tests: Added e2e testing for card attachment endpoints

Author: OscarS05

api/src/application/use-cases/card-attachment/DeleteCardAttachmentUseCase.js

@@ -14,8 +14,9 @@ class DeleteCardAttachmentUseCase {
         cardAttachment.publicId,
       );
 
-      if (deletedInStorage?.result !== 'ok')
+      if (deletedInStorage?.result !== 'ok') {
         throw Boom.badRequest('Failed to delete file from Cloudinary');
+      }
     }
 
     const result = await this.cardAttachmentRepository.delete(

api/src/application/use-cases/card-attachment/SaveCardAttachmentUseCase.js

@@ -8,11 +8,12 @@ class SaveCardAttachmentUseCase {
   }
 
   async execute(cardAttachmentData) {
-    if (!cardAttachmentData?.id) {
-      throw new Error('cardAttachment was not provided');
-    }
     if (!cardAttachmentData?.cardId) throw new Error('cardId was not provided');
-    if (!cardAttachmentData?.type || !cardAttachmentData?.publicId) {
+    if (
+      !cardAttachmentData?.type ||
+      (cardAttachmentData.type !== 'external-link' &&
+        !cardAttachmentData?.publicId)
+    ) {
       throw new Error(
         'cardAttachmentData does not contain the data of the saved attachment',
       );

api/src/application/use-cases/card-attachment/UpdateCardAttachmentUseCase.js

@@ -15,6 +15,10 @@ class UpdateCardAttachmentUseCase {
     if (cardAttachment.type !== 'external-link') {
       // eslint-disable-next-line no-unused-expressions, no-param-reassign
       delete cardAttachmentData.url || null;
+
+      if (!cardAttachmentData?.filename) {
+        throw Boom.badRequest('filename was not provided to update attachment');
+      }
     }
 
     const entityUpdateCardAttachment = new EntityUpdateCardAttachment(

api/src/domain/entities/EntityUpdateCardAttachment.js

@@ -1,9 +1,16 @@
+const boom = require('@hapi/boom');
 const CardAttachmentFileName = require('../value-objects/cardAttachmentFileName');
 const CardAttachmentUrl = require('../value-objects/cardAttachmentUrl');
 
 class EntityUpdateCardAttachment {
   constructor({ filename, url }) {
-    this.filename = new CardAttachmentFileName(filename).value;
+    if (!filename && !url) {
+      throw boom.badRequest(
+        'At least one of them must be provided (filename, url)',
+      );
+    }
+
+    if (filename) this.filename = new CardAttachmentFileName(filename).value;
     if (url) this.url = new CardAttachmentUrl(url).value;
   }
 }

api/src/infrastructure/store/db/seeders/14-card-attachments.js

@@ -18,9 +18,9 @@ module.exports = {
       {
         id: 'a5332d0a-6352-4599-89e6-48c70908f6ba',
         filename: 'Agroplus-db-scheme-2.jpg',
-        url: 'https://res.cloudinary.com/dfprxzekh/image/upload/v1744326304/card-attachments/file_ysjlp7.jpg',
+        url: 'https://github.com/OscarS05/Trello-like-project-api',
         card_id: '4600a009-a471-4416-bf24-e857d23d2ab3',
-        type: 'image/jpeg',
+        type: 'external-link',
         created_at: '2025-04-10T23:05:04.884Z',
       },
 

api/src/interfaces/controllers/card-attachments.controller.js

@@ -67,15 +67,15 @@ const updateCardAttachment = async (req, res, next) => {
     const { cardId, attachmentId } = req.params;
     const cardAttachmentData = req.body;
 
-    const upadedCard = await cardAttachmentService.updateCardAttachment(
+    const upatedCard = await cardAttachmentService.updateCardAttachment(
       cardId,
       attachmentId,
       cardAttachmentData,
     );
 
     res.status(200).json({
       message: 'The card attachment was successfully updated',
-      upadedCard,
+      upatedCard,
     });
   } catch (error) {
     next(error);

api/src/interfaces/middlewares/authorization/card.authorization.js

@@ -53,7 +53,7 @@ const checkProjectMembershipByCard = async (req, res, next) => {
       cardId,
     );
     if (!projectMember?.id)
-      throw boom.notFound('Something went wrong with data');
+      throw boom.forbidden('Something went wrong with data');
 
     req.projectMember = projectMember;
     next();

api/src/interfaces/middlewares/upload-files.handler.js

@@ -1,4 +1,5 @@
 const multer = require('multer');
+const boom = require('@hapi/boom');
 const path = require('path');
 
 const { validatorHandler } = require('./validator.handler');
@@ -12,7 +13,7 @@ const fileFilterByExtension = (allowedFormats) => {
     if (allowedFormats.includes(ext)) {
       cb(null, true);
     } else {
-      cb(new Error(`Invalid file type: ${ext}`), false);
+      cb(boom.badRequest(`Invalid file type: ${ext}`), false);
     }
   };
 };

