
Response
HTTP 1.1 400 Bad Request
{
"status": 400,
"message": "Bad Request",
"errors": [
{
"field": "event_name",
"error": "Is required"
}
]
}
Error List
- event name
- empty name: "Is required"
- start date:
- empty: "Is required"
- before current date: "Must be a future date"
- invalid format: "Must be epoch time"
- end date:
- empty: "Is required"
- before start date: "Must be after start date"
- invalid format: "Must be epoch time"
- start hour:
- empty: "Is required"
- not in the range (from 0 to 24 * 60): "Must be in the range from 0 to 24 * 60"
- invalid format: "Must be a number"
- end hour:
- empty: "Is required"
- before start hour: "Must be after start hour"
- not in the range (from 0 to 24 * 60): "Must be in the range from 0 to 24 * 60"
- invalid format: "Must be a number"
- poc chuc unitary price
- empty: "Is required"
- invalid format: "Must be a non-negative number"
Scenario 3: user is not authenticated (see #2)
Scenario 4: service is not available (see #2)
Implement Event Policy
Rn we don't have policies for the events. This is just a proposal, feel free to add new policies or change them
Create event
- only partners
Edit a particular event:
- only the partner that created the event
Cancel a particular event:
- only the partner that created that event
Mark event as finished
As and admin I want to be able to manually mark an event as finished (past)
Constraints
- Admin must be logged in
Scenario 1
Admin tries to mark an event as finished (past)
System Response: notifies the user that the event was marked as finished (past)
Request:
PUT /api/v1/events/1
accept: application/json
{
"event": {
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"finished": true
}
}
Response:
HTTP 1.1 200 Ok
{
"event": {
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"finished": true
}
}
Scenario 2
User tries to mark an event as finished (past), but the user is not logged in
System Response: notifies the user that is not logged in
Request:
PUT /api/v1/events/1
accept: application/json
{
"event": {
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"finished": true
}
}
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to mark an order as finished (past), but the service is not available
System Response: notifies the user that the service is not available
Request:
PUT /api/v1/events/1
accept: application/json
{
"event": {
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"finished": true
}
}
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
Register partner
This is a proposal.
As partner admin, I want to add new partners
Input data:
- password
- name
Constraints:
- Only God or Partner can add partners
- email is required, must be a string and must be unique
- password is required and must be a string
- name is required and must be a string
Scenario 1
partner admin tries to create new partner with the following data:
- email: [email protected]
- password: j4un
- name: Juan Perez
Note: exists a user with the same email
Request
POST /api/v1/register?type="partner"
Accept: application/json
{
"name": "Juan Perez",
"password": "j4un"
"email": "[email protected]"
}
Response
HTTP 1.1 400 Bad Request
{
"status": 400,
"message": "Bad Request",
"errors": [
{
"field": "email",
"error": "email in use"
}
]
}
Scenario 2
partner admin tries to create new partner with the following data:
- email: [email protected]
- password: j4un
- name: Juan Perez
Request
POST /api/v1/register?type="partner"
Accept: application/json
{
"name": "Juan Perez",
"password": "j4un"
"email": "[email protected]"
}
Response
HTTP 1.1 201 Created
{
"name": "Juan Perez",
"email": "[email protected]",
"role": partner
}
add: logger
add logger to increase errors visibility
Edit Event
As a user I want to edit an event
Input data:
- id
- event name
- start date
- end date
- start hour
- end hour
- poc chuc torta unitary price
- shrimp torta unitary price
Constraints:
- user must be logged in
- event id must correspond to an existing event
- event name is required and must be a string
- start date is required and must be in epoch format, and cannot be before the current day
- end date is required, must be in epoch format and cannot be before start date
- start hour is required and must be in minutes (from 0 to 24 * 60)
- end hour is required, must be in minutes (from 0 to 24 * 60) and cannot be before start hour
- poc chuc torta unitary price must be a non-negative number
- shrimp torta unitary price must be a non-negative number
- cannot modify an already finished event
Scenario 1
user tries to edit an existing event
- event name: Tortas app
- start date: today
- end date: tomorrow
- start hour: 10am
- end hour: 11am
- poc chuc torta unitary price: 10
- camaron torta unitary price: 12
System Response: notifies the user that the event was created
Request
POST /api/v1/events/1
Accept: application/json
{
"id": "1",
"event_name": "Tortastic",
"start_date": 1000, // epoch,
"end_date": 1000, // epoch
"start_hour", 1000, // epoch
"end_hour": 1000,
"poc_chuc_torta_unitary_price": 10,
"shrimp_torta_unitary_price": 12,
}
Response
HTTP 1.1 200 Ok
{
"id": "1",
"event_name": "Tortastic",
"start_date": 1000, // epoch,
"end_date": 1000, // epoch
"start_hour", 1000, // epoch
"end_hour": 1000,
"poc_chuc_torta_unitary_price": 10,
"shrimp_torta_unitary_price": 12,
}
Scenario 2: user inputs wrong data
the user tries to create a new event but inputs the wrong data,
Request
GET /api/v1/events/1
Accept: application/json
{
"id": "1",
"event_name": "",
"start_date": -1000, // epoch,
"end_date": -1000, // epoch
"start_hour", -1000, // epoch
"end_hour": -999
}
Response
HTTP 1.1 400 Bad Request
{
"status": 400,
"message": "Bad Request",
"errors": [
{
"field": "event_name",
"error": "Is required"
}
]
}
Error List
- event name
- empty name: "Is required"
- start date:
- empty: "Is required"
- before current date: "Must be a future date"
- invalid format: "Must be epoch time"
- end date:
- empty: "Is required"
- before start date: "Must be after start date"
- invalid format: "Must be epoch time"
- start hour:
- empty: "Is required"
- not in the range (from 0 to 24 * 60): "Must be in the range from 0 to 24 * 60"
- invalid format: "Must be a number"
- end hour:
- empty: "Is required"
- before start hour: "Must be after start hour"
- not in the range (from 0 to 24 * 60): "Must be in the range from 0 to 24 * 60"
- invalid format: "Must be a number"
- poc chuc unitary price
- empty: "Is required"
- invalid format: "Must be a non-negative number"
Scenario 3: event doesn't exist
*Response
HTTP 1.1 404 Not Found
{
"status": 404,
"message": "Not Found"
}
Scenario 4: event is already finished
*Response
HTTP 1.1 400
{
"status": 400,
"message": "Bad Request",
"reason": "Event has already finished"
}
Scenario 5: user is not authenticated (see #2)
Scenario 6: service is not available (see #2)
update order model
This is the current model:
Change it for this one:
Add domain errors
Adding domain errors for better handling the specifics errors
Add order tests
Add test cases related to the different OrderServices using Chai and Mocka.
