review required

.editorconfig

@@ -0,0 +1,6 @@
+{
+  "trailingComma": "es5",
+  "tabWidth": 2,
+  "semi": false,
+  "singleQuote": true
+}

.gitignore

@@ -0,0 +1,4 @@
+node_modules
+.env
+.idea
+.vscode

.graphqlconfig

@@ -0,0 +1,15 @@
+{
+  "name": "Untitled GraphQL Schema",
+  "schemaPath": "schema.graphql",
+  "extensions": {
+    "endpoints": {
+      "Default GraphQL Endpoint": {
+        "url": "http://localhost:8080",
+        "headers": {
+          "user-agent": "JS GraphQL"
+        },
+        "introspect": false
+      }
+    }
+  }
+}

README.md

@@ -36,3 +36,27 @@ Design a web application that allows employees to submit feedback toward each ot
 * Assumptions you make given limited requirements
 * Technology and design choices
 * Identify areas of your strengths
+
+## Start application in docker
+* make sure docker daemon is running
+* make sure that the folder-location is mounted in dockers ressources/file-sharing options
+* start all containers with `docker-compose up`
+* stop them with `docker-compose down` or ^+c in the terminal
+* frontend runs on localhost:3000
+* backend  runs on localhost:8080
+
+## Docs
+The code is documented using TODO comment syntax to easily find documentation-objects. Do a matchcase-fulltext search for `TODO` to find all relevant documentation.
+
+## TODOs
+
+### Frontend
+- [ ]  Submit forms with enter
+- [ ]  Unify frontend tables and find HOC abstraction possibilities
+- [ ]  Split reducer and global state in appropriate partial scopes to minimize re-renders (employee reducer, review reducer)
+- [ ]  remove react warnings about unused variables
+
+### Backend
+- [ ]  Improve mongodb table relations, validations, default values and model-concerns
+- [ ]  Security considerations like deeper password-hashing, encryption between docker instances, properly restricted routes for user-roles
+- [ ]  Deployment and scaling considerations

backend/.gitignore

@@ -0,0 +1,2 @@
+node_modules
+.env

backend/Dockerfile

@@ -0,0 +1,22 @@
+FROM node:10.5.0
+RUN mkdir -p /home/node/node_modules
+WORKDIR /home/node
+COPY package*.json ./
+RUN npm install --production
+
+ARG CACHEBUST=1
+COPY . .
+
+ARG DATABASE_HOST
+ENV DATABASE_HOST $DATABASE_HOST
+
+ARG DATABASE_PORT
+ENV DATABASE_PORT $DATABASE_PORT
+
+ARG DATABASE_NAME
+ENV DATABASE_NAME $DATABASE_NAME
+
+ARG PORT
+ENV PORT $PORT
+
+CMD [ "npm", "start" ]

