added monoose input sanitizer and completed stage of group creation

index.js

@@ -3,6 +3,7 @@ const express = require("express");
 const app = express();
 const PORT = process.env.PORT;
 const cookieParser = require("cookie-parser");
+const monogoSanitize = require("express-mongo-sanitize");
 
 const connectDB = require("./src/db/db");
 
@@ -14,6 +15,7 @@ connectDB();
 // Middleware to parse json and urlEncoded
 app.use(express.urlencoded({ extended: true }));
 app.use(express.json());
+app.use(monogoSanitize());
 
 // cookie parser Middleware
 app.use(cookieParser());

package.json

@@ -25,6 +25,7 @@
     "disposable-email-domains": "^1.0.62",
     "dotenv": "^16.4.5",
     "express": "^4.19.2",
+    "express-mongo-sanitize": "^2.2.0",
     "express-rate-limit": "^7.4.0",
     "hashi-vault-js": "^0.4.16",
     "jimp": "^1.3.0",
@@ -35,9 +36,11 @@
     "qrcode": "^1.5.4",
     "rate-limit-redis": "^4.2.0",
     "redis": "^4.7.0",
-    "speakeasy": "^2.0.0"
+    "speakeasy": "^2.0.0",
+    "validator": "^13.12.0"
   },
   "devDependencies": {
+    "@types/validator": "^13.12.1",
     "nodemon": "^3.1.4"
   }
 }

src/controllers/groupController.js

@@ -1,9 +1,47 @@
 const groupModel = require("../models/groupModel");
+const validator = require("validator");
 
-// TODO: implement the create group func wrt to frontend design
-module.exports.createGroup = async (req, res) => {};
+// TODO: implement the stage of create group(add group member via invite)
+module.exports.createGroup = async (req, res) => {
+  const { stage, groupData, members } = req.body;
+  try {
+    // Stage 1: Group name and group description(optional)
+    if (stage == 1) {
+      // Extract the nested group details from groupData
+      const { groupName, description } = groupData;
+      if (!groupName || !validator.isLength(groupName.trim(), { min: 1 })) {
+        // description is optional
+        return res.status(400).json({ message: "Group name is required." });
+      }
+
+      // Sanitize the input before saving
+      const sanitizedGroupName = validator.escape(groupName.trim());
+      const sanitizedGroupDescription = description
+        ? validator.escape(description.trim())
+        : " ";
+      // Create the group (no members yet)
+      const newgroup = await groupModel.create({
+        groupName: sanitizedGroupName,
+        description: sanitizedGroupDescription,
+        createdBy: req.user.id,
+      });
+
+      // save the groupInfo to DB(without group members)
+      await newgroup.save();
+      return res.status(200).json({
+        message: "Group created successfully. Proceed to add members.",
+        groupId: newgroup._id,
+      });
+    }
+
+    // Stage 2: Add member and send invites
+    if (stage == 2) {
+      const { groupId } = groupData;
+    }
+  } catch (error) {}
+};
 
-// TODO: implement the join group func wrt to frontend design
+// TODO: add option to check if user is signed in or not (redirect to register/login if nots)
 module.exports.joinGroup = async (req, res) => {
   const { groupName, groupCode } = req.body;
 
@@ -47,7 +85,6 @@ module.exports.joinGroup = async (req, res) => {
     return res.status(200).json({
       message: "You have successfully joined the group",
     });
-    return;
   } catch (error) {
     console.error(error);
     return res

src/models/groupModel.js

@@ -9,6 +9,7 @@ const groupSchema = new mongoose.Schema({
   description: {
     type: String,
     trim: true,
+    maxLength: [40, "Description cannot be more than 40 characters"],
   },
   groupCode: {
     type: String,
@@ -43,6 +44,7 @@ const groupSchema = new mongoose.Schema({
     type: mongoose.Schema.Types.ObjectId,
     ref: "User",
     required: true,
+    unique: true,
   },
 });
 

src/routes/groupRoute.js

@@ -4,6 +4,6 @@ const limitRoute = require("../middlewares/limiterMiddleware");
 const auth = require("../middlewares/authMiddleware");
 const { joinGroup } = require("../controllers/groupController");
 
-router.post("/group/join", joinGroup);
+router.post("/group/join", auth, joinGroup);
 
 module.exports = router;