datasource
EVENT and ORDER models.
setup for a db.
Add jwt
When users (partner or user) log in return jwt, the jwt must contains in the payload:
- user name
- user id
- user email
- user role
change interfaces names and var names
Some interfaces have the following names:
- IOrdersDTO
- IOrdersDAO
and others as the following:
- IOrdersDao
- IOrdersDto
pick one style and be consistent
Create Orders Servicer
Right now we are using memory as our primary storage mechanism, but that's gonna change in the future. To avoid further complications we need to implement a service to encapsulate the implementation details of any storage mechanism.
Here's the proposal:
Order Action Partner app accepts only one id
Order Action for the Partner app will only accept one UUID instead of an array of UUID.
Password for event creation visible in page source
While auditing the frontend source code of tortas-49b2a.firebaseapp.com with @seisvelas (a new Ksquare employee I'm studying with), we noticed that we were unable to create events without the password. When attempting to authenticate with an incorrect password we received the warning:
'you need the valid password ;)',
So we searched the page's source code for that error and encountered the following snippet:
if (this.eventForm.get('password').value != '[REDACTED]') {
this.ToastCtrl.create({
message: 'you need the valid password ;)',
.....
}
(Instead of [REDACTED], we found the password in plain text). We haven't included the password here, however it can easily be acquired by following the above process.
This seems like a nonideal approach, so I figured I should let y'all know!
Change the field "end_date" to "expiration_date"
"end_date" could be interpreted as the date it was marked finished. To keep things clear we are gonna use "expiration_date" instead.
Added API docs
Add API docs using swagger. See https://swagger.io/
Add index files
Missing services docs
Add documentation of the endpoints. See http://apidocjs.com/
See a particular current event
As an admin I want to see an event.
Constraints
- User must be logged in
Scenario 1
User tries to see an event by id
System Response: shows event
Request:
GET /api/v1/events/1
accept: application/json
Response:
HTTP 1.1 200 Ok
{
"event": {
"id": "1",
"name": "Tortas para la oficina",
"start_date": 10000, // epoch
"end_date": 20000, // epoch
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 2,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 2,
"total": 44,
"orders": [
{
"id": "1",
"full_name": "Juan Carlos",
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"paid": false
},
{
"id": "1",
"full_name": "Juan Carlos",
"poc_chuc_torta_unit_price": 10,
"poc_chuc_torta_amount": 1,
"shrimp_torta_unit_price": 12
"shrimp_torta_amount": 1,
"total": 22,
"paid": true
}
]
}
}
Scenario 2
User tries to see a specific event, but the user is not logged in
System Response: notifies the user that is not logged in
Request:
GET /api/v1/events/1
accept: application/json
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to see a specific event, but the service is not available
System Response: notifies the user that the service is not available
Request:
GET /api/v1/events/1
accept: application/json
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
Add policy to validate JWT
The policy must check that
- if the token expires
- if the token is early
- if the token is accepted by the domain
- if the token has the correct subject
rename data-related services to repository
example:
ordersService to ordersRepository
eventsService to eventsRepository
Mark many orders as cancelled
As a user, I want to be able to mark many orders as cancelled.
Constraints
- User must be logged in
Scenario 1
Admin tries to mark many orders as cancelled.
System Response: notifies the user that the orders were marked as cancelled
Request:
POST /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_cancelled",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 200 Ok
Scenario 2
User tries to mark many orders as cancelled, but the user is not logged in
System Response: notifies the user that is not logged in
Request:
POST /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_cancelled",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 401 Unauthorized
{
"code": "401",
"message": "Unauthorized"
}
Scenario 3
User tries to mark many orders as cancelled, but the service is not available
System Response: notifies the user that the service is not available
Request:
POST /api/v1/orders/actions
accept: application/json
{
"action": "mark_as_cancelled",
"ids": ["1", "2"]
}
Response:
HTTP 1.1 500 Internal Server Error
{
"code": "500",
"message": "Internal Server Error"
}
add EventOrderService
This is the UML diagram
Implement Order Policy
Right now we don't have policies for the orders. This is just a proposal, feel free to add new policies or change them
See all orders:
- only the ones the user has created
Create order
- only users
Edit a particular order
- only the user that created that order
Cancel an order
- only the user that created that order
- only not-paid orders
- only orders in current events (not past/cancelled)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.