From a39a87609cd46f2b46ffd23c65166fbac910f7b4 Mon Sep 17 00:00:00 2001
From: Mark Moffat <mark@192-168-1-115.tpgi.com.au>
Date: Sat, 15 Jun 2019 21:16:10 +0930
Subject: [PATCH] Exposing some more API endpoints and tests

---
 routes/customer.js | 28 +++++++++++++++++++++++-----
 routes/order.js    |  5 +++--
 test/test.js       | 32 +++++++++++++++++++++++++++++++-
 3 files changed, 57 insertions(+), 8 deletions(-)

diff --git a/routes/customer.js b/routes/customer.js
index 9b110b1..696936a 100644
--- a/routes/customer.js
+++ b/routes/customer.js
@@ -63,14 +63,19 @@ router.post('/customer/create', (req, res) => {
 router.get('/admin/customer/view/:id?', restrict, (req, res) => {
     const db = req.app.db;
 
-    db.customers.findOne({ _id: common.getId(req.params.id) }, (err, result) => {
+    db.customers.findOne({ _id: common.getId(req.params.id) }, (err, customer) => {
         if(err){
             console.info(err.stack);
         }
 
-        res.render('customer', {
+        // If API request, return json
+        if(req.apiAuthenticated){
+            return res.status(200).json(customer);
+        }
+
+        return res.render('customer', {
             title: 'View customer',
-            result: result,
+            result: customer,
             admin: true,
             session: req.session,
             message: common.clearSessionValue(req.session, 'message'),
@@ -87,7 +92,12 @@ router.get('/admin/customers', restrict, (req, res) => {
     const db = req.app.db;
 
     db.customers.find({}).limit(20).sort({ created: -1 }).toArray((err, customers) => {
-        res.render('customers', {
+        // If API request, return json
+        if(req.apiAuthenticated){
+            return res.status(200).json(customers);
+        }
+
+        return res.render('customers', {
             title: 'Customers - List',
             admin: true,
             customers: customers,
@@ -116,7 +126,15 @@ router.get('/admin/customers/filter/:search', restrict, (req, res, next) => {
         if(err){
             console.error(colors.red('Error searching', err));
         }
-        res.render('customers', {
+
+        // If API request, return json
+        if(req.apiAuthenticated){
+            return res.status(200).json({
+                customers
+            });
+        }
+
+        return res.render('customers', {
             title: 'Customer results',
             customers: customers,
             admin: true,
diff --git a/routes/order.js b/routes/order.js
index a8a5ffd..11041ec 100644
--- a/routes/order.js
+++ b/routes/order.js
@@ -135,7 +135,7 @@ router.get('/admin/orders/filter/:search', restrict, (req, res, next) => {
 router.get('/admin/order/delete/:id', restrict, (req, res) => {
     const db = req.app.db;
 
-    // remove the article
+    // remove the order
     db.orders.remove({ _id: common.getId(req.params.id) }, {}, (err, numRemoved) => {
         if(err){
             console.info(err.stack);
@@ -157,8 +157,9 @@ router.post('/admin/order/statusupdate', restrict, checkAccess, (req, res) => {
     db.orders.update({ _id: common.getId(req.body.order_id) }, { $set: { orderStatus: req.body.status } }, { multi: false }, (err, numReplaced) => {
         if(err){
             console.info(err.stack);
+            return res.status(400).json({ message: 'Failed to update the order status' });
         }
-        res.status(200).json({ message: 'Status successfully updated' });
+        return res.status(200).json({ message: 'Status successfully updated' });
     });
 });
 
diff --git a/test/test.js b/test/test.js
index e532d39..b1b6520 100644
--- a/test/test.js
+++ b/test/test.js
@@ -254,7 +254,7 @@ test.serial('[Success] Get orders', async t => {
     t.deepEqual(jsonData.orders.length, res.body.orders.length);
 });
 
-test.serial('[Fail] Try get orderes with a bogus apiKey', async t => {
+test.serial('[Fail] Try get orders with a bogus apiKey', async t => {
     const res = await request
         .get('/admin/orders')
         .set('apiKey', '123456789012345678901234')
@@ -304,3 +304,33 @@ test.serial('[Fail] Try create a duplicate customer', async t => {
 
     t.deepEqual(res.body.err, 'A customer already exists with that email address');
 });
+
+test.serial('[Success] Get customer list', async t => {
+    const res = await request
+        .get('/admin/customers')
+        .set('apiKey', users[0].apiKey)
+        .expect(200);
+
+    // Check the returned customers length
+    t.deepEqual(2, res.body.length);
+});
+
+test.serial('[Success] Filter customers', async t => {
+    const res = await request
+        .get('/admin/customers')
+        .set('apiKey', users[0].apiKey)
+        .expect(200);
+
+    // Check the returned customers length
+    t.deepEqual(2, res.body.length);
+});
+
+test.serial('[Success] Get single customer', async t => {
+    const res = await request
+        .get('/admin/customer/view/' + customers[0]._id)
+        .set('apiKey', users[0].apiKey)
+        .expect(200);
+
+    // Check the returned customer matches ID
+    t.deepEqual(customers[0]._id.toString(), res.body._id);
+});