API and Front-End Documentation

INFO30005 (Cosmos)

http://info30005-studyspot.herokuapp.com/

• Web Application: StudySpot
• Team Name: COSMOS
• Members: Lucy, Michael, Lauren, Su Lyn

Sample Login Accounts

The login details below have been granted admin access. To view the website as a non-admin, please make a new account via the 'Sign Up' functionality.

Email: [email protected]
Password: test1234

Outline

For this deliverable, we've identified four key components:

1. User
2. Venue
3. Review
4. Admin

This README will present an overview of each component alongside the schema(s), views, and controllers associated with each component. The controller section for each component will provide a more in-depth insight into the API and functions associated with that component.

User

Overview

One of the main features is the ability for users to quickly and securely register and sign into STUDYSPOT. When the user first registers an account, their password is hashed using bCrypt and then saved into the user database.

Aside from that, user authentication is implemented; for instance, if a non-authenticated user in attempts to log into the profile dashboard, they get redirected back to the login.

If a non-admin user attempts to access the admin page, it redirects them to the home page. If the user tries to access an unknown page, it returns a 404 error page with a warning.

Within the user profile displays the user's details (name, email, bio, and avatar) as well as the user’s bookmarks, reviews, and STUDYSPOT points.

Users can edit their profile details, change or delete their avatars, delete their accounts, and remove bookmarked venues.

Schema

• _id (autogenerated ObjectId, e.g. 5ead49c814167d410fff9cec)
• first_name (mandatory string, e.g. Derek)
• last_name (mandatory string, e.g. Shephard)
• email (mandatory string, e.g. [email protected])
• password (mandatory string, e.g. password123)
• admin (boolean, e.g. true)
• biography (string, e.g. student)
• bookmarks (mongoose object)

Views

• login.pug
• register.pug
• profile.pug
  • usererror.pug
• userProfile.pug

Controllers/Functions

The user component has the following functionalities:

1. View all users
   Access by clicking on 'USERS' in the navigation bar.
   This is used for viewing all existing users.
   If there are no existing user objects it notifies the client.

GET /user/

2. View individual users
   Access individual user by clicking on user's names in 'USERS'.
   If it does not exist in the database, it notifies the client.

GET /user/:id/
e.g. /user/5ebb0974742b597eae2ead61

3. getUserByEmail
   Access individual user via email address by entering path /user/email/{user's email}.
   If there are no users with that email address, it notifies the client.

GET /user/email/:email
e.g. /user/email/[email protected]

4. View User Profile
   Once, logged in, the user will be redirected to their user profile, or access it by clicking on "MY Profile".
   It contains the user's information, other functionalities on the profile page are yet to be implemented.

GET /profile/
e.g. /profile/

5. Update User
   Once, logged in, the user can edit their information by clicking "MY PROFILE"->"Edit".
   This will redirect the user to a form that allows the to edit their name, email, password, cover photo and profile photo.
   The user can confirm edits by clicking "Update" or cancel edits by clicking "Cancel", which redirects back to the profile page.

GET /profile/edit
POST /profile/

6. Delete User Account
   Once logged in, the user can delete the account by clicking "MY PROFILE"->"Delete".
   This will delete the user's account from the database and redirect user back to home page.

GET /profile/delete/
POST /profile/delete/

7. Register user
   To register the user account, the user enters in their full name, email and chosen password. Their password will be hashed using the bcrypt package.

GET /register/
POST /register/

8. Log In
   For the user to log into their account, they will need to provide their email and password. The email will act as the unique user identifier. Once user logs into their account, the SIGN UP button disappears.

GET /login/
POST /login/

9. Log Out
   User can log out of their account using the LOG OUT button in the profile page.

GET /logout/

10. Home Page
    User can navigate towards the home page by clicking on the StudySpot logo.

GET /

Venue

Overview

STUDYSPOT venues are advertised on the website, each with their own venue profile page. The venue profile page displays the venue details, its amenities as well as the aggregate star rating, based on the reviews posted by different users. Individuals can use the search tool to look through all registered venues or add filters to their search to find study spots that suit their needs. With this functionality, users can narrow their search by specifying the venue type, venue suburb, noise levels, amenities provided (e.g. wifi, silent space, etc.), or simply searching for the name of the venue.