backend/app/auth/authController.js

@@ -0,0 +1,65 @@
+const bcrypt = require("bcrypt");
+const Employee = require("../employees/Employee");
+const saltRounds = 10;
+const jwt = require("jsonwebtoken");
+// TODO create a unified response bottleneck. Unveils full power if app grows and response differs from request to request
+const ro = require("../../helpers/response-object");
+const uuidv4 = require("uuid/v4");
+const sendVerificationMail = require("../../helpers/mailer");
+const Boom = require("boom");
+const salt = bcrypt.genSaltSync(saltRounds);
+
+// TODO create a unified response bottleneck. Unveils full power if app grows and response differs from request to request
+const employeeObject = employee => {
+  const payload = {
+    id: employee.id,
+    email: employee.email,
+    name: employee.name,
+    subscription: employee.subscription,
+    role: employee.role
+  };
+
+  const token = jwt.sign(payload, process.env.SECRET, { expiresIn: 86400 });
+  return { jwtToken: token };
+};
+module.exports.signin = async (req, res) => {
+  try {
+    if (!req.body) {
+      return Boom.badData(`Not enough data send to server. Provide email + password`);
+    } else if (!req.body.email) {
+      return Boom.badData(`Email missing`);
+    } else {
+      const employee = await Employee.findOne({ email: req.body.email });
+      if (!employee) {
+        return Boom.notFound(`Employee not found`);
+      } else if (employee) {
+        if (!employee.verifiedAt) {
+          try {
+            const employeeToken = uuidv4(4);
+            await sendVerificationMail(req, employeeToken);
+            employee.verificationToken = employeeToken;
+            Employee.update(employee);
+
+            return Boom.forbidden(`Employee not verified yet, check your emails for a verification link`);
+          } catch (e) {
+            console.log("Error in authController.signin", e);
+          }
+        } else {
+          const hashedPW = bcrypt.compareSync(req.body.password, employee.password); // true
+          if (!hashedPW) {
+            return Boom.unauthorized("Authentication failed. Wrong password.");
+          } else {
+            return employeeObject(employee);
+          }
+        }
+      }
+    }
+  } catch (error) {
+    console.log(error);
+  }
+};
+// TODO currently unused - later purpose for polling interval if token expired
+module.exports.refreshtoken = (req, res, next) => {
+  const employee = req.employee;
+  return res.json(ro(201, `Welcome`, employeeObject(employee)));
+};

backend/app/auth/authRoutes.js

@@ -0,0 +1,10 @@
+const Router = require("restify-router").Router;
+const router = new Router();
+const validateToken = require("../../helpers/validateToken");
+const AuthController = require("./authController");
+
+router.post("signin", AuthController.signin);
+
+router.get("refresh_token", validateToken, AuthController.refreshtoken);
+
+module.exports = router;

backend/app/auth/authSchema.js

@@ -0,0 +1,21 @@
+const { gql } = require('apollo-server');
+const AuthController = require("../auth/authController");
+
+module.exports.authTypeDefs = gql`
+    extend type Mutation {
+        login(email: String, password: String): LoginSuccess
+    }
+    type LoginSuccess {
+        jwtToken: String
+    }
+`;
+
+module.exports.authResolvers = {
+    Query: {
+    },
+    Mutation: {
+        login: async (_, payload, context) => {
+            return AuthController.signin({ body: { email: payload.email, password: payload.password } }, context)
+        },
+    }
+}

backend/app/employees/Employee.js

@@ -0,0 +1,60 @@
+const mongoose = require("mongoose");
+const bcrypt = require("bcrypt");
+// Employee Schema
+const EmployeeSchema = mongoose.Schema({
+  email: {
+    type: String,
+    index: true
+  },
+  name: {
+    type: String
+  },
+  password: {
+    type: String
+  },
+  role: {
+    type: String,
+    default: "user"
+  },
+  verificationToken: {
+    type: String,
+    default: false
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now()
+  },
+  verifiedAt: {
+    type: Date
+  }
+});
+
+const Employee = (module.exports = mongoose.model("Employee", EmployeeSchema));
+
+// TODO currently still unused - later keep model-logic on adequate level (not in controller/view etc.)
+module.exports.createEmployee = (newEmployee, callback) => {
+  bcrypt.genSalt(10, (err, salt) => {
+    bcrypt.hash(newEmployee.password, salt, (err, hash) => {
+      newEmployee.password = hash;
+      newEmployee.save(callback);
+    });
+  });
+};
+// TODO currently still unused - later keep model-logic on adequate level (not in controller/view etc.)
+module.exports.getEmployeeByEmail = (email, callback) => {
+  const query = { email: email };
+  Employee.findOne(query, callback);
+};
+
+// TODO currently still unused - later keep model-logic on adequate level (not in controller/view etc.)
+module.exports.getEmployeeById = function(id, callback) {
+  Employee.findById(id, callback);
+};
+
+// TODO currently still unused - later keep model-logic on adequate level (not in controller/view etc.)
+module.exports.comparePassword = (candidatePassword, hash, callback) => {
+  bcrypt.compare(candidatePassword, hash, (err, isMatch) => {
+    if (err) throw err;
+    callback(null, isMatch);
+  });
+};

