Dev #231
Dev #231
Conversation
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
This is a strong submission with a well-organized architecture. However, a few critical issues are preventing the application from being built and running correctly, so I am requesting some changes.
First, the project cannot be compiled because of the "noEmit": true setting in tsconfig.json. Please set this to false to allow TypeScript to generate the necessary JavaScript files.
Second, the database is configured to wipe all data on every restart due to sync({ force: true }) in src/db/db.ts. This prevents user data from being saved and breaks the core functionality.
Additionally, several key requirements are missing:
- The user is not logged in and redirected after activation (
src/controllers/reg.ctr.ts). - When a user's email is changed, a notification is not sent to their old email address (
src/controllers/acc.ctr.ts).
Please address these points to meet the project's requirements. You've built a solid foundation, and I'm confident you can resolve these issues.
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
src/controllers/helpers/helpers.ts
Outdated
| setTkn(TKN.ACC, accTkn.token, TOKEN_EXPIRY.access[1]), | ||
| setTkn(TKN.RFR, refTkn.token, TOKEN_EXPIRY.refresh[1]), |
There was a problem hiding this comment.
While using dot notation (TOKEN_EXPIRY.access) works here, it's less robust than using bracket notation (TOKEN_EXPIRY[TKN.ACC]). If the value of TKN.ACC ever changes to something that isn't a valid JavaScript identifier, this code will break. Using bracket notation is more consistent with how TKN is used elsewhere in the project and safer for future maintenance.
src/controllers/auth.ctr.ts
Outdated
| const user = await srv.usr.gbEm(email); | ||
|
|
||
| if (!user.activated) { | ||
| throw new RequestError('Invalid credentials', httpStatus.ua); |
There was a problem hiding this comment.
According to the requirements, if a user is not active, you should ask them to activate their email. The current error message Invalid credentials is too generic and doesn't guide the user on the necessary next step. Consider providing a more descriptive message like Please activate your account before logging in.
| if (email) { | ||
| payload.email = email; | ||
| } |
There was a problem hiding this comment.
The task requires sending a notification to the user's old email address when they change it. This implementation is missing that step. You should add logic here to check if email is provided and is different from user.email, and if so, send a notification to the old email address before updating the user.
src/controllers/reg.ctr.ts
Outdated
|
|
||
| res.statusCode = httpStatus.ok; | ||
| res.setHeader('Content-Type', 'application/json'); | ||
| res.end(JSON.stringify({ message: `Succesfully activated` })); |
There was a problem hiding this comment.
The requirements state that the user should be redirected to the Profile page after activation. Currently, you are only sending a success message. To facilitate this in an API, you should log the user in by generating and sending back access and refresh tokens, just like in the login flow. This would allow the client-side application to complete the login process and redirect the user to their profile.
src/controllers/idx.ctr.ts
Outdated
| @@ -0,0 +1,12 @@ | |||
| import http from 'http'; | |||
|
|
|||
| const index = '<h1>some-html<h1>'; | |||
There was a problem hiding this comment.
This HTML is not well-formed. The closing tag for an <h1> element should be </h1>. Paying attention to these details is important for ensuring your HTML renders correctly across different browsers.
| } catch (e) { | ||
| if (e instanceof RequestError) { | ||
| return false; | ||
| } | ||
| throw e; |
There was a problem hiding this comment.
This error handling logic is too broad. It catches any RequestError, including potential database connection errors (which are wrapped as DBError, a subclass of RequestError), and treats them as if the user does not exist by returning false. This could lead to a situation where, if the database is down, the system thinks a user's email is available. You should make this check more specific and only return false if the error's statusCode is 404 Not Found. All other errors should be re-thrown.
| const profileUpdate = z | ||
| .object({ | ||
| [fnames[TNAMES.USR].pwd]: z.string().min(MIN_PWD), | ||
| [fnames[TNAMES.USR].name]: z.string().min(MIN_STR).optional(), | ||
| [fnames[TNAMES.USR].email]: z | ||
| .string() | ||
| .refine((val) => /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(val), { | ||
| message: 'Invalid email', | ||
| }) | ||
| .optional(), | ||
| }) | ||
| .refine((data) => data.name || data.email, { | ||
| message: 'At least one field (name or email) is required', | ||
| }); |
There was a problem hiding this comment.
The task requirements state that to change an email, the user must 'confirm the new email'. This typically means the user should provide the new email address twice to prevent typos. This schema is missing a field for email confirmation and the corresponding logic to ensure that if the email is being changed, the confirmation field matches.
src/utils/jwt.ts
Outdated
| return decoded; | ||
| } catch (error) { | ||
| if (error instanceof jwt.TokenExpiredError) { | ||
| throw new RequestError('Token has expired', httpStatus.na); |
There was a problem hiding this comment.
The HTTP status code 405 Method Not Allowed (httpStatus.na) is not the standard response for an expired token. A 401 Unauthorized (httpStatus.ua) status code would be more semantically correct, as it indicates that the request lacks valid authentication credentials. This helps client-side applications correctly handle token expiration, for example, by triggering a token refresh flow.
src/utils/dbHandler.ts
Outdated
| function dbHandler<TArgs extends any[], TResult>( | ||
| fn: (...args: TArgs) => Promise<TResult>, | ||
| ): (...args: TArgs) => Promise<TResult> { | ||
| return async (...args: TArgs): Promise<TResult> => { | ||
| try { | ||
| return await fn(...args); | ||
| } catch (error) { | ||
| throw new DBError( | ||
| `Database operation failed: ${error instanceof Error ? error.message : error}`, | ||
| ); | ||
| } | ||
| }; | ||
| } |
There was a problem hiding this comment.
