Global

Members

(constant) cartItemSchema

Schema for individual items in the user's cart. - Embedded directly in the user document for fast access. - References a Product by ObjectId. - Does not generate its own _id to keep the structure lean.
Source:

(constant) cartItemSchema

Joi schema for a single item in the user's cart. - productId: required, ObjectId string - quantity: required, number, min 1
Source:

(constant) orderValidator

Joi validation schema for Order creation/update. Fields: - user: required, valid ObjectId string (references User) - items: required, array of objects each containing: - product: required, valid ObjectId string (references Product) - quantity: required, number, min 1 - price: required, number, min 0 - totalPrice: optional, number, min 0 - status: optional, string, one of ['pending', 'paid', 'shipped', 'delivered', 'cancelled'], defaults to 'pending'
Source:

(constant) productValidator

Joi validation schema for Product creation/update. Fields: - name: required, string, trimmed, non-empty - description: optional, string, trimmed - price: required, number, min 0 - images: optional, array of strings (URLs), max length 5 - category: required, string, lowercase, trimmed - stock: required, number, min 0 - isPublished: optional, boolean - createdBy: optional, valid ObjectId string (references User)
Source:

(constant) userSchema

User schema definition. Fields: - email {String} required, unique, trimmed, lowercase - password {String} required (hashed before save) - role {String} enum: 'user' | 'admin' - cartItems {Array} embedded for quick access - previousOrders {Array} references Order documents
Source:

(constant) userValidator

Joi validation schema for User creation/update. Fields: - displayName: optional, trimmed, min 3, max 30 - email: required, lowercase, trimmed, matches email regex - googleId: optional string - password: required if googleId is missing, min 6, max 128 - role: 'user' | 'admin' - cartItems: array of validated cartItemSchema - previousOrders: array of ObjectId strings
Source:

Methods

(async) authenticateToken(req, res, next)

Verifies the presence and validity of an authentication token sent in a cookie, and if valid, populates `req.user` with the corresponding user document.
Parameters:
Name Type Description
req Object Express request object
res Object Express response object
next function Express next middleware function
Source:
Throws:
  • if no token is present, or if the user is not found
    Type
    401
  • if the token is invalid or expired
    Type
    403

checkAdmin()

Middleware to restrict access to admin-only routes. Assumes req.user is populated by authentication middleware
Source:
Throws:
If user lacks admin privileges
Type
403

(async) countPublishedProducts() → {Promise.<Number>}

Retrieve the count of all products where isPublished is true
Source:
Returns:
Count of published product documents
Type
Promise.<Number>

(async) createGoogleUser(data) → {Promise.<Object>}

Create a new user with a Google ID.
Parameters:
Name Type Description
data Object User data with shape: { email, googleId, displayName }
Source:
Throws:
- If there is an error creating the user
Type
Error
Returns:
- Newly created user document
Type
Promise.<Object>

(async) createLocalUser(data) → {Promise.<Object>}

Create a new local user.
Parameters:
Name Type Description
data Object User data with shape: { email, password, displayName }
Source:
Throws:
- If there is an error creating the user
Type
Error
Returns:
- Newly created user document
Type
Promise.<Object>

(async) createProduct(data) → {Promise.<Object>}

Create a new product document in the database
Parameters:
Name Type Description
data Object Product data (matches schema shape)
Source:
Returns:
Created product document
Type
Promise.<Object>

(async) createProductHandler(req, res) → {Promise.<void>}

Creates a new product using request body data.
Parameters:
Name Type Description
req Request Express request object with product data in body
res Response Express response object
Source:
Returns:
Sends JSON response with created product or error
Type
Promise.<void>

(async) deleteProduct(id) → {Promise.<(Object|null)>}

Delete a product by its ID
Parameters:
Name Type Description
id String Product ID
Source:
Returns:
Deleted document or null if not found
Type
Promise.<(Object|null)>

(async) deleteProductHandler(req, res) → {Promise.<void>}

Deletes a product by its ID.
Parameters:
Name Type Description
req Request Express request object with path param: id
res Response Express response object
Source:
Returns:
Sends 204 status or error response
Type
Promise.<void>

finalizeAuth(req, res, optionsopt) → {void}

Helper function to finalize authentication workflow - Generates a JWT with user ID and role as payload - In production, sends an http-only cookie with the token - In development, returns a JSON response with the token and basic user data - Handles errors with structured response and logging
Parameters:
Name Type Attributes Description
req Object Express request object
res Object Express response object
options Object <optional>
 Optional configuration object
Properties
Name Type Attributes Description
redirectUrl String <optional>
 Redirect URL for production; defaults to false
Source:
Returns:
Type
void

