Essential backend functionality, including logins.

api/controllers/bookController.js

@@ -0,0 +1,49 @@
+'use strict';
+
+const mongoose = require('mongoose'),
+  Book = mongoose.model('Book');
+
+exports.list_all = function(req, res) {
+  Book.find({}, function(error, books) {
+    if (error) res.status(400).send(error);
+    else res.json(books);
+  });
+};
+
+exports.create = function(req, res) {
+  // TODO authenticate
+  const book = new Book(req.body);
+  book.save(function(error, book) {
+    if (error) res.status(400).send(error);
+    else res.json(book);
+  });
+};
+
+exports.get = function(req, res) {
+  Book.findById(req.params.bookId, function(error, book) {
+    if (error) res.status(400).send(error);
+    else res.json(book);
+  });
+};
+
+exports.update = function(req, res) {
+  Book.findOneAndUpdate({
+    _id: req.params.bookId
+  }, req.body, {
+    new: true
+  }, function(error, book) {
+    if (error) res.status(400).send(error);
+    else res.json(book);
+  });
+};
+
+exports.delete = function(req, res) {
+  Book.remove({
+    _id: req.params.bookId
+  }, function(error, book) {
+    if (error) res.status(400).send(error);
+    else res.json({
+      message: 'Book ' + book.title + ' deleted'
+    });
+  });
+};

api/controllers/borrowController.js

@@ -0,0 +1,75 @@
+'use strict';
+
+const mongoose = require('mongoose');
+const User = mongoose.model('User'),
+  Book = mongoose.model('Book');
+
+exports.list_all = function(req, res) {
+  res.json(req.user.borrowing);
+};
+
+exports.update = function(req, res) {
+  Book.findOne({
+    _id: req.body.bookId
+  }).then((book) => {
+    if (!book) {
+      res.status(400).send("Book not found.");
+    } else {
+      // TODO check that the book isn't already borrowed
+      req.user.borrowing.push({
+        bookId: book._id,
+        date: Date.now()
+      });
+      User.findOneAndUpdate({
+        _id: req.user._id
+      }, req.user, {
+        useFindAndModify: false
+      }).exec();
+      book.amount_loaned += 1;
+      Book.findOneAndUpdate({
+        _id: book._id
+      }, book, {
+        useFindAndModify: false
+      }).exec();
+      res.json(req.user.borrowing);
+    }
+  });
+};
+
+// TODO
+exports.delete = function(req, res) {
+  Book.findOne({
+    _id: req.body.bookId
+  }).then((book) => {
+    if (!book) {
+      res.status(400).send("Book not found.");
+    } else {
+      let isBookLoaned = false;
+      for (let i = 0; i < req.user.borrowing.length; i++) {
+        const b = req.user.borrowing[i];
+        console.log(`${typeof b.bookId}, ${typeof book.id}`);
+        if (b.bookId.toString() === book.id) {
+          console.log(`${b.bookId}, ${book._id}`);
+          req.user.borrowing.splice(i, 1);
+          isBookLoaned = true;
+        }
+      }
+      if (isBookLoaned) {
+        User.findOneAndUpdate({
+          _id: req.user._id
+        }, req.user, {
+          useFindAndModify: false
+        }).exec();
+        book.amount_loaned -= 1;
+        Book.findOneAndUpdate({
+          _id: book._id
+        }, book, {
+          useFindAndModify: false
+        }).exec();
+        res.json(req.user.borrowing);
+      } else {
+        res.status(400).send("You haven't loaned this book.")
+      }
+    }
+  });
+};

api/controllers/userController.js

@@ -0,0 +1,86 @@
+'use strict';
+
+const mongoose = require('mongoose'),
+  User = mongoose.model('User'),
+  bcrypt = require('bcrypt');
+const saltRounds = 10; // TODO make this configurable.
+
+exports.list_all = function(req, res) {
+  User.find({}, function(err, users) {
+    if (err) res.status(400).send(err);
+    else res.json(users);
+  });
+};
+
+exports.create = function(req, res) {
+  User.findOne({
+    "username": req.body.username
+  }, function(err, user) {
+    if (err) res.status(400).send(err);
+    else if (user) res.status(400).send("User with that username already exists.");
+    else { // user doesn't exist, allow creation of new one
+      const user = new User(req.body);
+      bcrypt.hash(user.password, saltRounds, function(err, hash) {
+        if (err) res.status(500).send(err);
+        else {
+          user.password = hash;
+          user.save(function(err, user) {
+            if (err) res.status(400).send(err);
+            else res.json(user);
+          });
+        }
+      });
+    }
+  });
+};
+
+exports.get = function(req, res) {
+  User.findById(req.params.userId, function(error, user) {
+    if (error) res.status(400).send(error);
+    else res.json(user);
+  });
+};
+
+exports.update = function(req, res) {
+  function updateUser(newUser) {
+    User.findOneAndUpdate({
+      _id: req.params.userId
+    }, req.body, {
+      new: true,
+      useFindAndModify: false
+    }, function(error, user) {
+      if (error) res.status(400).send(error);
+      res.json(user);
+    });
+  }
+
+  if (req.body.password) {
+    req.body.password = bcrypt.hash(req.body.password, saltRounds).then(hash => {
+      req.body.password = hash;
+      updateUser(req.body);
+    });
+  } else {
+    updateUser(req.body);
+  }
+};
+
+exports.delete = function(req, res) {
+  User.findById(req.params.userId, function(error, user) {
+    if (error) {
+      res.status(400).send(error);
+    } else if (user.loaning.length > 0) {
+      res.status(403).json({
+        message: 'User ' + user.username + ' must return books before deletion.'
+      })
+    } else {
+      User.deleteOne({
+        _id: req.params.userId
+      }, function(error) {
+        if (error) res.status(400).send(error);
+        else res.json({
+          message: 'User deleted.'
+        });
+      });
+    }
+  });
+};