Schema

• _id (autogenerated ObjectId, e.g. 5eae288471ca2e93550a7c5f)
• venueName (mandatory string, e.g. Le Miel Et La Lune)
• venueType (mandatory string, e.g. Cafe)
• venueAddress
  • venueStreetAddress (mandatory string, e.g. 330 Cardigan St)
  • venueSuburb (mandatory string, e.g. Carlton)
  • venueState (mandatory string, e.g. VIC)
  • venuePostcode (mandatory string, e.g. 3053)
• venueDetails
  • noise: (mandatory string, i.e. low, med, or high)
  • wifi: (mandatory boolean, i.e. true or false)
  • toilets (mandatory boolean, i.e. true or false)
  • power (mandatory boolean, i.e. true or false)
  • discussionFriendly (mandatory boolean, i.e. true or false)
  • printer (mandatory boolean, i.e. true or false)
• venueContact
  • phonePrefix (optional string, e.g. (03))
  • phone (optional string, e.g. 9043 9767)
  • mobilePrefix (optional string, e.g. (+61))
  • mobile (optional string, e.g. 475862859)
  • email (optional string, e.g. [email protected])
  • web (optional string, e.g. lemieletlalune.com)
• venueHours
  • sun (mandatory string, e.g. closed)
  • mon (mandatory string, e.g. 7am-4pm)
  • tue (mandatory string, e.g. 7am-4pm)
  • wed (mandatory string, e.g. 7am-4pm)
  • thu (mandatory string, e.g. 7am-4pm)
  • fri (mandatory string, e.g. 7am-4pm)
  • sat (mandatory string, e.g. 8am-4pm)
• aveRating (mandatory number, e.g. 4)

Views

• venues.pug
  • venueRequestNew.pug
  • newvenue.pug
• venueProfile.pug
  • venueSuggestions.pug
  • venueUpdateForm.pug
  • venueDelete.pug
  • venueGallery.pug

Controllers/Functions

The venue component has the following functionalities:

1. View all venues
   Access by clicking on 'VENUES' in the navigation bar.
   This is used for viewing all existing venues.
   If there are no existing venue objects it notifies the client.

GET /venue/ e.g. /venue/

2. View individual venue
   To access an individual venue, click on 'VENUES' in the navigation bar then select one of the venues listed.
   If it does not exist in the database, it notifies the client.

GET /venue/:_id
e.g. /venue/5eae288471ca2e93550a7c5f

3. Register a new venue To register a new venue, click on 'VENUES' in the navigation bar, then click on "Register a new venue".
   You will be directed to a new page, with a form for you to input information about the new venue. Click on "Submit" to register your new venue!

Currently, anyone can register a new existing venue. We will restrict this function to users only in the next deliverable

GET /newvenue/
POST /newvenue/
e.g. /newvenue/

4. Update an existing venue
   To update an existing venue, click on 'VENUES' in the navigation bar, then select the venue you wish to update. On that venue's profile page, click on "Update venue" at the bottom of the page.
   You will be directed to a new page, with a form for you to input the new information for the venue. This form will already have the existing information as default values. Click on "Submit" to update the venue accordingly!
   If attempting to update a venue that does not exist in the database, it notifies the client.

Currently, anyone can update an existing venue. We will restrict this function to administrators only in the next deliverable

GET /venueUpdate/:_id
POST /venueUpdate/:_id
e.g. /venueUpdate/5eae288471ca2e93550a7c5f

5. Suggest a change to an existing venues
   To suggest a change to an existing venue, click on 'VENUES' in the navigation bar, then select the venue you wish to update. On that venue's profile page, click on "Suggest Changes".

You must be logged in to suggest changes. If you are not logged in, you will be notified that you must log in or sign up and log in.

If you are logged in, you will be directed to a new page, with a form for you to input your comments. This form will have the user's email address and the venue name automatically displayed. Click on "Submit" to submit your comments, along with your user id and the respective venue id!

If attempting to make suggestions to a venue that does not exist in the database, it notifies the client.

GET /venuesuggestions/:_id
POST /venuesuggestions/:_id
e.g. /venuesuggestions/5eae288471ca2e93550a7c5f

6. Delete an existing venue
   To delete an existing venue, click on 'VENUES' in the navigation bar, then select the venue you wish to update. On that venue's profile page, click on "Delete venue" at the bottom of the page. This will delete the venue from the database

If attempting to update a venue that does not exist in the database, it notifies the client.

Currently, anyone can delete an existing venue. We will restrict this function to administrators only in the next deliverable

POST /deleteVenue/:_id
e.g. /deleteVenue/5eae288471ca2e93550a7c5f

Other venue functionalities still to come!

