Merge pull request #42 from GTBitsOfGood/alexchen/create-item-mutation

create item mutation + tests

Author: kavinphan

src/app/api/items/route.test.ts

@@ -0,0 +1,132 @@
+/* eslint-disable @typescript-eslint/no-explicit-any */
+//Lint gets angry when "as any" is used, but it is necessary for mocking Prisma responses using the "select" parameter (for now).
+import { testApiHandler } from "next-test-api-route-handler";
+import * as appHandler from "./route";
+
+import { expect, test } from "@jest/globals";
+import { dbMock } from "@/test/dbMock";
+import { invalidateSession, validateSession } from "@/test/util/authMockUtils";
+import { UserType } from "@prisma/client";
+
+const item = {
+  title: "Some item",
+  category: "Some category",
+  quantity: 2,
+  expirationDate: new Date(1000),
+  unitSize: 64,
+  unitType: "bunches",
+  datePosted: new Date(1000),
+  lotNumber: 2,
+  donorName: "John Doe",
+  unitPrice: 7,
+  maxRequestLimit: "5",
+};
+const invalidItem = {
+  title: "foobar",
+  category: "baz",
+  quantity: -1,
+  donorName: 17.5,
+};
+const itemOutput = {
+  title: "Some item",
+  category: "Some category",
+  quantity: 2,
+  expirationDate: new Date(1000).toISOString(),
+  unitSize: 64,
+  datePosted: new Date(1000).toISOString(),
+  lotNumber: 2,
+  donorName: "John Doe",
+  unitPrice: 7,
+  unitType: "bunches",
+  maxRequestLimit: "5",
+};
+
+test("returns 401 on invalid session", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      // Mock invalid session
+      invalidateSession();
+      const itemFormData = new FormData();
+      Object.entries(item).forEach(([key, value]) =>
+        itemFormData.append(key, value.toString())
+      );
+      const res = await fetch({ method: "POST", body: itemFormData });
+      await expect(res.status).toBe(401);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "Session required",
+      });
+    },
+  });
+});
+
+test("returns 403 on unauthorized (partner)", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.PARTNER);
+      const itemFormData = new FormData();
+      Object.entries(item).forEach(([key, value]) =>
+        itemFormData.append(key, value.toString())
+      );
+      const res = await fetch({ method: "POST", body: itemFormData });
+      await expect(res.status).toBe(403);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "You are not allowed to add this record",
+      });
+    },
+  });
+});
+
+test("returns 403 on unauthorized (staff)", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.STAFF);
+      const itemFormData = new FormData();
+      Object.entries(item).forEach(([key, value]) =>
+        itemFormData.append(key, value.toString())
+      );
+      const res = await fetch({ method: "POST", body: itemFormData });
+      await expect(res.status).toBe(403);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "You are not allowed to add this record",
+      });
+    },
+  });
+});
+
+test("returns 400 on bad form data", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.ADMIN);
+      const itemFormData = new FormData();
+      Object.entries(invalidItem).forEach(([key, value]) =>
+        itemFormData.append(key, value.toString())
+      );
+      const res = await fetch({ method: "POST", body: itemFormData });
+      await expect(res.status).toBe(400);
+      await expect(res.json()).resolves.toStrictEqual({
+        message: "Invalid form data",
+      });
+    },
+  });
+});
+
+test("returns 200 and correctly creates item (admin)", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      validateSession(UserType.ADMIN);
+      const itemFormData = new FormData();
+      Object.entries(item).forEach(([key, value]) =>
+        itemFormData.append(key, value.toString())
+      );
+      dbMock.item.create.mockResolvedValueOnce(itemOutput as any);
+      const res = await fetch({ method: "POST", body: itemFormData });
+      await expect(res.status).toBe(200);
+      await expect(res.json()).resolves.toStrictEqual(itemOutput);
+    },
+  });
+});

src/app/api/items/route.ts

@@ -0,0 +1,80 @@
+import {
+  authenticationError,
+  authorizationError,
+  argumentError,
+} from "@/util/responses";
+import { auth } from "@/auth";
+import { db } from "@/db";
+import { NextResponse, NextRequest } from "next/server";
+import { UserType } from "@prisma/client";
+import { z } from "zod";
+import { zfd } from "zod-form-data";
+
+const AUTHORIZED_USER_TYPES = [
+  UserType.ADMIN,
+  UserType.SUPER_ADMIN,
+] as UserType[];
+
+const ItemFormSchema = zfd.formData({
+  title: zfd.text(),
+  category: zfd.text(),
+  quantity: zfd.numeric(z.number().int().min(0)),
+  expirationDate: z.coerce.date(),
+  unitSize: zfd.numeric(z.number().int().min(0)),
+  unitType: zfd.text(),
+  datePosted: z.coerce.date(),
+  lotNumber: zfd.numeric(z.number().int().min(0)),
+  donorName: zfd.text(),
+  unitPrice: zfd.numeric(z.number().min(0)),
+  maxRequestLimit: zfd.text(),
+});
+
+interface ItemResponse {
+  title: string;
+  category: string;
+  quantity: number;
+  expirationDate: Date;
+  unitSize: number;
+  datePosted: Date;
+  lotNumber: number;
+  donorName: string;
+  unitPrice: number;
+  unitType: string;
+  maxRequestLimit: string;
+}
+
+/**
+ * Creates a new item in the Items database.
+ * Parameters are passed as form data.
+ * @params title: Title of the item
+ * @params category: Category of the item
+ * @params quantity: Quantity of the item
+ * @params expiration: Expiration date of the item
+ * @params unitSize: Size per unit of the item
+ * @params unitType: Type of unit of the item
+ * @params datePosted: Date the item was posted to the database
+ * @params lotNumber: Lot number of the item
+ * @params donorName: Name of the donor of the item
+ * @params unitPrice: Price per unit of the item
+ * @params maxRequestLimit: Maximum number of requests allowed for the item
+ * @returns 401 if the request is not authenticated
+ * @returns 403 if the user is not authorized to view the partner details
+ * @returns 400 if the form data is invalid
+ * @returns 200 and the contents of the created item
+ */
+export async function POST(request: NextRequest): Promise<NextResponse> {
+  const session = await auth();
+  if (!session?.user) return authenticationError("Session required");
+  if (!AUTHORIZED_USER_TYPES.includes(session.user.type)) {
+    return authorizationError("You are not allowed to add this record");
+  }
+  const validatedForm = ItemFormSchema.safeParse(await request.formData());
+
+  if (!validatedForm.success) return argumentError("Invalid form data");
+
+  const createdItem = await db.item.create({
+    data: validatedForm.data,
+  });
+
+  return NextResponse.json(createdItem as ItemResponse);
+}