Merge pull request #54 from 9roomMoa/refactor6

[REFACTOR#6] 스키마 수정 및 우선순위 변경 + 인증 미들웨어 모든 라우터에 적용

Author: swoo0514

src/controllers/comment-controller.js

@@ -4,9 +4,9 @@ const commentValidation = require('../validation/comment-validation.js');
 
 exports.searchComments = async (req, res) => {
   try {
-    const { userId } = req.body;
     const { tid } = req.params;
     const { keyword } = req.query;
+    const userId = req.user?.sub;
 
     if (!userId || !tid) {
       return res.status(StatusCodes.BAD_REQUEST).json({
@@ -15,12 +15,12 @@ exports.searchComments = async (req, res) => {
       });
     }
 
-    if (!keyword || keyword.trim() === '') {
-      return res.status(StatusCodes.BAD_REQUEST).json({
-        success: false,
-        message: 'there is no keyword',
-      });
-    }
+    // if (!keyword || keyword.trim() === '') {
+    //   return res.status(StatusCodes.BAD_REQUEST).json({
+    //     success: false,
+    //     message: 'there is no keyword',
+    //   });
+    // }
 
     const comments = await commentService.searchComments(keyword, tid, userId);
 
@@ -52,6 +52,7 @@ exports.createComment = async (req, res) => {
     const { error, value } = commentValidation.creatingSchema.validate(
       req.body
     );
+    const userId = req.user?.sub;
 
     if (!tid) {
       return res.status(StatusCodes.BAD_REQUEST).json({
@@ -67,7 +68,7 @@ exports.createComment = async (req, res) => {
       });
     }
 
-    const commentData = { taskId: tid, ...value };
+    const commentData = { commenterId: userId, taskId: tid, ...value };
 
     const comment = await commentService.createComment(commentData);
 
@@ -88,7 +89,7 @@ exports.createComment = async (req, res) => {
 exports.getComments = async (req, res) => {
   try {
     const { tid } = req.params;
-    const { userId } = req.body;
+    const userId = req.user?.sub;
 
     if (!userId || !tid) {
       return res.status(StatusCodes.BAD_REQUEST).json({
@@ -119,9 +120,9 @@ exports.updateComment = async (req, res) => {
     const { error, value } = commentValidation.updatingSchema.validate(
       req.body
     );
+    const userId = req.user?.sub;
 
     if (!tid || !cid) {
-      console.log(tid, cid);
       return res.status(StatusCodes.BAD_REQUEST).json({
         success: false,
         message: 'taskId or commentId omitted',
@@ -137,7 +138,7 @@ exports.updateComment = async (req, res) => {
       });
     }
 
-    const { userId, ...updateData } = value;
+    const updateData = value;
     const result = await commentService.updateComment(
       userId,
       tid,
@@ -162,7 +163,8 @@ exports.updateComment = async (req, res) => {
 exports.deleteComment = async (req, res) => {
   try {
     const { tid } = req.params;
-    const { userId, commentId } = req.body;
+    const { commentId } = req.body;
+    const userId = req.user?.sub;
 
     if (!tid || !userId) {
       res.status(StatusCodes.BAD_REQUEST).json({

src/controllers/docs-controller.js

@@ -4,15 +4,14 @@ const docsService = require('../services/docs-service');
 exports.postDocument = async (req, res) => {
   try {
     const { tid } = req.params;
-    const { userId } = req.body;
+    const { userId } = req.user?.sub;
 
     if (!tid || !userId) {
       return res.status(StatusCodes.BAD_REQUEST).json({
         success: false,
         message: 'TaskId or userId omitted',
       });
     }
-    console.log('✅ Received File:', req.file);
 
     if (!req.file) {
       return res.status(StatusCodes.BAD_REQUEST).json({
@@ -40,7 +39,7 @@ exports.postDocument = async (req, res) => {
 exports.getDocuments = async (req, res) => {
   try {
     const { tid } = req.params;
-    const { userId } = req.body;
+    const userId = req.user?.sub;
 
     if (!tid) {
       return res.status(StatusCodes.BAD_REQUEST).json({
@@ -83,14 +82,23 @@ exports.getDocuments = async (req, res) => {
 exports.downloadDocument = async (req, res) => {
   try {
     const { did } = req.params;
+    const userId = req.user?.sub;
+    if (!userId) {
+      return res.status(StatusCodes.BAD_REQUEST).json({
+        success: false,
+        message: 'userId omitted',
+      });
+    }
     if (!did) {
       return res.status(StatusCodes.BAD_REQUEST).json({
         success: false,
         message: 'documentId omitted',
       });
     }
 
