Fix backend persistence crash and optimize order lookup

Author: fuzziecoder

backend/README.md

@@ -1,6 +1,6 @@
 # Backend API
 
-A minimal Node.js backend for BroCode Spot backed by a persistent SQLite database.
+A minimal Node.js backend for BroCode Spot backed by a persistent JSON file database.
 
 ## Start
 
@@ -14,8 +14,8 @@ Server starts at `http://localhost:4000` by default.
 
 ### Issue #26: Move from in-memory store to persistent DB
 
-- Uses `node:sqlite` with a local database file at `backend/data/brocode.sqlite`.
-- You can override the location with `BROCODE_DB_PATH=/custom/path.sqlite npm run backend`.
+- Uses a local JSON database file at `backend/data/brocode.json`.
+- You can override the location with `BROCODE_DB_PATH=/custom/path.json npm run backend`.
 - On first start, seed data is inserted for users, spots, catalog items, and a sample order.
 - New orders are validated against DB data (known `spotId`, `userId`, `productId`) and item pricing is always derived from catalog prices in the database.
 

backend/db.js

@@ -1,8 +1,8 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
-import { dirname, resolve } from 'node:path';
 import { randomBytes, randomUUID, scryptSync, timingSafeEqual } from 'node:crypto';
+import { dirname, resolve } from 'node:path';
 
-const defaultDbPath = resolve(process.cwd(), 'backend', 'data', 'brocode.sqlite');
+const defaultDbPath = resolve(process.cwd(), 'backend', 'data', 'brocode.json');
 const dbPath = process.env.BROCODE_DB_PATH ? resolve(process.env.BROCODE_DB_PATH) : defaultDbPath;
 
 const dbDirectory = dirname(dbPath);
@@ -34,79 +34,6 @@ const verifyPassword = (password, storedPassword) => {
   return timingSafeEqual(candidateHash, expectedHash);
 };
 
-db.exec(`
-  CREATE TABLE IF NOT EXISTS users (
-    id TEXT PRIMARY KEY,
-    username TEXT NOT NULL UNIQUE,
-    password TEXT NOT NULL,
-    name TEXT NOT NULL,
-    role TEXT NOT NULL
-  );
-
-  CREATE TABLE IF NOT EXISTS spots (
-    id TEXT PRIMARY KEY,
-    location TEXT NOT NULL,
-    date TEXT NOT NULL,
-    host_user_id TEXT NOT NULL,
-    FOREIGN KEY (host_user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-
-  CREATE TABLE IF NOT EXISTS catalog_items (
-    id TEXT PRIMARY KEY,
-    category TEXT NOT NULL,
-    name TEXT NOT NULL,
-    price REAL NOT NULL
-  );
-
-  CREATE TABLE IF NOT EXISTS orders (
-    id TEXT PRIMARY KEY,
-    spot_id TEXT NOT NULL,
-    user_id TEXT NOT NULL,
-    total_amount REAL NOT NULL,
-    created_at TEXT NOT NULL,
-    FOREIGN KEY (spot_id) REFERENCES spots(id),
-    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
-  );
-
-  CREATE TABLE IF NOT EXISTS order_items (
-    id INTEGER PRIMARY KEY AUTOINCREMENT,
-    order_id TEXT NOT NULL,
-    product_id TEXT NOT NULL,
-    name TEXT NOT NULL,
-    quantity INTEGER NOT NULL,
-    unit_price REAL NOT NULL,
-    total REAL NOT NULL,
-    FOREIGN KEY (order_id) REFERENCES orders(id) ON DELETE CASCADE
-  );
-`);
-
-const hasUsers = db.prepare('SELECT COUNT(*) AS count FROM users').get().count > 0;
-
-if (!hasUsers) {
-  const insertUser = db.prepare('INSERT INTO users (id, username, password, name, role) VALUES (?, ?, ?, ?, ?)');
-  insertUser.run('u-1', 'brocode', hashPassword('changeme'), 'Ram', 'admin');
-  insertUser.run('u-2', 'dhanush', hashPassword('changeme'), 'Dhanush', 'user');
-
-  const insertSpot = db.prepare('INSERT INTO spots (id, location, date, host_user_id) VALUES (?, ?, ?, ?)');
-  insertSpot.run('spot-2025-07-26', 'Attibele Toll Plaza', '2025-07-26T10:00:00.000Z', 'u-1');
-
-  const insertCatalogItem = db.prepare('INSERT INTO catalog_items (id, category, name, price) VALUES (?, ?, ?, ?)');
-  insertCatalogItem.run('d-1', 'drinks', 'Brocode Beer', 180);
-  insertCatalogItem.run('d-2', 'drinks', 'Kingfisher Beer', 170);
-  insertCatalogItem.run('f-1', 'food', 'Beef Biriyani', 220);
-  insertCatalogItem.run('f-2', 'food', 'Parotta', 30);
-  insertCatalogItem.run('c-1', 'cigarettes', 'Marlboro', 25);
-  insertCatalogItem.run('c-2', 'cigarettes', 'Classic', 20);
-
-  db.prepare(
-    'INSERT INTO orders (id, spot_id, user_id, total_amount, created_at) VALUES (?, ?, ?, ?, ?)'
-  ).run('ord-1', 'spot-2025-07-26', 'u-2', 360, '2025-07-26T10:30:00.000Z');
-
-  db.prepare(
-    `INSERT INTO order_items (order_id, product_id, name, quantity, unit_price, total)
-     VALUES (?, ?, ?, ?, ?, ?)`
-  ).run('ord-1', 'd-1', 'Brocode Beer', 2, 180, 360);
-}
 const seedData = () => ({
   users: [
     { id: 'u-1', username: 'brocode', password: hashPassword('changeme'), name: 'Ram', role: 'admin' },
@@ -196,42 +123,6 @@ const mapOrder = (order, items) => ({
   })),
 });
 
