feat(18-03): add profile routes, public setup endpoint, and auth middleware updates
- GET /api/users/:id/profile: public profile with public setups (no auth) - PUT /api/auth/profile: update own profile (requires auth) - GET /api/setups/:id/public: public setup view with items (no auth) - Auth middleware skips public profile and public setup GET endpoints - Register profileRoutes at /api/users in index.ts - Add getOrCreateUncategorized to category service (Rule 3 fix) - 10 route tests covering auth, public access, and 404 cases
This commit is contained in:
@@ -9,6 +9,8 @@ import {
|
||||
deleteApiKey,
|
||||
listApiKeys,
|
||||
} from "../services/auth.service.ts";
|
||||
import { updateProfile } from "../services/profile.service.ts";
|
||||
import { updateProfileSchema } from "../../shared/schemas.ts";
|
||||
|
||||
type Env = { Variables: { db?: any; userId?: number } };
|
||||
|
||||
@@ -69,4 +71,20 @@ app.delete("/keys/:id", requireAuth, async (c) => {
|
||||
return c.json({ ok: true });
|
||||
});
|
||||
|
||||
// ── Profile Update (protected) ──────────────────────────────────────
|
||||
|
||||
app.put(
|
||||
"/profile",
|
||||
requireAuth,
|
||||
zValidator("json", updateProfileSchema),
|
||||
async (c) => {
|
||||
const db = c.get("db");
|
||||
const userId = c.get("userId")!;
|
||||
const data = c.req.valid("json");
|
||||
const updated = await updateProfile(db, userId, data);
|
||||
if (!updated) return c.json({ error: "User not found" }, 404);
|
||||
return c.json(updated);
|
||||
},
|
||||
);
|
||||
|
||||
export const authRoutes = app;
|
||||
|
||||
21
src/server/routes/profiles.ts
Normal file
21
src/server/routes/profiles.ts
Normal file
@@ -0,0 +1,21 @@
|
||||
import { Hono } from "hono";
|
||||
import { parseId } from "../lib/params.ts";
|
||||
import { getPublicProfile } from "../services/profile.service.ts";
|
||||
|
||||
type Env = { Variables: { db?: any; userId?: number } };
|
||||
|
||||
const app = new Hono<Env>();
|
||||
|
||||
// GET /:id/profile — Public profile (no auth required)
|
||||
app.get("/:id/profile", async (c) => {
|
||||
const db = c.get("db");
|
||||
const id = parseId(c.req.param("id"));
|
||||
if (!id) return c.json({ error: "Invalid user ID" }, 400);
|
||||
|
||||
const profile = await getPublicProfile(db, id);
|
||||
if (!profile) return c.json({ error: "User not found" }, 404);
|
||||
|
||||
return c.json(profile);
|
||||
});
|
||||
|
||||
export { app as profileRoutes };
|
||||
@@ -8,6 +8,7 @@ import {
|
||||
} from "../../shared/schemas.ts";
|
||||
import { parseId } from "../lib/params.ts";
|
||||
import { withImageUrls } from "../services/storage.service.ts";
|
||||
import { getPublicSetupWithItems } from "../services/profile.service.ts";
|
||||
import {
|
||||
createSetup,
|
||||
deleteSetup,
|
||||
@@ -40,6 +41,16 @@ app.post("/", zValidator("json", createSetupSchema), async (c) => {
|
||||
return c.json(setup, 201);
|
||||
});
|
||||
|
||||
// Public setup view (no auth required — skipped in index.ts middleware)
|
||||
app.get("/:id/public", async (c) => {
|
||||
const db = c.get("db");
|
||||
const id = parseId(c.req.param("id"));
|
||||
if (!id) return c.json({ error: "Invalid setup ID" }, 400);
|
||||
const setup = await getPublicSetupWithItems(db, id);
|
||||
if (!setup) return c.json({ error: "Setup not found" }, 404);
|
||||
return c.json(setup);
|
||||
});
|
||||
|
||||
app.get("/:id", async (c) => {
|
||||
const db = c.get("db");
|
||||
const userId = c.get("userId")!;
|
||||
|
||||
Reference in New Issue
Block a user