Part 132: Enhancing Comment Functionality with User Authentication and Database Relationships

[App] Authentication User Database

In our ongoing effort to improve the security and functionality of our application, we've recently made significant enhancements to the comment system. By restricting the CommentForm to authenticated users and pre-populating their names, we've taken a big step forward. Now, it's time to update our createCommentAction to align with these changes and further improve our database model.

Updating the Comment Creation Process

Authentication Check

First and foremost, we must ensure that only authenticated users can post comments. We achieve this by using our getUserFromSession function to verify user authentication. If a user is not authenticated, we throw an error, signaling an unauthorized access attempt.

// File path: app/reviews/[slug]/actions.js

import { getUserFromSession } from '@/lib/auth';

export async function createCommentAction(formData) {
  const user = await getUserFromSession();
  if (!user) {
    throw new Error('Unauthorized');
  }
  // Additional logic follows
}

Adjusting Comment Data

Since we no longer send a "user" field from the form, we need to adapt our data handling. The user information can be retrieved from the session, specifically the userId.

// File path: app/reviews/[slug]/actions.js

export async function createCommentAction(formData) {
  const user = await getUserFromSession();
  if (!user) {
    throw new Error('Unauthorized');
  }
  const data = {
    slug: formData.get('slug'),
    userId: user.id,
    message: formData.get('message'),
  };
  // Proceed with data validation and comment creation
}

Simplifying Validation

Validation rules that previously checked for a "user" field are now unnecessary. We only need to validate the "message" field, ensuring it's not empty.

// File path: app/reviews/[slug]/actions.js

function validate(data) {
  if (!data.message) {
    return 'Comment field is required';
  }
  // Additional validation logic
}

Enhancing Database Schema with Relationships

To better represent the relationship between users and comments, we're transitioning from storing just a user's name to storing a reference to the user through their userId. This change requires modifications to our database schema.

Defining the Relationship

In our Prisma schema, we establish a one-to-many relationship between the User and Comment models. This involves adding a userId field in the Comment model and linking it to the User model.

// File path: prisma/schema.prisma

model Comment {
  id       String   @id @default(uuid())
  slug     String
  userId   String
  message  String
  postedAt DateTime @default(now())
  user     User     @relation(fields: [userId], references: [id])
}

model User {
  id           String   @id @default(uuid())
  email        String   @unique
  name         String
  passwordHash String
  comments     Comment[]
}

Applying Schema Changes

After updating the schema, we apply the changes to the database with prisma db push. This synchronizes the database structure with our schema, establishing the necessary foreign key constraints.

Implementing the Changes

With our schema updated, we revise the code responsible for creating comments to accommodate the new userId field.

// File path: lib/comments.js

import { db } from './db';

export async function createComment({ slug, userId, message }) {
  return await db.comment.create({
    data: { slug, userId, message },
  });
}

Testing the New Setup

After implementing these changes, it's crucial to test the functionality. Log in as a user and attempt to post a comment. Ensure the comment is saved with the correct userId in the database and verify the one-to-many relationship between the User and Comment models.

Conclusion

By integrating user authentication into our comment system and establishing a robust database relationship between users and comments, we've significantly enhanced our application's functionality and security. These improvements not only streamline the user experience but also ensure data integrity and consistency across our application. As we continue to develop, maintaining these standards will be key to delivering a reliable and secure platform.

PreviousPart 131: Enhancing Application Security: Restricting Access to Authenticated Users NextPart 133: Enhancing Comment Display with User Names in a Relational Database

Last updated 1 year ago