diff --git a/app.js b/app.js index 7d42bf0..5cf8700 100644 --- a/app.js +++ b/app.js @@ -58,10 +58,7 @@ app.use(logger("dev")); app.use(express.json()); app.use(cookieParser()); app.use(express.static(path.join(__dirname, "public"))); -app.use(function(req,res,next){ - res.locals.currentUser = req.user - next() -}) + //setting up authentication const LocalStrategy = require('passport-local') diff --git a/controllers/collectionController.js b/controllers/collectionController.js index 3c947af..282e189 100644 --- a/controllers/collectionController.js +++ b/controllers/collectionController.js @@ -32,24 +32,16 @@ exports.list_items_api = asyncHandler(async(req,res,next)=>{ //handling editing request GET exports.edit_get = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections =await collectionModel.find({}) res.render('collectionEdit',{title:'edit collection',collections:collections}) - }else{ - res.redirect('/log-in',) - } }) //API handling editing request GET exports.edit_get_api = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections =await collectionModel.find({}) res.send({title:'edit collection',collections:collections}) - }else{ - res.res({authorization:false}) - } }) //handling editing request POST @@ -61,7 +53,6 @@ exports.edit_post =[ .escape() ,asyncHandler(async(req,res,next)=>{ //initializing errors - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const errors = validationResult(req) //checking that the collection exists @@ -90,11 +81,9 @@ exports.edit_post =[ } - }else{ - res.redirect('/log-in',) - }})] + })] //handling editing request POST exports.edit_post_api =[ @@ -105,7 +94,6 @@ exports.edit_post_api =[ .escape() ,asyncHandler(async(req,res,next)=>{ //initializing errors - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const errors = validationResult(req) //checking that the collection exists @@ -134,34 +122,26 @@ exports.edit_post_api =[ } - }else{ - res.send({authorization:false}) - }})] + })] //handling create item request GET exports.create_get =asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections = await collectionModel.find({}) res.render('collectionCreate',{title:"collections create",collections:collections}) - }else{ - res.redirect('/log-in',) - } + }) //handling create item request GET exports.create_get_api =asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections = await collectionModel.find({}) res.send({title:"collections create",collections:collections}) - }else{ - res.send({authorization:false}) - } + }) //handling create item request Post @@ -176,7 +156,6 @@ exports.create_post =[ .isLength({min:3}) .escape(), asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ //initializing errors const errors = validationResult(req) @@ -204,10 +183,8 @@ exports.create_post =[ await updatedCollection.save() res.redirect('/collection') } - }else{ - res.redirect('/log-in',) - }}) + }) ] //API handling create item request Post @@ -222,7 +199,6 @@ exports.create_post_api =[ .isLength({min:3}) .escape(), asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ //initializing errors const errors = validationResult(req) @@ -250,28 +226,20 @@ exports.create_post_api =[ await updatedCollection.save() res.redirect('/collection') } - }else{ - res.redirect('/log-in',) - }}) + }) ] //handling deleting a collection exports.delete = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ await collectionModel.findByIdAndDelete(req.params.id) res.redirect('/collection') - }else{ - res.redirect('/log-in',) - } + }) //API handling deleting a collection exports.delete_api = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ await collectionModel.findByIdAndDelete(req.params.id) res.send({authorization:true}) - }else{ - res.send({authorization:false}) - } + }) \ No newline at end of file diff --git a/controllers/itemController.js b/controllers/itemController.js index feddeb2..59d642f 100644 --- a/controllers/itemController.js +++ b/controllers/itemController.js @@ -20,7 +20,6 @@ exports.detail_api = asyncHandler(async(req,res,next)=>{ // display edit item page on Get exports.edit_get = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections = await collectionModel.find({}) if(req.params.id){ @@ -28,14 +27,11 @@ exports.edit_get = asyncHandler(async(req,res,next)=>{ res.render('editItem',{title:'item',item:item,collections:collections,}) } res.render('editItem',{title:'item',collections:collections,}) - }else{ - res.redirect('/log-in',) - } + }) //API display edit item page on Get exports.edit_get_api = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const collections = await collectionModel.find({}) if(req.params.id){ @@ -44,9 +40,7 @@ exports.edit_get_api = asyncHandler(async(req,res,next)=>{ } res.send({title:'item',collections:collections,}) - }else{ - res.send({authorization:false}) - } + }) @@ -64,7 +58,6 @@ exports.edit_post = [ .escape() ,asyncHandler(async(req,res,next)=>{ // extracting errors - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const errors = validationResult(req) const collections = await collectionModel.find() @@ -139,9 +132,7 @@ exports.edit_post = [ res.redirect(updatedItem.url) } } - }else{ - res.redirect('/log-in',) - } + })] //API handel edited item on Post @@ -158,7 +149,6 @@ exports.edit_post_api = [ .escape() ,asyncHandler(async(req,res,next)=>{ // extracting errors - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ const errors = validationResult(req) const collections = await collectionModel.find() @@ -233,29 +223,21 @@ exports.edit_post_api = [ } } - }else{ - res.send({authorization:false}) - } + })] //handling deleting a item exports.delete = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ await itemModel.findByIdAndDelete(req.params.id) res.redirect('/collection') - }else{ - res.redirect('/log-in',) - } + }) //API handling deleting a item exports.delete_api = asyncHandler(async(req,res,next)=>{ - if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){ await itemModel.findByIdAndDelete(req.params.id) res.send({authorization:true}) - }else{ - res.send({authorization:false}) - } + }) \ No newline at end of file diff --git a/controllers/log-inController.js b/controllers/log-inController.js index 76451b0..9d1ac10 100644 --- a/controllers/log-inController.js +++ b/controllers/log-inController.js @@ -1,7 +1,7 @@ const asyncHandler = require('express-async-handler') const {body, validationResult} = require('express-validator') const passport = require('passport') - +const jwt = require('jsonwebtoken') //handling log in request GET exports.logIn_get = asyncHandler(async(req,res,next)=>{ res.render("log-in",{title:'Log in'}) @@ -28,5 +28,5 @@ exports.logIn_post = [ passport.authenticate("local", { successRedirect: "/", failureRedirect: "/log-in" - }) + }), ] diff --git a/package-lock.json b/package-lock.json index 8f262f9..20c311a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -29,12 +29,14 @@ "fly": "^4.5.7", "helmet": "^7.0.0", "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.2", "mongodb": "^6.0.0", "mongoose": "^7.5.0", "morgan": "~1.9.1", "multer": "^1.4.5-lts.1", "nodemon": "^3.0.1", "passport": "^0.6.0", + "passport-jwt": "^4.0.1", "passport-local": "^1.0.0", "postcss": "^8.4.28", "postcss-cli": "^10.1.0", @@ -1212,6 +1214,11 @@ "ieee754": "^1.2.1" } }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==" + }, "node_modules/buffer-from": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", @@ -1777,6 +1784,14 @@ "node": ">=6.0.0" } }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, "node_modules/ee-first": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", @@ -3071,6 +3086,51 @@ "graceful-fs": "^4.1.6" } }, + "node_modules/jsonwebtoken": { + "version": "9.0.2", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz", + "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==", + "dependencies": { + "jws": "^3.2.2", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==" + }, + "node_modules/jwa": { + "version": "1.4.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.1.tgz", + "integrity": "sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==", + "dependencies": { + "buffer-equal-constant-time": "1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz", + "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==", + "dependencies": { + "jwa": "^1.4.1", + "safe-buffer": "^5.0.1" + } + }, "node_modules/kareem": { "version": "2.5.1", "resolved": "https://registry.npmjs.org/kareem/-/kareem-2.5.1.tgz", @@ -3133,6 +3193,11 @@ "resolved": "https://registry.npmjs.org/lodash.groupby/-/lodash.groupby-4.6.0.tgz", "integrity": "sha512-5dcWxm23+VAoz+awKmBaiBvzox8+RqMgFhi7UvX9DHZr2HdxHXM/Wrf8cfKpsW37RNrvtPn6hSwNqurSILbmJw==" }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==" + }, "node_modules/lodash.isboolean": { "version": "3.0.3", "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", @@ -3148,16 +3213,41 @@ "resolved": "https://registry.npmjs.org/lodash.isfunction/-/lodash.isfunction-3.0.9.tgz", "integrity": "sha512-AirXNj15uRIMMPihnkInB4i3NHeb4iBtNg9WRWuK2o31S+ePwwNmDPaTL3o7dTJ+VXNZim7rFs4rxN4YU1oUJw==" }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==" + }, "node_modules/lodash.isnil": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/lodash.isnil/-/lodash.isnil-4.0.0.tgz", "integrity": "sha512-up2Mzq3545mwVnMhTDMdfoG1OurpA/s5t88JmQX809eH3C8491iu2sfKhTfhQtKY78oPNhiaHJUpT/dUDAAtng==" }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==" + }, "node_modules/lodash.isundefined": { "version": "3.0.1", "resolved": "https://registry.npmjs.org/lodash.isundefined/-/lodash.isundefined-3.0.1.tgz", "integrity": "sha512-MXB1is3s899/cD8jheYYE2V9qTHwKvt+npCwpD+1Sxm3Q3cECXCiYHjeHWXNwr6Q0SOBPrYUDxendrO6goVTEA==" }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" + }, "node_modules/lodash.uniq": { "version": "4.5.0", "resolved": "https://registry.npmjs.org/lodash.uniq/-/lodash.uniq-4.5.0.tgz", @@ -3882,6 +3972,15 @@ "url": "https://github.com/sponsors/jaredhanson" } }, + "node_modules/passport-jwt": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/passport-jwt/-/passport-jwt-4.0.1.tgz", + "integrity": "sha512-UCKMDYhNuGOBE9/9Ycuoyh7vP6jpeTp/+sfMJl7nLff/t6dps+iaeE0hhNkKN8/HZHcJ7lCdOyDxHdDoxoSvdQ==", + "dependencies": { + "jsonwebtoken": "^9.0.0", + "passport-strategy": "^1.0.0" + } + }, "node_modules/passport-local": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/passport-local/-/passport-local-1.0.0.tgz", diff --git a/package.json b/package.json index 061c784..322d0b6 100644 --- a/package.json +++ b/package.json @@ -28,12 +28,14 @@ "fly": "^4.5.7", "helmet": "^7.0.0", "http-errors": "~1.6.3", + "jsonwebtoken": "^9.0.2", "mongodb": "^6.0.0", "mongoose": "^7.5.0", "morgan": "~1.9.1", "multer": "^1.4.5-lts.1", "nodemon": "^3.0.1", "passport": "^0.6.0", + "passport-jwt": "^4.0.1", "passport-local": "^1.0.0", "postcss": "^8.4.28", "postcss-cli": "^10.1.0", diff --git a/request.rest b/request.rest new file mode 100644 index 0000000..a21cfd2 --- /dev/null +++ b/request.rest @@ -0,0 +1 @@ +GET http://localhost:3000/collection/api \ No newline at end of file