Resolved password field conflict

Author: shrutiiiyet

src/app.ts

@@ -1,4 +1,3 @@
-// src/app.ts
 import express from "express";
 import cors from "cors";
 import multer from "multer";
@@ -17,39 +16,40 @@ export const supabase = createClient(
 
 const app = express();
 
-// 1) Enable CORS for your domains
+
 app.use(
   cors({
-    origin: config.ALLOWED_ORIGINS.split(","), // e.g. 'https://club.example.com'
+    origin: config.ALLOWED_ORIGINS || "*",
     methods: ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],
     credentials: true,
   }),
 );
 
-// 2) Parse JSON and form data
+
 app.use(json());
 app.use(urlencoded({ extended: true }));
 
-// 3) Handle file uploads (in-memory)
+
 const upload = multer({ storage: multer.memoryStorage(),
   limits: { fileSize: 2 * 1024 * 1024 }
 });
 
-// 4) Mount your routes, injecting `upload` middleware where needed
-//    For endpoints that accept file uploads, you can do e.g.:
-//    router.post('/members/:memberId/photo', upload.single('photo'), ...)
+
+app.use("/health",(req,res)=>{
+  res.status(200).json({ message: "OK" });
+})
 
 app.use("/api/v1", routes(upload, supabase));
 
-// 5) 404 handler
+// 404 handler
 app.use((req, res) => {
   res.status(404).json({ message: "Not Found" });
 });
 
-// 6) Global error handler
+
+// Global error handler
 app.use(errorHandler);
 
-// 7) do 'npm run apidoc to generate the documentation, I have added it in the scripts
-//    then you can go to localhost:3000/docs to see the docs
+// Serve API documentation
 app.use("/docs", express.static(path.join(__dirname, "..", "docs/apidoc")));
 export default app;

src/config/index.ts

@@ -4,5 +4,5 @@ export default {
   DIRECT_URL: process.env.DIRECT_URL!,
   SUPABASE_URL: process.env.SUPABASE_URL!,
   SUPABASE_SERVICE_ROLE_KEY: process.env.SUPABASE_SERVICE_ROLE_KEY!,
-  ALLOWED_ORIGINS: process.env.ALLOWED_ORIGINS || "*",
+  ALLOWED_ORIGINS: process.env.ALLOWED_ORIGINS,
 };

src/controllers/interview.controller.ts

@@ -103,17 +103,27 @@ export const updateInterviewById = async (req: Request, res: Response) => {
 
 export const deleteInterviewById = async (req: Request, res: Response) => {
   const interviewId = parseInt(req.params.id);
+  const { memberId } = req.body;
 
   if (!interviewId) {
     throw new ApiError("Invalid interview ID", 400);
   }
 
+  if (!memberId) {
+    throw new ApiError("Member ID is required for verification", 400);
+  }
+
   const existingInterview = await interviewService.getInterviewById(interviewId);
 
   if (!existingInterview) {
     throw new ApiError("Interview experience not found", 404);
   }
 
+  
+  if (existingInterview.memberId !== memberId) {
+    throw new ApiError("You are not authorized to delete this interview", 403);
+  }
+
   await interviewService.deleteInterviewById(interviewId);
 
   res.status(200).json({
@@ -122,4 +132,3 @@ export const deleteInterviewById = async (req: Request, res: Response) => {
   });
 };
 
-

src/routes/achievements.ts

@@ -20,7 +20,7 @@ export function parseCreateAchievementData(req: Request, res: Response, next: Ne
 
 export default function acheivementsRouter(upload: Multer, supabase: SupabaseClient) {
     const router = express.Router();
-
+    
 
     /**
    * @api {get} /achievements Get all achievements

src/routes/index.ts

@@ -17,7 +17,7 @@ export default function routes(upload: Multer, supabase: SupabaseClient) {
 
   router.use('/achievements' ,acheivementsRouter(upload, supabase));
 
-  router.use('/interviews', interviewRouter(upload, supabase));
+  router.use('/interviews', interviewRouter());
 
   router.use('/topics',topicRouter());
 

src/routes/interviews.ts

@@ -1,13 +1,8 @@
 import express from 'express';
 import * as interviewCtrl from '../controllers/interview.controller';
-import { supabase } from '../app';
-import { Multer } from 'multer';
-import { NextFunction } from 'express-serve-static-core';
-import { SupabaseClient } from '@supabase/supabase-js';
 
