kajvans/forum-backend
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

to much to say

Browse Source
This commit is contained in:
kaj van schalkwijk
2024-01-23 22:28:46 +01:00
parent b728e1508a
commit 9a192622b1
16 changed files with 3884 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files
routes/create.js
+57
View File
@@ -0,0 +1,57 @@
const db = require('../surreal');
const router = require('express').Router();
router.post('/', async (req, res) => {
try{
const username = req.user;
const {title, content} = req.body;
if(title.length > process.env.MAXTITLELENGTH) return res.status(400).json({error: "Title is too long"});
if(content.length > process.env.MAXCONTENTLENGTH) return res.status(400).json({error: "Content is too long"});
if(!title || !content) return res.status(400).json({error: "Missing title or content"});
if(title.length < process.env.MINTITLELENGTH) return res.status(400).json({error: "Title is too short"});
if(content.length < process.env.MINCONTENTLENGTH) return res.status(400).json({error: "Content is too short"});
if(!username) return res.status(400).json({error: "Missing username"});
const currentDate = new Date();
const formattedDateAndTime = currentDate.toLocaleTimeString('en-gb', { timeStyle: 'short' });
const formattedDate = currentDate.toLocaleDateString('en-gb');
const date = formattedDateAndTime + " " + formattedDate;
const newPost = await db.create('posts', {title: title, content: content, author: username, date: date});
postId = (newPost[0].id).slice(6);
const update = await db.query(`UPDATE users SET posts += "${postId}" WHERE username = string::lowercase("${username}")`)
res.status(200).json({message: "Post created"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.delete('/:id', async (req, res) => {
try{
const username = req.user;
const id = 'posts:' + req.params.id;
if(!username) return res.status(400).json({error: "Missing username"});
if(!id) return res.status(400).json({error: "Missing id"});
const post = await db.query(`SELECT * FROM posts WHERE id = "${id}"`);
if(post.length == 0) return res.status(400).json({error: "Post does not exist"});
if(post[0].author != username) return res.status(400).json({error: "You are not the author of this post"});
const deletePost = await db.query(`DELETE FROM posts WHERE id = "${id}"`);
const update = await db.query(`UPDATE users SET posts -= "${id}" WHERE username = string::lowercase("${username}")`)
res.status(200).json({message: "Post deleted"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
module.exports = router;
routes/login.js
+38
View File
@@ -0,0 +1,38 @@
const db = require('../surreal');
const {generateAccesToken, generateRefreshToken, generatePermtoken} = require("../auth/auth");
const {verify} = require("../auth/password");
const router = require('express').Router();
const timestringconverter = require('timestringconverter');
router.post('/', async (req, res) => {
const {username, password, remember} = req.body;
console.log(username)
if(!username) return res.status(400).json({error: "Username not provided"});
if(!password) return res.status(400).json({error: "Password not provided"});
const user = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if (user.length == 0) {
return res.status(400).json({error: 'Wrong credentials'});
}
const validPass = await verify(password, user[0].password);
if(!validPass) return res.status(400).json({error: "Wrong credentials"});
const accessToken = generateAccesToken(user[0].username);
const refreshToken = generateRefreshToken(user[0].username);
if(remember == true){
const permtoken = generatePermtoken(user[0].username);
res.cookie('permtoken', permtoken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.PERMTOKENAGE), path: '/permtoken'});
}
res.cookie('accessToken', accessToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.ACCESSTOKENAGE)});
res.cookie('refreshToken', refreshToken, {httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.REFRESHTOKENAGE), path: '/refreshtoken'});
res.status(200).json({message: 'Logged in'});
});
module.exports = router;
routes/posts.js
+29
View File
@@ -0,0 +1,29 @@
const db = require('../surreal');
const router = require('express').Router();
router.post('/like/:postId', async (req, res) => {
const username = req.user;
const postId = 'posts:' + req.params.postId;
if(!username) return res.status(400).json({error: "Missing username"});
if(!postId) return res.status(400).json({error: "Missing postId"});
const postData = await db.query(`SELECT * FROM posts WHERE id = "${postId}"`);
//check if user already liked post
for(let i = 0; i < postData[0].likes.length; i++){
if(postData[0].likes[i] === username){
const post = await db.query(`UPDATE posts SET likes -= "${username}" WHERE id = "${postId}"`);
