-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmiddleware.js
96 lines (86 loc) · 3.06 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
const ExpressError = require('./utils/ExpressError');
const { communitySchema, postSchema, commentSchema } = require('./schema');
const User = require('./models/user.schema')
const Community = require('./models/community.schema');
const Post = require('./models/post.schema');
const Comment = require('./models/comment.schema');
module.exports.isLoggedIn = (req, res, next) => {
if (!req.isAuthenticated()) {
req.flash('error', 'You must be logged in.');
return res.redirect('/user/login');
}
next();
}
module.exports.validateCommunity = (req, res, next) => {
if (req.body.community.description === '') {
req.body.community.description = 'Just a generic description!'
}
const { error } = communitySchema.validate(req.body);
if (error) {
const msg = error.details.map(el => el.message).join(',')
throw new ExpressError(msg, 400)
}
next();
}
module.exports.validatePost = (req, res, next) => {
const { error } = postSchema.validate(req.body);
if (error) {
const msg = error.details.map(el => el.message).join(',')
throw new ExpressError(msg, 400)
}
next();
}
module.exports.validateComment = (req, res, next) => {
const { error } = commentSchema.validate(req.body);
if (error) {
const msg = error.details.map(el => el.message).join(',')
throw new ExpressError(msg, 400)
}
next();
}
module.exports.isCreator = async(req, res, next) => {
const communityName = req.params.name;
const community = await Community.findOne({ name: communityName });
if (!community.creator.equals(req.user._id)) {
req.flash('error', 'You do not have permission to perform that action.');
return res.redirect(`/c/${id}`);
}
next();
}
module.exports.isPostAuthor = async(req, res, next) => {
const { communityName, titleURL, URLid } = req.params;
const post = await Post.findOne({ titleURL: titleURL, URLid: URLid });
if (!post.author.equals(req.user._id)) {
req.flash('error', 'You do not have permission to perform that action.');
return res.redirect(`/c/${id}/posts/${postId}`);
}
next();
}
module.exports.isCommentAuthor = async(req, res, next) => {
const { id, commentId } = req.params;
const comment = await Comment.findById(commentId);
if (!comment.author.equals(req.user._id)) {
req.flash('error', 'You do not have permission to perform that action');
return res.redirect(`/c/${id}/posts/${postId}`);
}
next();
}
module.exports.validateJoin = (req, res, next) => {
const { error } = userSchema.validate(req.body);
if (error) {
const msg = error.details.map(el => el.message).join(',')
throw new ExpressError(msg, 400)
}
next();
}
module.exports.grabUserMemberships = async(req, res, next) => {
try {
const user = await User.findById(req.user.id).populate({
path: 'memberships',
model: Community,
});
const communities = user.memberships;
res.locals.communities = communities;
} catch {}
next();
}