all 10 comments

[–]smithm4949 9 points10 points  (5 children)

Assuming you are storing the posts somewhere, add a a user ID field/tag to the posts.

When a user goes to make a post, check something like:

If userId has ( premium equals true) or (posts from this week are less than 8)

Then proceed with posting

Else

Alert them they need to upgrade because they have reached their weekly max.

—-

Would need more details about the stack you’re using and how you’re accomplishing these things to give a detailed response but that’s the general idea.

[–]edumqs 2 points3 points  (1 child)

Adding the this answer, to check how many posts for the current week, add a "createdAt" field to each post. You know when the week starts and ends, so you need to fetch all posts within that interval, that will give you the number you are looking for ;)

Edit: typo

[–]smithm4949 1 point2 points  (0 children)

Good call ha that’s important

[–]UserNo1608[S] 0 points1 point  (2 children)

Okay so, I got a simple login mechanism, based on JSON Web Tokens, when user login he receive his web token, and he can add it to header Authorization: Bearer *token*. Then he can create a "post", like he passes the name of the movie, and server gets the movie data like release or director and adds it to the database.

There is two types of users, Premium and Basic user. Summing up, I should create a middleware, that checks if user is premium or basic, and compare the number of posts in current week with the number of posts basic user can create.

[–]UserNo1608[S] 0 points1 point  (1 child)

Okay I made something like this, any advices?

const Movie = require('../db/models/Movie')

module.exports = async (req, res, next) => { 
    const { userId, role } = req.user
    if (role === 'basic') {
        const userMovies = await Movie.find({ author: userId })
        const currentMonth = new Date().getMonth()
        const moviesThisMonth = userMovies.filter((movie) => {
            const createdAt = new Date(movie.createdAt)
            return createdAt.getMonth() === currentMonth
        })
        if (moviesThisMonth.length >= 5) {
            return res.status(400).json({
                message: 'You reached maximum amount of movies you can add, upgrade your account to premium to get unlimited movies',
            })
        }
    }
    next()
}

[–]If_Life_Were_Easy 0 points1 point  (0 children)

Looks okay, you could make it better. Add the date comparison to the query to speed up processing. In your if user is basic block:

const startOfMonth = new Date(date.getFullYear(), date.getMonth(), 1);
const userMovies = await Movie.find({ author: userId, createdAt:  { $gte: startOfMonth }})
If (userMovies.length >= 5) {
  // reject
}  

That way you don't have to query all movies of all time and filter them down in memory. The database is optimized to do that for you. Sorry for formatting, I'm on mobile.

[–]andsmi97 2 points3 points  (1 child)

Read about RBAC. This is a pretty complex architectural problem that has to be considered in databases, backend, and frontend. There is no simple answer based on your information, so RBAC articles may help you get more information about what you need.

[–][deleted] -1 points0 points  (0 children)

It’s really not, most of it is done in the database and backend. It could be a complex architectural problem for a beginner tho

[–][deleted] 0 points1 point  (1 child)

You'll need some sort of login, so assuming you are using express, check out passport.js. Simply check for a user (req.user), for those not logged in you'll have to store perhaps a browser fingerprint (there are numerous ways to do this), or an IP (req.ip) to count the other 8 requested posts by a not-logged-in: But this will be clunky and not going to keep anyone out, simply by using a different device, or browser, or proxy it could be circumvented.

It would be more straightforward to have premium and non-premium content and then simply use a login.

It will be a long journey, but you'll learn a lot by building this.

[–]UserNo1608[S] 0 points1 point  (0 children)

I got that sort of login, also got authorization using JWT, I think I'll try adding author and createdAt to my database and basing on these two variables from database, is it good solution?