api/src/interfaces/routes/auth.router.js

@@ -12,10 +12,10 @@ const {
 
 const EMAIL_LIMITER_MESSAGE =
   'Too many email requests, please try again after an 15 minutes';
-const LOGIN_LIMITER_MESSAGE = {
-  error: 'Too many login attempts',
-  message: 'Please wait 15 minutes and try again.',
-};
+// const LOGIN_LIMITER_MESSAGE = {
+//   error: 'Too many login attempts',
+//   message: 'Please wait 15 minutes and try again.',
+// };
 
 const {
   login,
@@ -58,7 +58,7 @@ const {
  *       429:
  *         description: Too many login attempts, please try again later.
  */
-router.post('/login', limiter(6, 15 * 60 * 100, LOGIN_LIMITER_MESSAGE), login);
+router.post('/login', login);
 
 /**
  * @swagger

api/src/interfaces/routes/card-attachments.router.js

@@ -70,6 +70,67 @@ router.get(
   cardAttachmentControllers.getAllCardAttachments,
 );
 
+/**
+ * @swagger
+ * /cards/{cardId}/attachments/{attachmentId}/download:
+ *   get:
+ *     summary: Download a file attachment from a card
+ *     description: |
+ *       It acts as a proxy for downloading an attachment stored on an external hosting service. It can also be used to view card attachments, not just for downloading.
+ *
+ *       - This endpoint ensures the actual storage URL remains hidden.
+ *       - Only works for **file attachments**, not for external links.
+ *       - The attachment must belong to the card identified by `cardId`.
+ *
+ *       ### Authorization & Access Rules
+ *       - Requires a valid Bearer access token.
+ *       - Both `cardId` and `attachmentId` must be valid UUIDs.
+ *       - The requester must be a member of the project that owns the card (any role).
+ *
+ *     tags:
+ *       - card-attachment
+ *     security:
+ *       - bearerAuth: []
+ *     parameters:
+ *       - in: path
+ *         name: cardId
+ *         required: true
+ *         description: ID of the card that owns the attachment
+ *         schema:
+ *           type: string
+ *           format: uuid
+ *       - in: path
+ *         name: attachmentId
+ *         required: true
+ *         description: ID of the file attachment to download
+ *         schema:
+ *           type: string
+ *           format: uuid
+ *     responses:
+ *       200:
+ *         description: File attachment streamed for download
+ *         content:
+ *           application/octet-stream:
+ *             schema:
+ *               type: string
+ *               format: binary
+ *       400:
+ *         description: Cannot download external links
+ *       401:
+ *         description: Invalid or missing token
+ *       403:
+ *         description: User is not authorized to download this attachment
+ *       404:
+ *         description: Attachment not found or does not belong to the specified card
+ */
+router.get(
+  '/:cardId/attachments/:attachmentId/download',
+  validateSession,
+  validatorHandler(cardAttachmentSchema, 'params'),
+  checkProjectMembershipByCard,
+  cardAttachmentControllers.downloadCardAttachment,
+);
+
 /**
  * @swagger
  * /cards/{cardId}/attachments:
@@ -310,65 +371,4 @@ router.delete(
   cardAttachmentControllers.deleteCardAttachent,
 );
 
-/**
- * @swagger
- * /cards/{cardId}/attachments/{attachmentId}/download:
- *   get:
- *     summary: Download a file attachment from a card
- *     description: |
- *       It acts as a proxy for downloading an attachment stored on an external hosting service. It can also be used to view card attachments, not just for downloading.
- *
- *       - This endpoint ensures the actual storage URL remains hidden.
- *       - Only works for **file attachments**, not for external links.
- *       - The attachment must belong to the card identified by `cardId`.
- *
- *       ### Authorization & Access Rules
- *       - Requires a valid Bearer access token.
- *       - Both `cardId` and `attachmentId` must be valid UUIDs.
- *       - The requester must be a member of the project that owns the card (any role).
- *
- *     tags:
- *       - card-attachment
- *     security:
- *       - bearerAuth: []
- *     parameters:
- *       - in: path
- *         name: cardId
- *         required: true
- *         description: ID of the card that owns the attachment
- *         schema:
- *           type: string
- *           format: uuid
- *       - in: path
- *         name: attachmentId
- *         required: true
- *         description: ID of the file attachment to download
- *         schema:
- *           type: string
- *           format: uuid
- *     responses:
- *       200:
- *         description: File attachment streamed for download
- *         content:
- *           application/octet-stream:
- *             schema:
- *               type: string
- *               format: binary
- *       400:
- *         description: Cannot download external links
- *       401:
- *         description: Invalid or missing token
- *       403:
- *         description: User is not authorized to download this attachment
- *       404:
- *         description: Attachment not found or does not belong to the specified card
- */
-router.get(
-  '/:cardId/attachments/:attachmentId/download',
-  validateSession,
-  validatorHandler(cardAttachmentSchema, 'params'),
-  checkProjectMembershipByCard,
-  cardAttachmentControllers.downloadCardAttachment,
-);
-
 module.exports = router;