BE - Create API to View Another User's Profile

[sanjaysah101]

Description:

We need to implement an API that allows authenticated users to view another user’s profile. The endpoint should handle profile visibility, account verification, and restrict access to sensitive fields when necessary.

Users should have control over their profile's visibility (public or private). By default, profiles are public, but sensitive information (e.g., email, phone number) must always remain private.

Key Requirements:

1. View Another User’s Profile API:

• Implement the GET /users/:username route to view profiles based on username.

• Authenticate the requesting user via validateAccessToken middleware.

  Example route:

  router.get('/users/:username', validateAccessToken, ProfileController.viewProfileByUsername);

2. User Data Retrieval:

• Use an aggregation pipeline to combine profile and user schemas.
• Example:

  static async getUserByUsername(username: string): Promise<User | null> {
      return await UserModel.findOne({ username, isDeleted: false });
  }

3. Profile Visibility:

• Check the isPublic flag for the requested profile:

  • If isPublic: true, return the profile data with restricted fields.

  • If isPublic: false, return:

    { "error": "This profile is private and cannot be viewed." }

4. Unverified Account:

• When user A attempts to view user B's profile, and user B's account is unverified (i.e., isEmailVerified: false), the API should respond with a 403 Forbidden status code and the following message:

  {
    "error": "This account is unverified. You cannot view this profile."
  }

5. Profile Not Found:

• Return a 404 Not Found response if the profile does not exist or if the username is invalid:

  { "error": "Profile not found." }

6. Restricted Fields:

• Only expose the following fields for public profiles:

  • bio
  • profilePictureUrl
  • socialLinks (e.g., Twitter, LinkedIn, GitHub)
  • username

• Sensitive fields such as dob, email, address, and phoneNumber should never be exposed.

  Example response:

  {
    "username": "johndoe",
    "bio": "Software developer passionate about open source.",
    "profilePictureUrl": "https://example.com/picture.jpg",
    "socialLinks": {
      "twitter": "https://twitter.com/johndoe",
      "linkedin": "https://linkedin.com/in/johndoe",
      "github": "https://github.com/johndoe"
    }
  }

7. Test Cases:

• Public Profile View Success: Retrieve a public profile with the allowed fields.
• Private Profile View: Return an appropriate message for private profiles.
• Unverified Account: Ensure proper handling of unverified accounts.
• Profile Not Found: Return a 404 for non-existent or invalid profiles.
• Authentication: Verify that only authenticated users can view profiles.

---

Tasks:

• Implement viewProfileByUsername in ProfileController.
• Add GET /users/:username route in profile.route.ts.
• Fetch user data using aggregation in ProfileService.
• Add validateAccessToken for authentication.
• Write and verify test cases for all specified scenarios.

#19, #63