Return id after authentication & add upper limit on team members

eesast · Sep 23, 2018 · e6e3ad3 · e6e3ad3
1 parent c15880d
commit e6e3ad3
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 20 deletions.
diff --git a/docs/doc.md b/docs/doc.md
@@ -538,19 +538,25 @@
   403 Forbidden: Incorrect invite code.
   ```
 
-  若**请求者未传入 `x-access-token` 或者 `x-access-token` 非法**，则状态码为 `401`，将返回文本：
+  若**队伍人数超过上限**，则状态码为 `409`，将返回文本：
 
   ```
-  401 Unauthorized: Token required.
-  或
-  401 Unauthorized: Invalid or expired token.
+  409 Conflict: The number of members exceeds.
   ```
 
-  若**队伍不存在**，则状态码为 `404`，将返回文本：
+若**请求者未传入 `x-access-token` 或者 `x-access-token` 非法**，则状态码为 `401`，将返回文本：
 
-  ```
-  404 Not Found: Team does not exist.
-  ```
+```
+401 Unauthorized: Token required.
+或
+401 Unauthorized: Invalid or expired token.
+```
+
+若**队伍不存在**，则状态码为 `404`，将返回文本：
+
+```
+404 Not Found: Team does not exist.
+```
 
 - PUT `/api/teams/:id/members`
 

diff --git a/routes/auth.js b/routes/auth.js
@@ -44,7 +44,9 @@ router.post("/", async (req, res) => {
     const token = jwt.sign({ id: user._id }, authConfig.secret, {
       expiresIn: "1h"
     });
-    return res.status(200).send({ auth: true, token, username: user.username });
+    return res
+      .status(200)
+      .send({ auth: true, token, id: user._id, username: user.username });
   }
 });
 

diff --git a/routes/teams.js b/routes/teams.js
@@ -192,17 +192,20 @@ router.put("/:id", verifyToken, async (req, res) => {
   try {
     // 成员存在且未加入其他队伍时才合法。
     if (req.body.members) {
-      const isMemberValid = await req.body.members.reduce(
-        async (prev, cur) =>
-          prev &&
-          (await existenceVerifier(User, { _id: cur })) &&
-          !(await existenceVerifier(
-            Team,
-            { _id: { $ne: req.params.id } },
-            { members: { $in: cur } }
-          )),
-        true
-      );
+      let isMemberValid = req.body.members.length < 5;
+      isMemberValid =
+        isMemberValid &&
+        (await req.body.members.reduce(
+          async (prev, cur) =>
+            prev &&
+            (await existenceVerifier(User, { _id: cur })) &&
+            !(await existenceVerifier(
+              Team,
+              { _id: { $ne: req.params.id } },
+              { members: { $in: cur } }
+            )),
+          true
+        ));
       if (!isMemberValid) {
         return res.status(400).send("400 Bad Request: Invalid members.");
       }
@@ -324,6 +327,9 @@ router.post("/:id/members/", verifyToken, async (req, res) => {
   if (!team) {
     return res.status(404).send("404 Not Found: Team does not exist.");
   }
+  if (team.members.length > 3) {
+    return res.status(409).send("409 Conflict: The number of members exceeds.");
+  }
   if (!isFree) {
     return res.status(409).send("409 Conflict: User is already in a team.");
   }