Authentication & profile

Author: tar-aldev

Diff for: .gitignore

@@ -1,3 +1,3 @@
 node_modules/
 credentials.json
-.env
+.env

Diff for: index.js

@@ -6,14 +6,15 @@ const morgan = require("morgan");
 require("dotenv").config();
 const app = express();
 const initMongoose = require("./init/mongoose");
-const initRedis = require("./init/redis");
 const PATH_TO_FRONTEND_STATIC = path.join(__dirname, "../articles-app/build");
 
+app.use(express.static("public"));
 app.use(cors());
 app.use(morgan("dev"));
 
 app.use(express.static(PATH_TO_FRONTEND_STATIC));
 app.use(bodyParser.json());
+
 /* API ROUTES */
 app.use("/api", require("./modules/api.routes"));
 
@@ -22,7 +23,6 @@ app.use("**", (req, res) => {
 });
 const PORT = process.env.PORT;
 
-/* initRedis(); */
 initMongoose();
 app.listen(PORT, () => {
   console.log(`Successfully started server on port http://localhost:${PORT}`);

Diff for: init/redis.js

@@ -5,16 +5,14 @@ module.exports = (error = true) => (req, res, next) => {
   const { authorization } = req.headers;
   try {
     const token = authorization.split(" ")[1];
-    console.log("token", token);
-    const payload = jwt.verify(token, "secret");
-    req.jwtPayload = payload;
+    req.jwtPayload = jwt.verify(token, "secret");
     next();
   } catch (e) {
     console.log("error token decode", e);
     if (error) {
-      return res
-        .status(401)
-        .json({ message: e.message || "Not authenticated!" });
+      return res.status(401).json({
+        message: e.message || "Not authenticated!",
+      });
     }
     req.jwtPayload = {};
     next();

Diff for: middleware/withAuth.js

@@ -104,7 +104,9 @@ module.exports = {
   refreshToken: async (req, res) => {
     const { refreshToken } = req.body;
     try {
-      const foundToken = await Token.findOne({ refreshToken }).exec();
+      const foundToken = await Token.findOne({
+        refreshToken,
+      }).exec();
       if (!!foundToken) {
         const { _id, userId } = foundToken;
         const newTokensPair = generateTokens(userId);
@@ -114,10 +116,8 @@ module.exports = {
           refreshToken: newTokensPair.refreshToken,
         });
 
-        await Promise.all([
-          newRefreshToken.save(),
-          Token.findByIdAndDelete(_id).exec(),
-        ]);
+        await newRefreshToken.save();
+        await Token.findByIdAndDelete(_id).exec();
 
         return res
           .status(200)

Diff for: modules/auth/auth.controller.js

@@ -15,10 +15,11 @@ module.exports = {
   },
   getOne: (req, res) => {},
   addOne: async (req, res) => {
+    const { _id } = req.jwtPayload;
     try {
       const newComment = new Comment({
         ...req.body,
-        author: "5dc3f0c64aef5c18da1a785b",
+        author: _id,
       });
       const createdComment = await newComment.save();
       const comment = await createdComment.populate("author").execPopulate();
@@ -29,5 +30,35 @@ module.exports = {
       res.status(500).json({ message: "Cannot create comment", error });
     }
   },
-  update: (req, res) => {},
+  update: async (req, res) => {
+    const { id: commentId } = req.params;
+    const { _id } = req.jwtPayload;
+    try {
+      const result = await Comment.findOneAndUpdate(
+        { author: _id, _id: commentId },
+        req.body,
+        {
+          new: true,
+        }
+      )
+        .populate("author")
+        .exec();
+      return res
+        .status(201)
+        .json({ message: "Comment updated", comment: result });
+    } catch (error) {}
+  },
+
+  delete: async (req, res) => {
+    const { id: commentId } = req.params;
+    const { _id } = req.jwtPayload;
+
+    try {
+      await Comment.findOneAndDelete({
+        author: _id,
+        _id: commentId,
+      }).exec();
+      return res.status(200).json({ message: "Comment deleted" });
+    } catch (error) {}
+  },
 };

Diff for: modules/comments/comments.controller.js

@@ -1,9 +1,11 @@
 const router = require("express").Router();
 const controller = require("./comments.controller");
+const withAuth = require("../../middleware/withAuth");
 
 router.get("/", controller.getAll);
 router.get("/:id", controller.getOne);
-router.post("/", controller.addOne);
-router.patch("/", controller.update);
+router.post("/", withAuth(), controller.addOne);
+router.put("/:id", withAuth(), controller.update);
+router.delete("/:id", withAuth(), controller.delete);
 
 module.exports = router;

Diff for: modules/comments/index.js

@@ -5,6 +5,6 @@ const withAuth = require("../../middleware/withAuth");
 router.get("/", withAuth(false), controller.getPaginated);
 router.get("/:id", controller.getOne);
 router.post("/", withAuth(), controller.addOne);
-router.put("/:id", controller.update);
+router.put("/:id", withAuth(), controller.update);
 
 module.exports = router;

Diff for: modules/posts/index.js

@@ -1,9 +1,56 @@
 const router = require("express").Router();
 const controller = require("./users.controller");
+const multer = require("multer");
+const withAuth = require("../../middleware/withAuth");
+const fs = require("fs");
+const path = require("path");
 