This dbHandler function appears to be a duplicate of the one found in src/services/repo.service.ts. The version in the repository service is more specific because it avoids re-wrapping RequestError instances. It seems this file is unused and could be removed to avoid code duplication and confusion.
| "rootDir": "./src", | ||
| "resolveJsonModule": true, | ||
| "allowImportingTsExtensions": true, | ||
| "noEmit": true |
There was a problem hiding this comment.
The "noEmit": true option prevents the TypeScript compiler from generating JavaScript output files. Since you have an outDir specified, it's clear the intention is to build the project into a dist folder. You should remove this line or set it to false to allow tsc to compile your TypeScript code into JavaScript that can be executed by Node.js.
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
Great work on this update! You've successfully addressed most of the previous feedback, and the overall structure of the application is very strong. However, a few critical issues are preventing the application from working correctly, so I am requesting changes.
There are three blockers that need to be fixed:
- Project Compilation: In
tsconfig.json, the"noEmit": truesetting is still present. This prevents TypeScript from generating JavaScript, so the project cannot be built. Please set this tofalse. - Data Persistence: The database setup in
src/db/db.tsstill usessync({ force: true }), which wipes all data on every server restart. This option needs to be removed to allow data to persist. - Authentication Error: In
src/controllers/helpers/helpers.ts, thehandleTokensfunction will fail at runtime. You need to use bracket notation (e.g.,TOKEN_EXPIRY[TKN.ACC]) to access the token expiry values, as dot notation will not work with computed keys.
Once these issues are resolved, the application should be fully functional. Keep up the excellent effort!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Important
Fix the issues, commit the changes, and then re-request my review using the Re-request review button2 in the Reviewers tab.
Tip
If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag3.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.
Caution
Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.
Footnotes
src/controllers/helpers/helpers.ts
Outdated
| await srv.tkn.crt(createPayload); | ||
|
|
||
| res.setHeader('Set-Cookie', [ | ||
| setTkn(TKN.ACC, accTkn.token, TOKEN_EXPIRY.access[1]), |
There was a problem hiding this comment.
Accessing TOKEN_EXPIRY.access with dot notation will likely fail at runtime. Since the keys of TOKEN_EXPIRY are dynamic string values from the TKN object, you should use bracket notation, like TOKEN_EXPIRY[TKN.ACC].
src/controllers/helpers/helpers.ts
Outdated
|
|
||
| res.setHeader('Set-Cookie', [ | ||
| setTkn(TKN.ACC, accTkn.token, TOKEN_EXPIRY.access[1]), | ||
| setTkn(TKN.RFR, refTkn.token, TOKEN_EXPIRY.refresh[1]), |
There was a problem hiding this comment.
Similarly here, please use bracket notation TOKEN_EXPIRY[TKN.RFR] to access the refresh token's expiry time.
src/db/db.ts
Outdated
| const { default: DB } = await import('../model/index.ts'); | ||
|
|
||
| for (const model of Object.values(DB)) { | ||
| await model.sync({ force: true }); |
There was a problem hiding this comment.
The force: true option causes the database tables to be dropped and recreated on every application start, deleting all existing data. This was a high-priority issue from the previous review. To ensure data persistence, you should remove this option. For development, { alter: true } can be a safer alternative, but removing force: true is the essential fix here.
| "rootDir": "./src", | ||
| "resolveJsonModule": true, | ||
| "allowImportingTsExtensions": true, | ||
| "noEmit": true |
There was a problem hiding this comment.
This setting prevents the TypeScript compiler from generating JavaScript files, making it impossible to build and run the application. This was a high-priority issue from the previous review. Please set this to false to allow the project to be compiled.
mateacademy-ai-mentor
left a comment
mateacademy-ai-mentor
left a comment
There was a problem hiding this comment.
Review Summary
Excellent work on this project! The overall architecture and feature implementation are incredibly strong. I am approving this submission for educational purposes to help you move forward, but please note there are two critical configuration issues preventing the application from building and running.
To get your project working, you'll need to make these two changes:
- In
tsconfig.json, please change thenoEmitoption fromtruetofalse. This will allow the TypeScript compiler to generate the necessary JavaScript files. - The build is failing due to an ESLint configuration error. Please rename
.eslintrc.cjsto.eslintrc.jsonand update its content to the JSON format as suggested in the check run logs.
Once you've made these fixes, your application should run perfectly. You've done a fantastic job on the core logic!
✨ Please rate this review in the Platform's notification center1. I will be grateful for your feedback! ✨
Footnotes
| "rootDir": "./src", | ||
| "resolveJsonModule": true, | ||
| "allowImportingTsExtensions": true, | ||
| "noEmit": true |
There was a problem hiding this comment.
This setting is preventing the TypeScript compiler from generating the JavaScript files needed to run the application. As mentioned in the previous review, this must be set to false to allow the project to be built.
Denys-Kravchuk9988
left a comment
Denys-Kravchuk9988
left a comment
There was a problem hiding this comment.
Please, provide front-end part.
Please, consider renaming of variables to add more context.
For example:
dlt -> delete
ptch -> patch
srv -> server
tkn -> token
they are longer but it's better for context
3 participants
First shot:)