• getVenueByPostcode: GET /venue/bypostcode/:venuePostcode
  This returns an array of all the venue objects with the given postcode, if such venues exist in the database.
  If there are no venues in that postcode, it notifies the client. It takes the following inputs: from route parameter a venuePostcode.

e.g. /venue/bypostcode/3053

• getVenueByType: GET /venue/bytype/:venueType
  This returns an array of all the venue objects with the given type, if such venues exist in the database.
  If there are no venues with that type, it notifies the client.
  It takes the following inputs: from route parameter a venueType.

e.g. /venue/bytype/Cafe

Review

Overview

Users can leave a review for a venue through the venue’s profile page. The reviews were designed in such a way that users can only have one review per venue. This ensures that each user could have their most up-to-date experience on the website and that the aggregate ratings for each venue only consider a user’s rating once. From their profile page, users can view a list of all the reviews they have left for different venues, as well as their SS points. Users can earn more STUDYSPOT points by reviewing more venues, which encourages users to be more active on the website.

Schema

• _id (autogenerated ObjectId, e.g. 5ea95743b78d3762f88873c1)
• venueId (mandatory ObjectId from Venue data, e.g. 5ea67d644f821a73b6841702)
• venueName (mandatory String, e.g. Kathleen Syme Library)
• userId (mandatory ObjectId from User data, e.g. 5ead4c64008cdc41911d437c)
• userFirstName (mandatory String, e.g. Jeff)
• userLastName (mandatory String, e.g. Winger)
• datePosted (autogenerated Date, e.g. 2020-04-29T10:30:27.204+00:00)
• content (non-mandatory String, e.g. This is Matt Murdock's updated review of Kathleen Syme Library)
• rating (mandatory Number ranging from 1 to 5, e.g. 2)

Views

• venueProfile.pug
• deleteReview.pug
• profile.pug
• reviewUpdate.pug
• userProfile.pug

Controllers/Functions

The review component has the following functionalities:

1. getAllReviews: GET /review/
   This is used for viewing all existing reviews for venues by users.
   This returns an array of all reviews if there exists any, otherwise returns message "There are no existing reviews yet".
   e.g. /review/5ea95743b78d3762f88873c1

2. updateReview: PATCH  /review/:venueId/
   This is used for updating the rating and/or the comment of a review for a user for a venue.
   It takes the following inputs: from route parameter a venueId, and from body a userId, a rating and/or a comment.
   This returns the review object with the given venue and user id values as per the request, if it exists in the database, otherwise returns message describing reasons why query failed.
   e.g. /review/5ea67d644f821a73b6841702

3. addReview: POST /review/
   This is used for creating a review with a rating and an optional comment for a user for a venue (each user is only allowed have one review per venue).
   It takes the following inputs: from body an existing venueId, an existing userId, a rating and a optional comment.
   This adds a review object with values set as per the request, otherwise returns message describing reasons why request failed, if a review for the specified venue and user already exists, it returns a message "try updateReview instead".
   e.g. /review/

4. getReviewByIDs: GET /review/byids/:venueId/:userId/
   This is used for viewing all existing reviews for a specified venue left by a specified user.
   It takes the following inputs: from route parameter a venueId and a userId.
   This returns the review object with the given venue and user id values, if it exists in the database, otherwise returns message describing reasons why query failed.
   e.g. /review/byids/5ea67d644f821a73b6841702/5ead4c64008cdc41911d437c/

5. getReviewByVenueID: GET /review/byvenue/:venueId/
   This is used for viewing all existing reviews for a specified venue.
   It takes the following inputs: from route parameter a venueId.
   This returns the review object with the given venue id value, if it exists in the database, otherwise returns message describing reasons why query failed.
   e.g. /review/byvenue/5ea67d644f821a73b6841702/

6. getReviewByUserID: GET /review/byuser/:userId/
   This is used for viewing all existing reviews left by a specified user.
   It takes the following inputs: from route parameter a userId.
   This returns the review object with the given user id value, if it exists in the database, otherwise returns message describing reasons why query failed.
   e.g. /review/byuser/5ead4c64008cdc41911d437c/

7. deleteReview: DELETE /review/:venueId/
   This is used for deleting a review for a user about a venue.
   It takes the following inputs: from route parameter a venueId, and from body a userId.
   This deletes the venue object with the given venue and user id values, and returns success message if it exists in the database, otherwise returns message describing reasons why request failed.
   e.g. /review/5ea67d644f821a73b6841702/

Admin

Overview

The admin functionality serves to allow admins to resolve or delete requests or suggestions from users. The admin page displays outstanding requests and suggestions in the form of bootstrap cards, with links below to allow admins to update and delete.