-    return await docsService.downloadDocument(did, res);
+    const data = { userId, did };
+
+    return await docsService.downloadDocument(data, res);
   } catch (err) {
     console.error('❌ Error in downloadDocument Controller:', err.message);
     return res.status(StatusCodes.INTERNAL_SERVER_ERROR).json({
@@ -104,7 +112,7 @@ exports.searchDocuments = async (req, res) => {
   try {
     const { tid } = req.params;
     const { keyword } = req.query;
-    const { userId } = req.body;
+    const userId = req.user?.sub;
 
     if (!tid) {
       return res.status(StatusCodes.BAD_REQUEST).json({

src/controllers/project-controller.js

@@ -12,12 +12,14 @@ exports.createProject = async (req, res) => {
     if (error) {
       return res.status(StatusCodes.BAD_REQUEST).json({
         success: false,
-        message: 'Invalid input data: ' + error.details,
+        message:
+          'Invalid input data: ' +
+          error.details.map((d) => d.message).join(', '),
       });
     }
 
     const projectData = {
-      createdBy: req.user?.id || value.createdBy,
+      createdBy: req.user?.sub,
       ...value,
     };
 
@@ -52,7 +54,8 @@ exports.patchProject = async (req, res) => {
     const { error, value } =
       projectValidation.updateProjectValidationSchema.validate(req.body);
 
-    const { userId, ...updateData } = value;
+    const userId = req.user?.sub;
+    const updateData = value;
 
     if (error) {
       return res.status(StatusCodes.BAD_REQUEST).json({

src/middlewares/verify-token.js

@@ -13,7 +13,6 @@ exports.verifyToken = (req, res, next) => {
   try {
     const decoded = jwt.verify(token, process.env.JWT_SECRET);
     req.user = decoded;
-    console.log(req.user);
     next();
   } catch (err) {
     console.error(err.message);

src/models/Project.js

@@ -13,9 +13,10 @@ const projectSchema = new mongoose.Schema(
     startDate: { type: Date, required: true },
     dueDate: { type: Date, required: true },
     scope: { type: String, enum: ['Public', 'Team'], default: 'Team' },
+    priority: { type: Number, min: 0, max: 4, default: 0 },
     status: {
       type: String,
-      enum: ['To Do', 'In Progress', 'Done'],
+      enum: ['To Do', 'In Progress', 'Done', 'Issue'],
       default: 'To Do',
     },
   },

src/models/Task.js

@@ -6,14 +6,14 @@ const taskSchema = new mongoose.Schema(
     description: { type: String, required: true },
     status: {
       type: String,
-      enum: ['To Do', 'In Progress', 'Done'],
+      enum: ['To Do', 'In Progress', 'Done', 'Issue'],
       default: 'To Do',
     },
     priority: {
       type: Number,
-      min: 1,
-      max: 5,
-      default: 5,
+      min: 0,
+      max: 4,
+      default: 0,
     },
     project: {
       type: mongoose.Schema.Types.ObjectId,

src/models/User.js

@@ -33,18 +33,8 @@ const userSchema = new mongoose.Schema(
     role: { type: String, enum: ['Admin', 'Member'], default: 'Member' },
     rank: {
       type: String,
-      enum: [
-        'Intern',
-        'Junior',
-        'Mid',
-        'Senior',
-        'Lead',
-        'Manager',
-        'Director',
-        'VP',
-        'CEO',
-      ], // 직급 정의
-      default: 'Junior', // 기본값 설정
+      enum: ['인턴', '사원', '주임', '대리', '과장', '차장', '부장', '팀장'], // 직급 정의
+      default: '인턴', // 기본값 설정
     },
   },
   { timestamps: true }

src/routes/docs-route.js

@@ -2,7 +2,12 @@ const express = require('express');
 
 const router = express.Router();
 const docsController = require('../controllers/docs-controller');
+const authMiddleware = require('../middlewares/verify-token');
 
-router.get('/downloads/:did', docsController.downloadDocument);
+router.get(
+  '/downloads/:did',
+  authMiddleware.verifyToken,
+  docsController.downloadDocument
+);
 
 module.exports = router;

src/routes/project-route.js

@@ -1,9 +1,14 @@
 const express = require('express');
 const router = express.Router();
 const projectController = require('../controllers/project-controller');
+const authMiddleware = require('../middlewares/verify-token');
 
-router.post('/', projectController.createProject);
+router.post('/', authMiddleware.verifyToken, projectController.createProject);
 
-router.patch('/:pid', projectController.patchProject);
+router.patch(
+  '/:pid',
+  authMiddleware.verifyToken,
+  projectController.patchProject
+);
 
 module.exports = router;

src/services/comment-service.js

@@ -10,7 +10,7 @@ exports.searchComments = async (keyword, taskId, userId) => {
     if (!isAccessible) {
       throw new Error('You dont have privilege to access to comments');
     }
-    console.log(keyword);
+
     const comments = await Comment.find({
       taskId: taskId,
       content: { $regex: keyword, $options: 'i' },
@@ -25,6 +25,18 @@ exports.searchComments = async (keyword, taskId, userId) => {
 
 exports.createComment = async (commentData) => {
   try {
+    const isExistingTask = await taskUtil.isExistingResource(
+      Task,
+      commentData.taskId
+    );
+    if (!isExistingTask) {
+      throw new Error('Invalid TaskId');
+    }
+    if (
+      !(await taskUtil.scopeChecker(commentData.commenterId, isExistingTask))
+    ) {
+      throw new Error('You dont have privilege to create comment');
+    }
     if (commentData.parentId) {
       const isChildComment = await Comment.findById(commentData.parentId);
       if (!isChildComment) {