const user = await db.query(`UPDATE users SET likedPosts -= "${req.params.postId}" WHERE username = string::lowercase("${username}")`);
return res.status(200).json({message: "Post unliked"});
}
}
const post = await db.query(`UPDATE posts SET likes += "${username}" WHERE id = "${postId}"`);
const user = await db.query(`UPDATE users SET likedPosts += "${req.params.postId}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Post liked"});
});
module.exports = router;
routes/register.js
+65
View File
@@ -0,0 +1,65 @@
const db = require('../surreal');
const { generateAccesToken, generateRefreshToken, generatePermtoken } = require("../auth/auth");
const { hash, generatePassword } = require("../auth/password");
const router = require('express').Router();
const timestringconverter = require('timestringconverter');
router.get('/password', async (req, res) => {
res.json({ password: generatePassword() });
});
router.post('/', async (req, res) => {
const { username, password, remember } = req.body;
if (!username) return res.status(400).json({ error: "Username not provided" });
if (!password) return res.status(400).json({ error: "Password not provided" });
if (username.length > process.env.USERNAMELENGTH) return res.status(400).json({ error: "Username too long" });
if (password.length < process.env.PASSMINLENGTH) return res.status(400).json({ error: "Password too short" });
if (password.length > process.env.PASSMAXLENGTH) return res.status(400).json({ error: "Password too long" });
if ((password.match(/[a-z]/g) || []).length < process.env.PASSMINLOWERCASE) return res.status(400).json({ error: "Password does not contain enough lowercase letters" });
if ((password.match(/[A-Z]/g) || []).length < process.env.PASSMINUPPERCASE) return res.status(400).json({ error: "Password does not contain enough uppercase letters" });
if ((password.match(/[0-9]/g) || []).length < process.env.PASSMINNUMBERS) return res.status(400).json({ error: "Password does not contain enough numbers" });
if ((password.match(/[!@#$%^&*()_+~`|}{[\]:;?><,./-]/g) || []).length < process.env.PASSMINSYMBOLS) return res.status(400).json({ error: "Password does not contain enough symbols" });
const userExists = await db.query(`SELECT * FROM users WHERE username = string::lowercase("${username}")`);
if (userExists.length != 0) {
return res.status(400).json({ message: 'Username already exists' });
}
const hashedPassword = await hash(password);
const currentDate = new Date();
const user = {
username: username,
password: hashedPassword,
creation: currentDate.toLocaleDateString('en-gb'),
}
console.log(user)
const newUser = await db.create('users', user);
console.log(newUser);
const accessToken = generateAccesToken(newUser[0].username);
const refreshToken = generateRefreshToken(newUser[0].username);
if (remember == true) {
const permtoken = generatePermtoken(newUser[0].username);
res.cookie('permtoken', permtoken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.PERMTOKENAGE), path: '/permtoken' });
}
res.cookie('accessToken', accessToken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.ACCESSTOKENAGE) });
res.cookie('refreshToken', refreshToken, { httpOnly: true, maxAge: 1000 * timestringconverter.ToSec(process.env.REFRESHTOKENAGE), path: '/refreshtoken' });
res.status(200).json({ message: 'User created' });
});
module.exports = router;
routes/user.js
+49
View File
@@ -0,0 +1,49 @@
const db = require('../surreal');
const router = require('express').Router();
const middleware = require('../auth/middleware');
router.get('/:username', async (req, res) => {
try{
const username = req.params.username;
if(!username) return res.status(400).json({error: "Missing username"});
const user = await db.query(`SELECT description, creation FROM users WHERE username = string::lowercase("${username}")`);
if(user.length == 0) return res.status(400).json({error: "User does not exist"});
const posts = await db.query(`SELECT * FROM posts WHERE author = string::lowercase("${username}")`);
const returnData = {
description: user[0].description,
creation: user[0].creation,
posts: posts
}
res.status(200).json({returnData});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
router.put('/description', middleware, async (req, res) => {
try{
const username = req.user;
const {description} = req.body;
if(!username) return res.status(400).json({error: "Missing username"});
if(!description) return res.status(400).json({error: "Missing description"});
if(description.length > process.env.MAXDESCRIPTIONLENGTH) return res.status(400).json({error: "Description is too long"});
const update = await db.query(`UPDATE users SET description = "${description}" WHERE username = string::lowercase("${username}")`);
res.status(200).json({message: "Description updated"});
}
catch(err){
console.log(err);
res.status(500).json({error: "Internal server error"});
}
});
module.exports = router;