feature: create the API with authorization and registration handled by the back-end server.

Author: GozdeHisarckllar

.editorconfig

@@ -0,0 +1,34 @@
+# http://editorconfig.org
+
+# A special property that should be specified at the top of the file outside of
+# any sections. When set to true, stops Editorconfig from searching any higher
+# in the directory tree for .editorconfig files.
+root = true
+
+[*]
+# Indentation style
+# Possible values - tab, space
+indent_style = space
+
+# Indentation size in single-spaced characters
+# Possible values - an integer, tab
+indent_size = 2
+
+# Newline character(s) to use (varies by OS otherwise)
+# Possible values - lf, crlf, cr
+end_of_line = lf
+
+# File character encoding
+# Possible values - latin1, utf-8, utf-16be, utf-16le
+charset = utf-8
+
+# Denotes whether to trim whitespace at the end of lines
+# Possible values - true, false
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+# Denotes whether file should end with a newline
+# Possible values - true, false
+insert_final_newline = true

.eslintrc

@@ -0,0 +1,8 @@
+{
+  "extends": "airbnb-base",
+  "rules": {
+    "no-underscore-dangle": ["error", { "allow": ["_id"] }],
+    "no-console": "off",
+    "no-unused-vars": ["error", { "argsIgnorePattern": "next" }]
+  }
+}

.gitignore

@@ -0,0 +1,17 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+
+# Dependency directory
+node_modules
+
+# Optional npm cache directory
+.npm
+
+# System files and IDE settings folders
+.DS_Store
+.idea
+.vscode
+
+.env

README.md

@@ -1 +1,7 @@
-# news-explorer-backend
+# news-explorer-backend
+
+The API of "News Explorer" app with authorization and registration handled by the back-end server.
+
+This repository contains back-end of "News Explorer" project that features user authorization and user registration and handles users and saved articles.
+
+* [a link to the API](https://api.explorernewsapp.students.nomoreparties.site)

app.js

@@ -0,0 +1,49 @@
+const express = require('express');
+const mongoose = require('mongoose');
+const helmet = require('helmet');
+const cors = require('cors');
+const { errors } = require('celebrate');
+const routes = require('./routes');
+const config = require('./config');
+const handleError = require('./middlewares/handleError');
+const NotFoundError = require('./errors/NotFoundError');
+const { requestLogger, errorLogger } = require('./middlewares/logger');
+const rateLimiter = require('./middlewares/rateLimiter');
+
+const { PORT = 3000 } = process.env;
+
+const app = express();
+
+require('dotenv').config();
+
+app.use(helmet());
+
+app.use(express.urlencoded({ extended: true }));
+app.use(express.json());
+
+app.use(cors());
+app.options('*', cors());
+
+mongoose.connect(process.env.NODE_ENV === 'production' ? process.env.MONGODB_HOST : config.db.host);
+
+app.use(requestLogger);
+
+app.use(rateLimiter);
+
+app.use('/', routes);
+
+app.use((req, res, next) => {
+  next(new NotFoundError('Requested resource not found'));
+});
+
+app.use(errorLogger);
+
+app.use(errors());
+
+app.use((err, req, res, next) => {
+  handleError(err, res);
+});
+
+app.listen(PORT, () => {
+  console.log(`App listening at port ${PORT}`);
+});

config.js

@@ -0,0 +1,10 @@
+const config = {
+  db: {
+    host: 'mongodb://localhost:27017/newsdb',
+  },
+  jwt: {
+    devKey: 'b06e69b88dbbe0fdfe76f90af191777318f414fb532337e5ec723dd8ec19ef99',
+  },
+};
+
+module.exports = config;

controllers/articles.js

@@ -0,0 +1,59 @@
+const Article = require('../models/article');
+const BadRequestError = require('../errors/BadRequestError');
+const ForbiddenError = require('../errors/ForbiddenError');
+const NotFoundError = require('../errors/NotFoundError');
+
+module.exports.getSavedArticles = (req, res, next) => {
+  Article.find({ owner: req.user._id })
+    .orFail(() => {
+      throw new NotFoundError('No articles found');
+    })
+    .then((articles) => {
+      res.status(200).send({ data: articles });
+    })
+    .catch(next);
+};
+
+module.exports.createSavedArticle = (req, res, next) => {
+  Article.create({ owner: req.user._id, ...req.body })
+    .then((createdArticle) => {
+      Article.findById(createdArticle._id)
+        .then((article) => res.status(201).send({ data: article }))
+        .catch(next);
+    })
+    .catch((err) => {
+      if (err.name === 'ValidationError') {
+        next(new BadRequestError(err.message));
+        return;
+      }
+      next(err);
+    });
+};
+
+module.exports.removeSavedArticle = (req, res, next) => {
+  const { articleId } = req.params;
+
+  Article.findById(articleId)
+    .orFail(() => {
+      throw new NotFoundError('Article ID not found');
+    })
+    .select('+owner')
+    .then((article) => {
+      if (article.owner.equals(req.user._id)) {
+        Article.deleteOne(article)
+          .then(() => {
+            res.status(200).send({ message: 'The saved article has been successfully removed' });
+          })
+          .catch(next);
+      } else {
+        throw new ForbiddenError('Forbidden to remove an article saved by another user');
+      }
+    })
+    .catch((err) => {
+      if (err.name === 'CastError') {
+        next(new BadRequestError('Incorrect ID'));
+        return;
+      }
+      next(err);
+    });
+};