backend/app/employees/employeeSchema.js

@@ -0,0 +1,59 @@
+const { gql } = require('apollo-server');
+const Employee = require("./Employee");
+
+module.exports.employeeTypeDefs = gql`
+    extend type Query {
+        employees: [Employee]
+        update(title: Int): Employee
+        employee(id: Int): Employee
+    }
+    extend type Mutation {
+        addEmployee(employee: EmployeeData): Employee
+        destroyEmployee(id: ID): ID
+    }
+    type Employee {
+        id: String,
+        email: String,
+        name: String,
+        role: String,
+        password: String,
+        createdAt: String,
+        verifiedAt: String,
+    }
+    input EmployeeData {
+        email: String,
+        name: String,
+        role: String,
+        id: String
+    }
+    type Response {
+        id: String
+    }
+`;
+
+module.exports.employeeResolvers = {
+    Query: {
+        employees: () => Employee.find({}).exec({}),
+    },
+    Mutation: {
+        addEmployee: async (_, payload, context) => {
+            let createdEmployee
+            try {
+                if (payload.employee.id) {
+                    createdEmployee = await Employee.findByIdAndUpdate(payload.employee.id, payload.employee)
+                    return createdEmployee
+                } else {
+                    createdEmployee = await Employee.create({ ...payload.employee, password: "password" })
+                    return createdEmployee
+                }
+            } catch (error) {
+                console.log('error', error);
+                return error
+            }
+        },
+        destroyEmployee: async (_, payload, context) => {
+            await Employee.findByIdAndDelete(payload.id)
+            return payload.id
+        },
+    }
+}

backend/app/feedbacks/Feedback.js

@@ -0,0 +1,19 @@
+const mongoose = require("mongoose");
+// Feedback Schema
+const FeedbackSchema = mongoose.Schema({
+  text: {
+    type: String,
+  },
+  review: {
+    type: mongoose.Schema.ObjectId, ref: "Review"
+  },
+  employee: {
+    type: mongoose.Schema.ObjectId, ref: "Employee"
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now()
+  },
+});
+
+const Feedback = (module.exports = mongoose.model("Feedback", FeedbackSchema));

backend/app/feedbacks/feedbackSchema.js

@@ -0,0 +1,42 @@
+const { gql } = require('apollo-server');
+const Feedback = require("./Feedback");
+
+module.exports.feedbackTypeDefs = gql`
+    extend type Query {
+        feedbacks: [Feedback]
+    }
+    extend type Mutation {
+        addFeedback(feedback: FeedbackData): Feedback
+    }
+    type Feedback {
+        id: String,
+        text: String,
+        review: Review,
+        employee: Employee,
+        createdAt: String!
+    }
+    input FeedbackData {
+        text: String,
+        review: String,
+        employee: String,
+    }
+`;
+
+module.exports.feedbackResolvers = {
+    Query: {
+        feedbacks: async () => await Feedback.find({}).populate('review').populate('employee').exec({}),
+    },
+    Mutation: {
+        addFeedback: async (_, payload, context) => {
+            try {
+                let createdFeedback = await Feedback.create({ ...payload.feedback })
+                console.log('createdFeedback', createdFeedback);
+                createdFeedback = await createdFeedback.populate('review').populate('employee').execPopulate()
+                return createdFeedback
+            } catch (error) {
+                console.log('error', error);
+                return error
+            }
+        },
+    }
+}

backend/app/reviews/Review.js

@@ -0,0 +1,17 @@
+const mongoose = require("mongoose");
+// Review Schema
+const ReviewSchema = mongoose.Schema({
+  score: {
+    type: String,
+  },
+  employee: {
+    type: mongoose.Schema.ObjectId, ref: "Employee",
+    index: true
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now()
+  },
+});
+
+const Review = (module.exports = mongoose.model("Review", ReviewSchema));