Technigo · carro-barro · Jan 20, 2026 · Apr 23, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # Project API
 
+render: https://happy-thoughts-api-o47r.onrender.com
+
 This project includes the packages and babel setup for an express server, and is just meant to make things a little simpler to get up and running with.
 
 ## Getting started

diff --git a/data.json b/data.json
@@ -110,12 +110,5 @@
     "hearts": 3,
     "createdAt": "2025-05-20T03:57:40.322Z",
     "__v": 0
-  },
-  {
-    "_id": "682bab8c12155b00101732ce",
-    "message": "Berlin baby",
-    "hearts": 37,
-    "createdAt": "2025-05-19T22:07:08.999Z",
-    "__v": 0
   }
 ]
diff --git a/middleware/authMiddleware.js b/middleware/authMiddleware.js
@@ -0,0 +1,33 @@
+import { User } from "../models/User.js"
+
+export const authenticateUser = async (request, response, next) => {
+  try {
+
+    const authHeader = request.header("Authorization") || request.get("Authorization")
+
+    if(!authHeader) {
+      return response.status(401).json({
+        message: "Authentication missing or invalid",
+        loggedOut: true
+      })
+    }
+
+    const user = await User.findOne({ accessToken: authHeader.replace("Bearer ", "")})
+
+    if (user) {
+      request.user = user
+      next()
+    } else {
+      response.status(401).json({
+        message: "Authentication missing or invalid",
+        loggedOut: true
+      })
+    }
+
+  } catch (error) {
+    response.status(500).json({
+      message: "internal server error",
+      error: error.message
+    })
+  }
+}
diff --git a/models/HappyThought.js b/models/HappyThought.js
@@ -0,0 +1,22 @@
+import mongoose from "mongoose"
+
+const happyThoughtSchema = new mongoose.Schema({
+  message: {
+    type: String,
+    required: true
+  },
+  hearts: {
+    type: Number
+  },
+  createdAt: {
+    type: Date,
+    default: Date.now
+  },
+  author: {
+    type: mongoose.Schema.Types.ObjectId,
+    ref: "User",
+    required: true
+  }
+})
+
+export const HappyThought = mongoose.model("HappyThought", happyThoughtSchema)
diff --git a/models/User.js b/models/User.js
@@ -0,0 +1,28 @@
+import crypto from "crypto"
+import mongoose from "mongoose"
+
+const userSchema = new mongoose.Schema({
+  firstName: {
+    type: String,
+    required: true
+  },
+  lastName: {
+    type: String,
+    required: true
+  },
+  email: {
+    type: String,
+    required: true,
+    unique: true
+  },
+  password: {
+    type: String,
+    required: true
+  },
+  accessToken: {
+    type: String,
+    default: () => crypto.randomBytes(128).toString("hex")
+  }
+})
+
+export const User = mongoose.model("User", userSchema)
diff --git a/package.json b/package.json
@@ -2,6 +2,7 @@
   "name": "project-api",
   "version": "1.0.0",
   "description": "Project API",
+  "type": "module",
   "scripts": {
     "start": "babel-node server.js",
     "dev": "nodemon server.js --exec babel-node"
@@ -12,8 +13,13 @@
     "@babel/core": "^7.17.9",
     "@babel/node": "^7.16.8",
     "@babel/preset-env": "^7.16.11",
-    "cors": "^2.8.5",
-    "express": "^4.17.3",
+    "bcrypt": "^6.0.0",
+    "cors": "^2.8.6",
+    "dotenv": "^17.2.3",
+    "express": "^4.22.1",
+    "express-list-endpoints": "^7.1.1",
+    "mongodb": "^7.2.0",
+    "mongoose": "^9.5.0",
     "nodemon": "^3.0.1"
   }
 }
diff --git a/routes/happyThoughtsRoutes.js b/routes/happyThoughtsRoutes.js
@@ -0,0 +1,247 @@
+import express from "express"
+import mongoose from "mongoose"
+import { authenticateUser } from "../middleware/authMiddleware.js"
+import { HappyThought } from "../models/HappyThought.js"
+
+const router = express.Router()
+
+router.get("/", async (request, response) => {
+
+  const { minLikes } = request.query
+
+  const query = {}
+
+  if (minLikes) {
+    query.hearts = {$gte: Number(minLikes)}
+  }
+
+  try {
+
+    const filteredMessages = await HappyThought.find(query)
+      .sort({ createdAt: "desc" })
+      .populate("author", "firstName lastName")
+
+    if (filteredMessages.length === 0) {
+      return response.status(404).json({
+        success: false,
+        response: [],
+        message: "No thoughts were found for that query"
+      })
+    }
+
+    return response.status(200).json({
+      success: true,
+      response: filteredMessages,
+      message: "Success"
+    })
+  } catch (error) {
+    return response.status(500).json({
+      success: false,
+      response: [],
+      message: error
+    })
+  }
+})
+
+router.post("/", authenticateUser, async (request, response) => {
+  const { message } = request.body
+
+  try {
+    const newHappyThought = await new HappyThought({ message, author: request.user._id }).save()