controllers/users.js

@@ -0,0 +1,55 @@
+const jwt = require('jsonwebtoken');
+const bcrypt = require('bcryptjs');
+const User = require('../models/user');
+const NotFoundError = require('../errors/NotFoundError');
+const ConflictError = require('../errors/ConflictError');
+const BadRequestError = require('../errors/BadRequestError');
+const config = require('../config');
+
+module.exports.login = (req, res, next) => {
+  const { email, password } = req.body;
+  User.findUserByCredentials(email, password)
+    .then((user) => {
+      const token = jwt.sign(
+        { _id: user._id },
+        process.env.NODE_ENV === 'production' ? process.env.JWT_SECRET : config.jwt.devKey,
+        { expiresIn: '7d' },
+      );
+      res.status(200).send({ token });
+    })
+    .catch(next);
+};
+
+module.exports.createUser = (req, res, next) => {
+  const { password } = req.body;
+  bcrypt.hash(password, 10)
+    .then((hash) => User.create({
+      ...req.body,
+      password: hash,
+    }))
+    .then((createdUser) => {
+      User.findById(createdUser._id)
+        .then((user) => res.status(201).send({ data: user }))
+        .catch(next);
+    })
+    .catch((err) => {
+      if (err.name === 'ValidationError') {
+        next(new BadRequestError(err.message));
+      } else if (err.code === 11000) {
+        next(new ConflictError('User with this email address already exists.'));
+      } else {
+        next(err);
+      }
+    });
+};
+
+module.exports.getUserInfo = (req, res, next) => {
+  User.findById(req.user._id)
+    .orFail(() => {
+      throw new NotFoundError('User ID not found');
+    })
+    .then((user) => {
+      res.status(200).send({ data: user });
+    })
+    .catch(next);
+};

errors/BadRequestError.js

@@ -0,0 +1,8 @@
+class BadRequestError extends Error {
+  constructor(message) {
+    super(message);
+    this.statusCode = 400;
+  }
+}
+
+module.exports = BadRequestError;

errors/ConflictError.js

@@ -0,0 +1,8 @@
+class ConflictError extends Error {
+  constructor(message) {
+    super(message);
+    this.statusCode = 409;
+  }
+}
+
+module.exports = ConflictError;

errors/ForbiddenError.js

@@ -0,0 +1,8 @@
+class ForbiddenError extends Error {
+  constructor(message) {
+    super(message);
+    this.statusCode = 403;
+  }
+}
+
+module.exports = ForbiddenError;

errors/NotFoundError.js

@@ -0,0 +1,8 @@
+class NotFoundError extends Error {
+  constructor(message) {
+    super(message);
+    this.statusCode = 404;
+  }
+}
+
+module.exports = NotFoundError;

errors/UnauthorizedError.js

@@ -0,0 +1,8 @@
+class UnauthorizedError extends Error {
+  constructor(message) {
+    super(message);
+    this.statusCode = 401;
+  }
+}
+
+module.exports = UnauthorizedError;

middlewares/auth.js

@@ -0,0 +1,26 @@
+const jwt = require('jsonwebtoken');
+const config = require('../config');
+const UnauthorizedError = require('../errors/UnauthorizedError');
+
+module.exports = (req, res, next) => {
+  const { authorization } = req.headers;
+
+  if (!authorization || !authorization.startsWith('Bearer ')) {
+    next(new UnauthorizedError('To have access to the content, authorization required'));
+    return;
+  }
+
+  const token = authorization.replace('Bearer ', '');
+  let payload;
+
+  try {
+    payload = jwt.verify(token, process.env.NODE_ENV === 'production' ? process.env.JWT_SECRET : config.jwt.devKey);
+  } catch (err) {
+    next(new UnauthorizedError('Invalid token. Authorization required'));
+    return;
+  }
+
+  req.user = payload;
+
+  next();
+};

middlewares/handleError.js

@@ -0,0 +1,14 @@
+const handleError = (err, res) => {
+  const { message, statusCode = 500 } = err;
+
+  res
+    .status(statusCode)
+    .send({
+      message:
+      statusCode === 500
+        ? 'An error has occurred on the server'
+        : message,
+    });
+};
+
+module.exports = handleError;

middlewares/logger.js

@@ -0,0 +1,21 @@
+const winston = require('winston');
+const expressWinston = require('express-winston');
+
+const requestLogger = expressWinston.logger({
+  transports: [
+    new winston.transports.File({ filename: './logs/request.log' }),
+  ],
+  format: winston.format.json(),
+});
+
+const errorLogger = expressWinston.errorLogger({
+  transports: [
+    new winston.transports.File({ filename: './logs/error.log' }),
+  ],
+  format: winston.format.json(),
+});
+
+module.exports = {
+  requestLogger,
+  errorLogger,
+};

middlewares/rateLimiter.js

@@ -0,0 +1,8 @@
+const rateLimit = require('express-rate-limit');
+
+const rateLimiter = rateLimit({
+  windowMs: 10 * 60 * 1000,
+  max: 90,
+});
+
+module.exports = rateLimiter;