I am seeking suggestions on how to optimize the code within my custom module.
Below is the code for my module which you can review and provide feedback on.
var employee = {
all: function (req, res) {
jwt.verify(req.token, 'novaturesol', (err) => {
if (err) {
res.status(400).send("Forbidden or token has expired!");
} else {
// database query.
con.query("select * from employees limit 50", function (err, employees) {
if (err) throw err;
// console.log("Result: " + employees);
res.status(200).json(employees);
});
}
});
},
create: function (req, res) {
jwt.verify(req.token, 'novaturesol', (err) => {
if (err) {
res.status(400).send("Forbidden or token has expired!");
} else {
// validation array sent in response.
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(422).json({
errors: errors.array()
});
}
// generate random employee number.
let employee_no = Math.floor(Math.random() * Math.floor(9000));
// simple insert query.
let sql = "INSERT INTO employees(emp_no, first_name, last_name, gender, birth_date, hire_date) VALUES('" + employee_no + "','" + req.body.first_name + "','" + req.body.last_name + "','" + req.body.gender + "','" + req.body.birth_date + "','" + req.body.hire_date + "')";
con.query(sql, function (err, result) {
if (err) throw err;
console.log('Record inserted Successfully!');
});
// send response with last inserted employee id.
res.status(200).send({
message: "Successfully added employee!",
last_employee_no: employee_no
});
}
});
},
delete: function (req, res) {
jwt.verify(req.token, 'novaturesol', (err) => {
if (err) {
res.status(400).send("Forbidden or token has expired!");
} else {
if (!req.body.employee_no) {
res.status(400).send({
message: "employee_no is required."
});
} else if (isNaN(req.body.employee_no)) {
res.status(400).send({
message: "employee_no must be an integer."
});
} else {
let employee_no = req.body.employee_no;
// delete record.
con.query("DELETE FROM employees where emp_no = '" + employee_no + "'")
res.status(200).send({
message: "Successfully deleted employee",
deleted_employee_no: employee_no
});
}
}
});
},
update: function (req, res) {
jwt.verify(req.token, 'novaturesol', (err) => {
if (err) {
res.status(400).send("Forbidden or token has expired!");
} else {
if (!req.body.employee_no) {
res.status(400).send({
message: "employee_no is required."
});
} else if (isNaN(req.body.employee_no)) {
res.status(400).send({
message: "employee_no must be a number."
})
} else if (!req.body.first_name) {
res.status(400).send({
message: "first_name is required."
});
} else if (!req.body.last_name) {
res.status(400).send({
message: "last_name is required."
});
} else if (!req.body.hire_date) {
res.status(400).send({
message: "hire_date is required."
});
} else if (!req.body.birth_date) {
res.status(400).send({
message: "birth_date is required."
});
} else if (!req.body.gender) {
res.status(400).send({
message: "gender is required."
});
} else {
let employee_no = req.body.employee_no;
let first_name = req.body.first_name;
let last_name = req.body.last_name;
let gender = req.body.gender;
let hire_date = req.body.hire_date;
let birth_date = req.body.birth_date;
let sql = "UPDATE employees set first_name = '" + first_name + "' , last_name = '" + last_name + "', gender = '" + gender + "', hire_date = '" + hire_date + "', birth_date = '" + birth_date + "' WHERE emp_no = '" + employee_no + "'";
console.log('the query ' + sql);
con.query(sql, function (err) {
if (err) throw err;
})
res.status(200).send({
message: "Successfuly updated employee record.",
updated_employee_no: employee_no
});
}
}
});
}
};
module.exports = employee;
Should I include jwt.verify for verification in each function?
Is there an alternative method to achieve this?
Regarding Database Queries: Is the way we write queries in node express like I have done correct? Or is there a more appropriate approach?