-const fetchOrderItemsByOrderIds = (orderIds) => {
-  if (orderIds.length === 0) return new Map();
-
-  const placeholders = orderIds.map(() => '?').join(',');
-  const rows = db
-    .prepare(
-      `SELECT order_id, product_id, name, quantity, unit_price, total
-       FROM order_items
-       WHERE order_id IN (${placeholders})
-       ORDER BY id ASC`
-    )
-    .all(...orderIds);
-
-  const itemsByOrderId = new Map();
-  rows.forEach((row) => {
-    if (!itemsByOrderId.has(row.order_id)) {
-      itemsByOrderId.set(row.order_id, []);
-    }
-    itemsByOrderId.get(row.order_id).push(row);
-  });
-
-  return itemsByOrderId;
-};
-
-const getCatalogItemByIdStatement = db.prepare(
-  'SELECT id, category, name, price FROM catalog_items WHERE id = ?'
-);
-
-const userExistsStatement = db.prepare('SELECT 1 AS found FROM users WHERE id = ? LIMIT 1');
-const spotExistsStatement = db.prepare('SELECT 1 AS found FROM spots WHERE id = ? LIMIT 1');
-const getUserByUsernameStatement = db.prepare('SELECT id, username, password, name, role FROM users WHERE username = ?');
-const updateUserPasswordStatement = db.prepare('UPDATE users SET password = ? WHERE id = ?');
-const deleteUserByIdStatement = db.prepare('DELETE FROM users WHERE id = ?');
-const deleteOrdersByUserIdStatement = db.prepare('DELETE FROM orders WHERE user_id = ?');
-const deleteSpotsByHostUserIdStatement = db.prepare('DELETE FROM spots WHERE host_user_id = ?');
-
 export const database = {
   getUserByCredentials(username, password) {
     const user = state.users.find((entry) => entry.username === username);
@@ -303,6 +194,20 @@ export const database = {
     });
   },
 
+  getOrderById(orderId) {
+    const order = state.orders.find((entry) => entry.id === orderId);
+
+    if (!order) {
+      return null;
+    }
+
+    const orderItems = state.order_items
+      .filter((item) => item.order_id === order.id)
+      .sort((a, b) => a.id - b.id);
+
+    return mapOrder(order, orderItems);
+  },
+
   createOrder({ spotId, userId, items }) {
     const parsedItems = items.map((item) => {
       const quantity = Number(item.quantity || 0);
@@ -361,18 +266,15 @@ export const database = {
   },
 
   deleteUserCompletely(userId) {
-    db.exec('BEGIN');
+    const hostedSpotIds = new Set(state.spots.filter((spot) => spot.host_user_id === userId).map((spot) => spot.id));
 
-    try {
-      deleteOrdersByUserIdStatement.run(userId);
-      deleteSpotsByHostUserIdStatement.run(userId);
-      deleteUserByIdStatement.run(userId);
+    state.users = state.users.filter((user) => user.id !== userId);
+    state.orders = state.orders.filter((order) => order.user_id !== userId && !hostedSpotIds.has(order.spot_id));
+    const activeOrderIds = new Set(state.orders.map((order) => order.id));
+    state.order_items = state.order_items.filter((item) => activeOrderIds.has(item.order_id));
+    state.spots = state.spots.filter((spot) => spot.host_user_id !== userId);
 
-      db.exec('COMMIT');
-    } catch (error) {
-      db.exec('ROLLBACK');
-      throw error;
-    }
+    persist();
   },
 
   getBillBySpotId(spotId) {

backend/server.js

@@ -179,28 +179,25 @@ const server = createServer(async (req, res) => {
     return;
   }
   if (method === 'GET' && path.startsWith('/api/orders/')) {
-    console.log("I AM INSIDE ORDER ID ROUTE");
-  const orderId = path.replace('/api/orders/', '');
+    const orderId = path.replace('/api/orders/', '');
 
- 
-  const authHeader = req.headers.authorization;
-  if (!authHeader) {
-    sendJson(res, 401, { error: 'Unauthorized' });
-    return;
-  }
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+      sendJson(res, 401, { error: 'Unauthorized' });
+      return;
+    }
 
-  const orders = database.getOrders({});
-  const order = orders.find(o => o.id === orderId);
+    const order = database.getOrderById(orderId);
 
-  if (!order) {
-    sendJson(res, 404, { error: `Order not found: ${orderId}` });
+    if (!order) {
+      sendJson(res, 404, { error: `Order not found: ${orderId}` });
+      return;
+    }
+
+    sendJson(res, 200, order);
     return;
   }
 
-  sendJson(res, 200, order);
-  return;
-}
-
   if (method === 'POST' && path === '/api/orders') {
     try {
       const { spotId, userId, items } = await readBody(req);
@@ -263,5 +260,5 @@ const server = createServer(async (req, res) => {
 
 server.listen(port, () => {
   console.log(`Backend API running on http://localhost:${port}`);
-  console.log(`Using SQLite database at: ${dbPath}`);
+  console.log(`Using local database at: ${dbPath}`);
 });