+const PATH_TO_IMG = "images";
+const fullPath = path.join("public", PATH_TO_IMG);
+const folderExists = fs.existsSync(fullPath);
+
+const ACCEPTABLE_MIME_TYPES = ["image/jpeg", "image/jpg"];
+
+const fileFilter = (req, file, callback) => {
+  if (ACCEPTABLE_MIME_TYPES.includes(file.mimetype)) {
+    return callback(null, true);
+  }
+  req.multerError = "Invalid file format";
+  return callback(null, false);
+};
+
+const storage = multer.diskStorage({
+  destination: (req, file, callback) => {
+    if (folderExists) {
+      callback(null, fullPath);
+    } else {
+      fs.mkdirSync(fullPath);
+      callback(null, fullPath);
+    }
+  },
+  filename: (req, file, callback) => {
+    const nameAsArray = file.originalname.split(".");
+    const fileExtension = nameAsArray[nameAsArray.length - 1];
+    const fileName = `${file.fieldname}-${Date.now()}${Math.floor(
+      Math.random() * 100
+    )}.${fileExtension}`;
+    callback(null, fileName);
+  },
+});
+const upload = multer({
+  storage,
+  fileFilter,
+});
+
+router.get("/me", withAuth(), controller.getCurrentUser);
 router.get("/", controller.getAll);
 router.get("/:id", controller.getOne);
 router.post("/", controller.addOne);
-router.patch("/", controller.update);
+router.patch(
+  "/profile",
+  withAuth(),
+  upload.single("avatar"),
+  controller.update
+);
 
 module.exports = router;

Diff for: modules/users/index.js

@@ -2,6 +2,15 @@ const User = require("./users.model");
 const { signJWT } = require("../../utils");
 
 module.exports = {
+  getCurrentUser: async (req, res) => {
+    const { _id } = req.jwtPayload;
+    try {
+      const me = await User.findById(_id).exec();
+      res.status(200).json({ me });
+    } catch (error) {
+      res.status(500).json({ message: "Cannot fetch users", error });
+    }
+  },
   getAll: async (req, res) => {
     try {
       const users = await User.find().exec();
@@ -28,5 +37,25 @@ module.exports = {
       res.status(500).json({ message: "Cannot create user", error });
     }
   },
-  update: (req, res) => {},
+  update: async (req, res) => {
+    let update = req.body;
+    let multerError = req.multerError;
+    if (multerError) {
+      return res.status(400).json({ message: multerError });
+    }
+    if (req.file) {
+      update.avatar = {
+        fileName: req.file.filename,
+        originalFileName: req.file.originalname,
+      };
+    }
+
+    const { _id } = req.jwtPayload;
+    try {
+      const profile = await User.findByIdAndUpdate(_id, update).exec();
+      return res.status(201).json({ message: "Updated", profile });
+    } catch (error) {
+      return res.status(500).json({ message: "Cannot update profile" });
+    }
+  },
 };

Diff for: modules/users/users.controller.js

@@ -1,12 +1,20 @@
 const bcrypt = require("bcrypt");
 const { Schema, model } = require("mongoose");
 
+const AvatarSchema = new Schema({
+  fileName: { type: String, required: true },
+  originalFileName: { type: String, required: true },
+});
+
 const UserSchema = new Schema(
   {
     gmailId: { type: String, required: false, default: null },
+    email: { type: String, immutable: true, required: true },
     nickName: { type: String, required: true },
-    email: { type: String, required: true },
     /* If no gmailId was provided i.e password is required otherwise don't have password with social authentication */
+    firstName: { type: String },
+    lastName: { type: String },
+    avatar: AvatarSchema,
     password: {
       type: String,
       select: false,
@@ -39,8 +47,7 @@ UserSchema.method("comparePasswords", async function(userPassword) {
 
 UserSchema.pre("save", async function(next) {
   if (this.password) {
-    const hashedPassword = await bcrypt.hash(this.password, 10);
-    this.password = hashedPassword;
+    this.password = await bcrypt.hash(this.password, 10);
   }
   next();
 });

Diff for: modules/users/users.model.js

@@ -17,9 +17,8 @@
     "lodash": "^4.17.15",
     "mongodb": "^3.3.3",
     "mongoose": "^5.7.7",
-    "passport": "^0.4.0",
-    "qs": "^6.9.1",
-    "redis": "^2.8.0"
+    "multer": "^1.4.2",
+    "qs": "^6.9.1"
   },
   "devDependencies": {
     "morgan": "^1.9.1",

Diff for: package.json

@@ -36,8 +36,7 @@ const getConnectionUrl = auth => {
  * Create the google url to be sent to the client.
  */
 const getUrlGoogle = () => {
-  const url = getConnectionUrl(createConnection());
-  return url;
+  return getConnectionUrl(createConnection());
 };
 
 const setGooglePeopleClient = auth => {
@@ -49,7 +48,7 @@ const setGooglePeopleClient = auth => {
 
 module.exports = {
   signJWT: (payload, secret, expiresIn) => {
-    console.log("expiresIn", expiresIn);
+    console.log("expiresIn", expiresIn, secret);
     return jwt.sign(payload, secret, {
       expiresIn: Number(expiresIn),
     });