Week 8 api integration#86
Conversation
…er-service architecture
…and migrate to RESTful routing
…items, total_pages)
…or Product endpoints
…ules with structured error handling
…rchitecture refactor)
… to MongoEngine ORM, add request/response models and audit fields (advanced section implemented as well)
…advanced filtering APIs
…s for ProductService/ProductCategoryService with mocking; implemented integration tests with Django and MongoDB; refactored tests to use seed command; added negative/parameterized test cases; created seed_categories command; added regression script (run_tests.bat); configured .env; improved assertions. ~69%% coverage
…n, dynamic rendering, expandable UI, loading/empty states, and improved UX.
…ategory handling, error & loading states
…ory handling, error & loading states
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 7 potential issues.
Bugbot Autofix is ON, but it could not run because the branch was deleted or merged before autofix could start.
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
| message=updated["error"] | ||
| if isinstance(message, list): | ||
| message = message[0] | ||
| return error_response("VALIDATION_ERROR", updated["error"], status=400) |
There was a problem hiding this comment.
PUT error returns raw list instead of extracted message
High Severity
In the PUT handler, after extracting the first element from a list-type error into message, the code passes updated["error"] (the original, possibly list value) to error_response instead of the processed message variable. When the error is a list, the error_response message parameter receives a list instead of a string, producing malformed JSON error output.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
| MIDDLEWARE = [ | ||
| "corsheaders.middleware.CorsMiddleware", | ||
| "django.middleware.security.SecurityMiddleware", | ||
| "django.contrib.sessions.middleware.SessionMiddleware", |
There was a problem hiding this comment.
Duplicate SecurityMiddleware and SessionMiddleware in MIDDLEWARE list
Medium Severity
SecurityMiddleware and SessionMiddleware each appear twice in the MIDDLEWARE list. This causes them to execute twice per request/response cycle, which can lead to unexpected behavior such as duplicate header processing or performance overhead.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
|
|
||
| # DEFAULT PK | ||
| DEFAULT_AUTO_FIELD = "django.db.models.BigAutoField" | ||
| print("Mongo URI:", MONGO_URI) |
There was a problem hiding this comment.
Print statement leaks MongoDB URI to stdout
High Severity
print("Mongo URI:", MONGO_URI) logs the MongoDB connection URI (which typically contains credentials) to stdout on every Django startup. This is debug code that was accidentally left in the settings file.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
|
|
||
| @classmethod | ||
| def delete_category(cls, category_id): | ||
| return cls.category_repository.delete(category_id) |
There was a problem hiding this comment.
Test file redefines service class, shadowing real import
Medium Severity
The test file imports ProductCategoryService from the services module on line 7, then immediately redefines a local class ProductCategoryService on line 12 that shadows the import. The test methods (test_create_category_none_title, test_list_categories_empty) are methods of this non-TestCase class, so they are never executed by the test runner. The entire file tests nothing.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
| }); | ||
| }) | ||
| .catch((err) => console.error(err)); | ||
| </script> |
There was a problem hiding this comment.
React index.html replaced with conflicting vanilla JS
High Severity
The CRA public/index.html template was replaced with a standalone vanilla JS page. It includes an inline <script> that calls data.forEach(...) on the API response (which is actually a wrapped object, not an array). React also mounts to the same product-container div. The <div id="root"> was removed, and essential CRA meta tags, manifest link, and <noscript> fallback were stripped out.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
| @@ -1,22 +1,13 @@ | |||
| import React from "react"; | |||
| import ReactDOM from "react-dom/client"; | |||
| import "./index.css"; | |||
There was a problem hiding this comment.
Missing CSS import leaves spinner component unstyled
Medium Severity
The import "./index.css" was removed from index.tsx, but index.css contains the .spinner class used by Loader.tsx. Without this import, the loading spinner renders as an unstyled empty div with no animation, making it invisible to users.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
| if category or price_min or price_max: | ||
|
|
||
| price_min = float(price_min) if price_min else None | ||
| price_max = float(price_max) if price_max else None |
There was a problem hiding this comment.
Unhandled ValueError when parsing price filter parameters
Medium Severity
float(price_min) and float(price_max) will raise an unhandled ValueError if a user passes non-numeric query strings like ?price_min=abc, resulting in a 500 server error. The pagination parameters just below (lines 64–67) are correctly wrapped in a try/except ValueError, but the price filter conversions lack the same protection.
Reviewed by Cursor Bugbot for commit de9216c. Configure here.
3 participants
This PR includes the complete implementation of Week 8 along with a demo video showcasing the progression of the frontend from Week 6 → Week 7 → Week 8.
Demo Video : https://drive.google.com/file/d/1cNuGJK7tHMBMr5JzqfbqixvC0CNtvYG2/view?usp=sharing
Week 6 – HTML, CSS, Vanilla JS
fetchWeek 7 – React + TypeScript
<Product /><ProductList />Week 8 – API Integration, State Management & Routing
/products/products/:id/categories/:idCategory Functionality
<Product />component with conditional renderingUX Enhancements
We get
.
Note
Medium Risk
Introduces new MongoDB connection initialization and CRUD endpoints for products/categories, plus client-side routing and update flows that can affect data integrity and deployment configuration. Risk is moderate due to new DB wiring, bulk upload, and category reassignment behavior.
Overview
Backend: Adds MongoDB (MongoEngine) integration via
DjangoAppConfig.ready()callinginit_db()and environment-driven settings (MONGO_URI, CORS, hosts/secret). Introduces product/category domain models, repositories, services, and controllers with consistentsuccess_response/error_response, including pagination/filtering,updated_afterlisting, soft-delete, bulk CSV upload, and endpoints to assign/remove a product’s category; also adds aseed_categoriesmanagement command and a migration script to backfill missing categories.Frontend: Replaces the CRA starter UI with a routed React app (
/products,/products/:id,/categories/:id) that fetches from the new APIs, provides a product edit page (PUT + separate category reassignment via DELETE/POST), adds basic layout components (header/nav/loader), and bumpsreact-router-domplus adds lint/format scripts.Reviewed by Cursor Bugbot for commit de9216c. Configure here.