Schemas

The admin attribute is included within the user attribute. However, the following two schemas are heavily used on the admin page.

venueRequests

The venueRequests schema is almost identical to the venue schema:

• _id (autogenerated ObjectId, e.g. 5eae288471ca2e93550a7c5f)
• venueName (mandatory string, e.g. Le Miel Et La Lune)
• venueType (mandatory string, e.g. Cafe)
• venueAddress
  • venueStreetAddress (mandatory string, e.g. 330 Cardigan St)
  • venueSuburb (mandatory string, e.g. Carlton)
  • venueState (mandatory string, e.g. VIC)
  • venuePostcode (mandatory string, e.g. 3053)
• venueDetails
  • noise: (mandatory string, i.e. low, med, or high)
  • wifi: (mandatory boolean, i.e. true or false)
  • toilets (mandatory boolean, i.e. true or false)
  • power (mandatory boolean, i.e. true or false)
  • discussionFriendly (mandatory boolean, i.e. true or false)
  • printer (mandatory boolean, i.e. true or false)
• venueContact
  • phonePrefix (optional string, e.g. (03))
  • phone (optional string, e.g. 9043 9767)
  • mobilePrefix (optional string, e.g. (+61))
  • mobile (optional string, e.g. 475862859)
  • email (optional string, e.g. [email protected])
  • web (optional string, e.g. lemieletlalune.com)
• venueHours
  • sun (mandatory string, e.g. closed)
  • mon (mandatory string, e.g. 7am-4pm)
  • tue (mandatory string, e.g. 7am-4pm)
  • wed (mandatory string, e.g. 7am-4pm)
  • thu (mandatory string, e.g. 7am-4pm)
  • fri (mandatory string, e.g. 7am-4pm)
  • sat (mandatory string, e.g. 8am-4pm)

venueSuggestions

• _id (autogenerated ObjectId, e.g. 5eae288471ca2e93550a7c5f)
• userId (autogenerated ObjectId, e.g. 5eae288471ca2e93550a7c5f)
• userName (mandatory String, e.g. Derek Zoolander)
• venueId (autogenerated ObjectId, e.g. 5eae288471ca2e93550a7c5f)
• venueName (mandatory String, e.g. Kathleen Syme Library)
• suggestion (mandatory String, e.g. The opening hours are incorrect)
• resolved (mandatory boolean, e.g. true)

Views

• admin.pug
  • adminDeleteRequest.pug
  • adminDeleteSuggestion.pug
  • adminResolveSuggestion.pug
  • adminResolveRequest.pug
  • adminResolveSuggestion.pug

Controllers/Functions

The Admin functionality is performed through the adminController. It has the following functionalities:

1. getAdminPage: GET /admin This is used to render the admin page. It renders the admin page with venueRequests and venueSuggestions presented as bootstrap cards which the admin can delete or resolve. e.g. /admin

2. getDeleteRequestPage: GET /admin/deleteRequest/:_id
   This is used to render the delete venue request confirmation page. It renders a button which will delete the venue request, as well as a button which leads to the update request page, and a link back to the admin page. e.g. /admin/deleteRequest/5eae288471ca2e93550a7c5f

3. postDeleteRequest: POST /admin/deleteRequest/:_id
   This is used to post the delete request. It deletes the venue request and before showing a confirmation message. e.g. /admin/deleteRequest/5eae288471ca2e93550a7c5f

4. getResolveRequestPage: GET /admin/resolveRequest/:_id This is used to render the resolve request page. It renders a pre-filled create venue form. e.g. /admin/resolveRequest/5eae288471ca2e93550a7c5f

5. postResolveRequest: POST /admin/resolveRequest/:_id This is used to post the request form. It creates a new venue with the values input into the form, and deletes the request. It shows a confirmation message after completing these operations. e.g. /admin/resolveRequest/5eae288471ca2e93550a7c5f

6. getDeleteSuggestionPage: GET /admin/deleteSuggestion/:_id This is used to render the delete venue suggestion confirmation page. It renders a button which will delete the venue suggestion, as well as a button which leads to the update suggestion page, and a link back to the admin page. e.g. /admin/deleteSuggestion/5eae288471ca2e93550a7c5f

7. postDeleteSuggestionPage: POST /admin/deleteSuggestion/:_id This is used to delete the suggestion. It deletes the venue suggestion and before showing a confirmation message. e.g. /admin/deleteSuggestion/5eae288471ca2e93550a7c5f

8. getResolveSuggestionPage: GET /admin/resolveSuggestion/:_id This is used to render the resolve suggestion page. It renders a bootstrap card with the suggestion showing, as well as a pre-filled update venue form. e.g. /admin/resolveSuggestion/5eae288471ca2e93550a7c5f

9. postResolveSuggestionPage: GET /admin/resolveSuggestion/:_id This is used to post the suggestion form. It updates the venue with the values input into the form, and deletes the suggestion. It shows a confirmation message after completing these operations. e.g. /admin/resolveSuggestion/5eae288471ca2e93550a7c5f

Testing

We were unable to successfully implement testing of any of our functionalities, despite very helpful input from our tutor and demonstrator. We consistently received an 'await' error that we were ultimately unable to resolve.