+    await newHappyThought.populate("author", "firstName lastName")
+    response.status(201).json({
+      success: true,
+      response: newHappyThought,
+      message: "Happy thought created successfully"
+    })
+  } catch (error) {
+    response.status(500).json({
+      success: false,
+      response: error,
+      message: "Couldn't create happy thought"
+    })
+  }
+})
+
+
+router.get("/:id", async (request, response) => {
+  const { id } = request.params
+
+  try {
+    const happyThought = await HappyThought.findById(id).populate("author", "firstName lastName")
+    if (!happyThought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy thought not found"
+      })
+    }
+
+    response.status(200).json({
+      success: true,
+      response: happyThought
+    })
+  } catch (error) {
+    response.status(500).json({
+      success: false,
+      response: error,
+      message: "Happy thought couldn't be found"
+    })
+  }
+
+})
+
+
+router.delete("/:id", authenticateUser, async (request, response) => {
+  const { id } = request.params
+
+  if (!id || !mongoose.isValidObjectId(id)) {
+    return response.status(400).json({
+      success: false,
+      response: null,
+      message: "Invalid ID"
+    })
+  }
+
+  if (!request.user || !request.user._id) {
+    return response.status(401).json({
+      success: false,
+      response: null,
+      message: "User not authenticated"
+    })
+  }
+
+  try {
+
+    const thought = await HappyThought.findById(id)
+
+    if (!thought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy thought not found"
+      })
+    }
+
+    // säker ägarcheck: fungerar om author är ObjectId eller populated object
+    const authorId = thought.author?._id ? thought.author._id.toString() : thought.author?.toString()
+    if (!authorId || authorId !== request.user._id.toString()) {
+      return response.status(403).json({
+        success: false,
+        response: null,
+        message: "You are not authorized to delete this thought"
+      })
+    }
+
+    const deletedThought = await HappyThought.findByIdAndDelete(id)
+
+    if (!deletedThought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy thought not found"
+      })
+    }
+
+    response.status(200).json({
+      success: true,
+      response: deletedThought,
+      message: "Happy thought deleted successfully"
+    })
+  } catch (error) {
+    response.status(500).json({
+      success: false,
+      response: error,
+      message: "Error deleting happy thought"
+    })
+  }
+})
+
+router.patch("/:id", authenticateUser, async (request, response) => {
+  const { id } = request.params
+  const { message } = request.body
+
+  try {
+
+    if (!message || message.length <5 || message.length > 140) {
+      return response.status(400).json({
+        success: false,
+        response: null,
+        message: "Message must be between 5 and 140 characters"
+      })
+    }
+
+    const thought = await HappyThought.findById(id)
+
+    if (!thought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy Thought not found"
+      })
+    }
+
+    if (!thought.author.equals(request.user._id)) {
+      return response.status(403).json({
+        success: false,
+        response: null,
+        message: "You are not authorized to update this thought"
+      })
+    }
+
+    const updatedHappyThought = await HappyThought.findByIdAndUpdate(id, { message }, { new: true})
+
+    if (!updatedHappyThought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy Thought not found"
+      })
+    }
+
+    return response.status(200).json({
+      success: true,
+      response: updatedHappyThought,
+      message: "Happy Thought updated successfully"
+    })
+
+  } catch (error) {
+    response.status(500).json({
+      success: false,
+      response: null,
+      message: "Could not update thought"
+    })
+  }
+})
+
+router.patch("/:id/like", async (request, response) => {
+  const { id } = request.params
+
+  try {
+    const happyThought = await HappyThought.findByIdAndUpdate(id, { $inc: {hearts: 1}}, { new: true })
+
+    if (!happyThought) {
+      return response.status(404).json({
+        success: false,
+        response: null,
+        message: "Happy thought not found"
+      })
+    }
+
+    response.status(200).json({
+      success: true,
+      response: happyThought,
+      message: "Happy thought liked successfully"
+    })
+  } catch (error) {
+    response.status(500).json({
+      success: false,
+      response: error,
+      message: "Error liking happy thought"
+    })
+  }
+
+})
+
+
+export default router