 
-
-export default function interviewRouter(upload: Multer, supabase: SupabaseClient) {
+export default function interviewRouter() {
     const router = express.Router();
 
     /**
@@ -106,7 +101,7 @@ export default function interviewRouter(upload: Multer, supabase: SupabaseClient
    * @apiParam (Path Params) {Number} id Interview ID to delete
    *
    * @apiSuccess {String} message Deletion confirmation
-   *
+   * @apiBody (Request Body) {UUID} memberId Member ID of the owner
    * @apiError (400) BadRequest Invalid interview ID
    * @apiError (404) NotFound Interview not found
    * @apiError (500) InternalServerError Internal server error

src/types/members.d.ts

@@ -17,4 +17,4 @@ declare global {
     codeforces?: string;
     password?: string
   }
-}
+}

src/utils/apiError.ts

@@ -1,4 +1,3 @@
-// src/utils/apiError.ts
 import { Request, Response, NextFunction } from "express";
 
 /**
@@ -17,9 +16,7 @@ export class ApiError extends Error {
   }
 }
 
-/**
- * Standard structure for API error responses
- */
+
 interface ErrorResponse {
   error: boolean;
   message: string;

tests/Interview.test.ts

@@ -309,11 +309,14 @@ describe('updateInterviewById', () => {
 
 
 describe('deleteInterviewById', () => {
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
   it('should return 200 and success message', async () => {
     const req: any = {
-      params: {
-        id: '1',
-      },
+      params: { id: '1' },
+      body: { memberId: 'user_123' },
     };
 
     const res: any = {
@@ -331,13 +334,8 @@ describe('deleteInterviewById', () => {
       memberId: 'user_123',
     };
 
-    jest
-      .spyOn(interviewService, 'getInterviewById')
-      .mockResolvedValue(mockInterview);
-
-    jest
-      .spyOn(interviewService, 'deleteInterviewById')
-      .mockResolvedValue();
+    jest.spyOn(interviewService, 'getInterviewById').mockResolvedValue(mockInterview);
+    jest.spyOn(interviewService, 'deleteInterviewById').mockResolvedValue();
 
     await deleteInterviewById(req, res);
 
@@ -351,22 +349,57 @@ describe('deleteInterviewById', () => {
   it('should throw 400 for invalid interview ID', async () => {
     const req: any = {
       params: { id: 'invalid' },
+      body: { memberId: 'user_123' },
     };
 
     const res: any = {};
+
+    await expect(deleteInterviewById(req, res)).rejects.toThrow(ApiError);
+  });
+
+  it('should throw 400 if memberId is missing', async () => {
+    const req: any = {
+      params: { id: '1' },
+      body: {},
+    };
+
+    const res: any = {};
+
     await expect(deleteInterviewById(req, res)).rejects.toThrow(ApiError);
   });
 
   it('should throw 404 if interview not found', async () => {
     const req: any = {
       params: { id: '999' },
+      body: { memberId: 'user_123' },
     };
 
     const res: any = {};
 
-    jest
-      .spyOn(interviewService, 'getInterviewById')
-      .mockResolvedValue(null);
+    jest.spyOn(interviewService, 'getInterviewById').mockResolvedValue(null);
+
+    await expect(deleteInterviewById(req, res)).rejects.toThrow(ApiError);
+  });
+
+  it('should throw 403 if memberId does not match', async () => {
+    const req: any = {
+      params: { id: '1' },
+      body: { memberId: 'wrong_user' },
+    };
+
+    const res: any = {};
+
+    const mockInterview = {
+      id: 1,
+      company: 'Google',
+      role: 'SDE',
+      verdict: Verdict.Selected,
+      content: 'Nice',
+      isAnonymous: false,
+      memberId: 'user_123',
+    };
+
+    jest.spyOn(interviewService, 'getInterviewById').mockResolvedValue(mockInterview);
 
     await expect(deleteInterviewById(req, res)).rejects.toThrow(ApiError);
   });