# 04 - authtestcontroller.js In this module, we'll add a new controller that requires a user token for all requests. ## Overview We are going to add a number of endpoints/routes in this controller. We will give you all of this code and will be analyzing it in the future. ## Code Create an `authtestcontroller.js` file inside of the `controllers` folder, then add the following code: ```javascript var router = require('express').Router(); var sequelize = require('../db'); var User = sequelize.import('../models/user'); var AuthTestModel = sequelize.import('../models/authtest'); /************************************* * GET ALL ITEMS FOR INDIVIDUAL USER *************************************/ router.get('/getall', function (req, res) { var userid = req.user.id; AuthTestModel .findAll({ where: { owner: userid } }) .then( function findAllSuccess(data) { res.json(data); }, function findAllError(err) { res.send(500, err.message); } ); }); /************************************* * POST SINGLE ITEM FOR INDIVIDUAL USER *************************************/ router.post('/create', function (req, res) { var owner = req.user.id; var authTestData = req.body.authtestdata.item; AuthTestModel .create({ authtestdata: authTestData, owner: owner }) .then( function createSuccess(authtestdata) { res.json({ authtestdata: authtestdata }); }, function createError(err) { res.send(500, err.message); } ); }); /****************** * GET SINGLE ITEM FOR INDIVIDUAL USER ******************/ router.get('/:id', function(req, res) { var data = req.params.id; var userid = req.user.id; AuthTestModel .findOne({ where: { id: data, owner: userid } }).then( function findOneSuccess(data) { res.json(data); }, function findOneError(err) { res.send(500, err.message); } ); }); module.exports = router; ``` ## Short Analysis Although there are nuances that we'll discuss, the functions should seem somewhat familiar to you based on our previous server functions. Here is a quick explanation for each of them: | Function | Purpose | | -------- | ---------------------------------------------------------------------------------------------------------------------------------- | | /getall | Finds all items in the table with the `user id` in the token | | /:id | Finds a single item in the the table. Uses both the `id` from the url (primary key) and the `userid` from the token (foreign key). | | /create | Adds an item to the table with the `userid` from the token. | Up until now, we've only done `GET` and `POST` requests. A full CRUD (**C**reate **R**ead **U**pdate **D**elete) app lets you update and delete stuff, however, so we need to add some `DELETE` and `UPDATE` functionality. Let's talk a little more about each and set up a route for each before we start testing. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eleven-fifty-academy.gitbook.io/javascript-152-nodeserver/js_library/node-server/10-authenticated-routes/04-authtestcontroller.js.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.