(async) findUserByEmail(email) → {Promise.<(Object|null)>}

Find a user by their email address.
Parameters:
Name Type Description
email string Email to search for
Source:
Returns:
- User document if found, otherwise null
Type
Promise.<(Object|null)>

(async) findUserById(id) → {Promise.<(Object|null)>}

Find a user by their MongoDB ObjectId. - Accepts either a string or a valid ObjectId instance - Returns null if the input is not a valid ObjectId format - Logs a warning for invalid input to aid debugging
Parameters:
Name Type Description
id string | ObjectId User ID to lookup
Source:
Returns:
- User document if found, otherwise null or throws on DB error
Type
Promise.<(Object|null)>

(async) getAllProducts() → {Promise.<Array>}

Retrieve all products from the database (regardless of publish status)
Source:
Returns:
Array of product documents
Type
Promise.<Array>

(async) getAllPublishedProducts() → {Promise.<Array>}

Retrieve all products where isPublished is true
Source:
Returns:
Array of published product documents
Type
Promise.<Array>

getCurrentUser() → {Promise.<Object>}

Retrieves the currently authenticated user
Source:
Returns:
User data in a standardized format
Type
Promise.<Object>

(async) getPaginatedPublishedProducts(page, limit) → {Promise.<Array>}

Retrieve a paginated set of published products
Parameters:
Name Type Description
page Number Page number of results to return
limit Number Number of results per page
Source:
Throws:
When there is an error fetching the paginated products
Type
Error
Returns:
Array of published product documents
Type
Promise.<Array>

(async) getProductById(id) → {Promise.<(Object|null)>}

Retrieve a single product by its MongoDB _id
Parameters:
Name Type Description
id String Product ID
Source:
Returns:
Product document or null if not found
Type
Promise.<(Object|null)>

(async) getProductByIdHandler(req, res) → {Promise.<void>}

Retrieves a single published product by its ID.
Parameters:
Name Type Description
req Request Express request object with path param: id
res Response Express response object
Source:
Returns:
Sends JSON response with product data or error
Type
Promise.<void>

(async) getProducts(req, res) → {Promise.<void>}

Fetches a paginated list of published products.
Parameters:
Name Type Description
req Request Express request object with optional query params: page, limit
res Response Express response object
Source:
Returns:
Sends JSON response with product data and pagination info
Type
Promise.<void>

handleGoogleCallback() → {void}

Finalizes Google OAuth flow and issues token
Source:
Returns:
Type
void

(async) loginUser()

Authenticates a user and issues a signed JWT
Source:

origin(origin, callback)

CORS origin function to check if the incoming request's origin is allowed to make requests to the server.
Parameters:
Name Type Description
origin string The origin of the incoming request.
callback function Called with either `null` or an `Error` object indicating whether the request is allowed or not.
Source:

(async) registerUser()

Registers a new user with email, password, and optional displayName
Source:

updateOrderStatusHandler()

Update an existing order's status
Source:

(async) updateProduct(id, updates) → {Promise.<(Object|null)>}

Update a product document by ID
Parameters:
Name Type Description
id String Product ID
updates Object Updated fields
Source:
Returns:
Updated product or null if not found
Type
Promise.<(Object|null)>

(async) updateProductHandler(req, res) → {Promise.<void>}

Updates an existing product by ID using request body data.
Parameters:
Name Type Description
req Request Express request object with path param: id and update data in body
res Response Express response object
Source:
Returns:
Sends JSON response with updated product or error
Type
Promise.<void>

Type Definitions

Product

Properties:
Name Type Description
name String Name of the product (required)
description String Description of the product
price Number Product price in local currency (required, min: 0)
images Array.<String> Array of image URLs (max: 5)
category String Category label (required, lowercase)
stock Number Units in stock (required, min: 0)
isPublished Boolean Visibility toggle for public listing
createdBy Schema.Types.ObjectId Admin user who created the product
createdAt Date Timestamp of creation (auto-generated)
updatedAt Date Timestamp of last update (auto-generated)
Source: