Backend https

backend/controllers/bookmark.js

@@ -9,15 +9,15 @@ exports.postBookmarks = function (req, res) {
   bookmarks.getSpecificBookmark(userId, movieId)
     .then(function (bookmarkResults) {
       if (bookmarkResults) {
-        res.json({
+        res.status(409).json({
           status: 'fail',
           message: 'Bookmark Existed'
         });
       } else {
         // Save the bookmark and check for errors
         bookmarks.postBookmark(movieId, userId)
           .then(function () {
-            res.json({
+            res.status(200).json({
               status: 'success',
               message: 'Bookmark Posted'
             });
@@ -35,7 +35,7 @@ exports.deleteBookmarks = function (req, res) {
       if (bookmarkResult) {
         bookmarkResult.destroy()
           .then(function () {
-            res.json({
+            res.status(200).json({
               status: 'success',
               message: 'Bookmark Deleted'
             });
@@ -44,7 +44,7 @@ exports.deleteBookmarks = function (req, res) {
             console.log(err);
           });
       } else {
-        res.json({
+        res.status(404).json({
           status: 'fail',
           message: 'Bookmark Not Found'
         });
@@ -60,6 +60,6 @@ exports.getBookmarks = function (req, res) {
 
   bookmarks.getAllBookmarks(req.user.id)
     .then(function (movies) {
-      res.json(movies);
+      res.status(200).json(movies);
     });
 };

backend/controllers/cinema.js

@@ -7,7 +7,7 @@ exports.getCinemas = function (req, res) {
     if (result) {
       res.status(200).json(result);
     } else {
-      res.status(280).json({status: 'fail', message: 'No Cinemas Found'});
+      res.status(404).json({status: 'fail', message: 'No Cinemas Found'});
     }
   });
 };

backend/controllers/movie.js

@@ -8,7 +8,7 @@ exports.getMoviesByTitle = function (req, res) {
     .then(function (count) {
       Movie.getMovieByTitle(req.user.id, req.headers.title, req.headers.offset, req.headers.limit)
         .then(function (movies) {
-          res.json({count: count, raw: movies});
+          res.status(200).json({count: count, raw: movies});
         }).catch(function (err) {
           console.log(err);
         }

backend/controllers/rate.js

@@ -9,7 +9,7 @@ exports.postRates = function (req, res) {
   var userId = req.user.id;
 
   if (score < 0 || score > 10) {
-    res.json({status: 'fail', message: 'Invalid Score'});
+    res.status(400).json({status: 'fail', message: 'Invalid Score'});
     return;
   }
 
@@ -21,7 +21,7 @@ exports.postRates = function (req, res) {
             if (ratings) {
               rate.updateRates(ratings, score)
                 .then(function () {
-                  return res.json({
+                  return res.status(200).json({
                     status: 'success',
                     message: 'Ratings Updated'
                   });
@@ -30,15 +30,15 @@ exports.postRates = function (req, res) {
               // Save the rating and check for errors
               rate.postRates(score, movieId, userId)
                 .then(function () {
-                  res.json({
+                  res.status(200).json({
                     status: 'success',
                     message: 'Ratings Posted!'
                   });
                 });
             }
           });
       } else {
-        res.json({
+        res.status(404).json({
           status: 'fail',
           message: 'Invalid MovieId'
         });

backend/controllers/ratingExtractor.js

@@ -86,15 +86,15 @@ exports.getTraktRatings = function (req, res) {
   User.getUserByEmail(email)
     .then(function (users) {
       if (users) {
-        res.json({
+        res.status(409).json({
           status: 'fail',
           message: 'User Existed'
         });
       } else {
         User.saveUser(email, username, password)
           .then(function () {
             result = true;
-            res.json({
+            res.status(200).json({
               status: 'success',
               message: 'User Created'
             });
@@ -126,9 +126,9 @@ exports.checkTraktUser = function (req, res) {
       console.log(err);
     } else {
       if (body === null) {
-        res.send(false);
+        res.status(404).send(false);
       } else {
-        res.send(true);
+        res.status(200).send(true);
       }
     }
   });

backend/controllers/showing.js

@@ -6,7 +6,10 @@ exports.getShowingByCinema = function (req, res) {
       if (result) {
         res.status(200).json(result);
       } else {
-        res.status(280).json({status: 'fail', message: 'No Schedule For Cinema'});
+        res.status(404).json({
+          status: 'fail',
+          message: 'No Schedule For Cinema'
+        });
       }
     })
 };

backend/controllers/user.js

@@ -9,15 +9,14 @@ exports.postUser = function (req, res) {
   User.getUserByEmail(email)
     .then(function (users) {
       if (users) {
-        res.json({
+        res.status(409).json({
           status: 'fail',
           message: 'User Existed'
         });
       } else {
         User.saveUser(email, username, password)
           .then(function () {
-            flag = true;
-            res.json({
+            res.status(200).json({
               status: 'success',
               message: 'User Created'
             });
@@ -31,7 +30,10 @@ exports.postUser = function (req, res) {
 };
 
 exports.getUser = function (req, res) {
-  res.json({email: req.user.email, username: req.user.username});
+  res.status(200).json({
+    email: req.user.email,
+    username: req.user.username
+  });
 };
 
 exports.updateUsername = function (req, res) {
@@ -40,21 +42,21 @@ exports.updateUsername = function (req, res) {
 
   if (username) {
     if (user.username === username) {
-      res.json({
+      res.status(409).json({
         status: 'fail',
         message: 'Same Username'
       });
     } else {
       User.updateUserUsername(user, username)
         .then(function () {
-          res.json({
+          res.status(200).json({
             status: 'success',
             message: 'Username Updated'
           });
         });
     }
   } else {
-    res.json({
+    res.status(400).json({
       status: 'fail',
       message: 'No Username Provided'
     });
@@ -67,21 +69,21 @@ exports.updatePassword = function (req, res) {
 
   if (password) {
     if (user.password === UserModel.getHashedPassword(password)) {
-      res.json({
+      res.status(409).json({
         status: 'fail',
         message: 'Same Password'
       });
     } else {
       User.updateUserPassword(user, password)
         .then(function () {
-          res.json({
+          res.status(200).json({
             status: 'success',
             message: 'Password Updated'
           });
         });
     }
   } else {
-    res.json({
+    res.status(400).json({
       status: 'fail',
       message: 'No Password Provided'
     });

backend/email/email.js

@@ -30,7 +30,10 @@ exports.buildResetRequest = function (req, res) {
           userId: users.id
         })
           .then(function (tokens) {
-            res.json({status: 'success', message: 'Email Sent'});
+            res.status(200).json({
+              status: 'success',
+              message: 'Email Sent'
+            });
 
             setTimeout(function () {
               tokens.destroy();
@@ -42,7 +45,10 @@ exports.buildResetRequest = function (req, res) {
             }
           });
       } else {
-        res.json({status: 'fail', message: 'Email Not Found'});
+        res.status(404).json({
+          status: 'fail',
+          message: 'Email Not Found'
+        });
       }
     });
 

backend/key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA2UWDX1N2vx/l5C9JV2O7MBtqr4L75RlbPRb4iv2Rp35GX/re
+bE0ESg3gxNKP4CaryjLm0yXetCAINjeLH5FpuFck5Vwa96rd/NNEiULz3buSI5vS
+fqQnS//x/JJcAYaheCR4rd2+R0gtxQEn1FD8LKiu5mO9/4AsscVlKvW9u8bWPEJY
+wRJFOumwruVTbTGLfkiwxOxo5jCCHarw99ai5KUDYbDOm7FSiwnflUdDnNyM6eaS
+IOZbfUMpflOxnnOHPR52ZZjyMClQs/lmYptFIQL2PCJaXGxz5ya++otzWnq6aOzh
+SzF3Pj/OhHJmdMR1d8wNb0yg/0I/75SLZMv+kQIDAQABAoIBAQDUB7ZQzM7RbXuX
+112nXrhKFjdi2FyiEsCrOUOLwDDoV56uA9ATuIU7D5gN+75UbOixBkOkQwy2k5vv
+7Pxj7jBRqRlkiyH2GFVSaYo0uZXrCSVwgpxE4kVHMZshdGM9SflBmbX7Vq5eOd4Q
+pzQLSo0NuAAW7bd5I8h6I7y609444+GA28t6WGnn6X6Cp+7u6hD0JS6Zm+NxsV4M
+M1srnU0g5fG+WmcGzPEyGtYqOMsnbOfCnn+B2G4SroPcol3ei/Ndil5XAdo8sobk
+S7wzGF/xd5t1gH4Tni8Gui+xfQiDT2c/zpyP4xpMm6bPrFv2eWrD5qCbNin7gacs
+kQdnzDjRAoGBAPT8xgklRgE5eNmPYSVzFHtPyy3kbU20mogyROX/RPvXmpAUU/vQ
+gN3ETxvbd2L8QSdtsAvWORejx/JSVrA0NaHFPEYC+Li+B1u2i4EsSnKtL2dlZ5wa
+qP9s3kBy2vfCV3aqJb0Bm9WnLGCtTF9YSA9T8hmLKia/UCGlBV9fSm/XAoGBAOMJ
+y6ToG1fPWED0jIwHwDte1cC/kWL2919Lgc73QRDwXmrlLapccPbq5fYPaTmyG1f5
+TEZoCo++yeIoIwFxgOUP4pb6cQTbAG58d1LohBPBBGt7ZyKpVnEEAUibNDKEx+Er
+Kjt+T2HV4RfAfwzpdA1iwMgHloVCOIYlUR0IKlfXAoGAa/YtC4C6jfWW1UGDTS6e
+uwzZ/BprNNA/PX/xru3Ep7tG6PGcZR9oetJ1DlC0FxIVYFvNNhosxMcvaRFyFGqd
+q/GwcyYCF9/efENAzScIk+rQNh+Q/lEdYprGgt5ass6ZHrkysk1QMGJggyY7vtS3
+xNF4olsas0Kh/IGtkW777bcCgYATAivxp5k6ddquvYrS4oc+sUb2N1PF1GWLrfe1
+S1BASc+t5Xg4TjsLAUm1mz61HOtbJz0ym91egZvHepLLuSQQiY7wExHJVUio93TK
+FTuRp9Rl51QQO9tH5QzydkQdgq51dLa5em7NAyowYeaBPz5/LGh1luUMTSoMWS18
+X8WjywKBgHUtzEZciHiaKQF1ejW9k+ORBkvI6sVtMYoWOOaGt/E04JXkRvtqefT2
+3wYhe4XwysJFhUkobW/zcX6m/h+5ga2Tna3Sr61ZwCklOmwEPG8UOsVTC9wmUXmi
+zWsrBRTYKeKxpiniE65XZJsSHZq08SJuvicfpDAk73Uf8EyLJzT1
+-----END RSA PRIVATE KEY-----

backend/package.json

@@ -5,10 +5,12 @@
     "body-parser": "~1.0.1",
     "cookie-parser": "^1.4.3",
     "crypto": "~0.0.3",
+    "ddos": "^0.1.16",
     "ejs": "^2.5.5",
     "eslint": "^3.14.1",
     "express": "~4.0.0",
     "express-session": "^1.14.2",
+    "helmet": "^3.5.0",
     "mocha": "^3.2.0",
     "morgan": "~1.7.0",
     "node-schedule": "^1.2.0",
@@ -21,8 +23,8 @@
     "path": "^0.12.7",
     "pg": "^6.1.2",
     "pg-hstore": "^2.3.2",
-    "request": "^2.79.0",
     "pm2": "^2.4.0",
+    "request": "^2.79.0",
     "sequelize": "~3.30.1",
     "should": "^11.2.0",
     "supertest": "^3.0.0",

backend/server.crt

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBjCCAe4CCQCFIF8PGyHLrDANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJT
+RzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
+cyBQdHkgTHRkMB4XDTE3MDIyNjEzNDYxMloXDTE4MDIyNjEzNDYxMlowRTELMAkG
+A1UEBhMCU0cxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
+IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANlFg19Tdr8f5eQvSVdjuzAbaq+C++UZWz0W+Ir9kad+Rl/63mxNBEoN4MTSj+Am
+q8oy5tMl3rQgCDY3ix+RabhXJOVcGveq3fzTRIlC8927kiOb0n6kJ0v/8fySXAGG
+oXgkeK3dvkdILcUBJ9RQ/CyoruZjvf+ALLHFZSr1vbvG1jxCWMESRTrpsK7lU20x
+i35IsMTsaOYwgh2q8PfWouSlA2GwzpuxUosJ35VHQ5zcjOnmkiDmW31DKX5TsZ5z
+hz0edmWY8jApULP5ZmKbRSEC9jwiWlxsc+cmvvqLc1p6umjs4Usxdz4/zoRyZnTE
+dXfMDW9MoP9CP++Ui2TL/pECAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAhVkLzoTW
+Rx333Dg83tlz+5LTaLzqXEjBrdZUFTQ2AC3+/i5DVoCA9JcfN7M1PQdAtwTBZIT4
+u8DlZaLrwWJ4VVIROE/YnlppYjqakZNivWB1oTJCCKN46LRBwl7qmTG9Y4Y22oUR
+tM8lcyK35Vtj+fkfz9UycxtuH3FqHX/k09bUYPWU/TzwyKRBdfgo0vLJi4RHp+js
+wTslfWxg8ZgjKmVxrHesw7CC+pbDwEuRKcDCR0Z0MR6mpdGSd71nFYJEzCNxgpce
+iWNtJxQ8gAheA1zPl0U/PJ38ackZh+OcuO28aMiYPWGKvBN2sfJ2lvGT7dLYrCxu
+aBxiGUnSTzycSQ==
+-----END CERTIFICATE-----

backend/server.js

@@ -6,8 +6,12 @@ var cookieParser = require('cookie-parser');
 var uuid = require('uuid');
 var passport = require('passport');
 var path = require('path');
+var fs = require('fs');
+var https = require('https');
+var helmet = require('helmet');
 
 var app = express();
+app.use(helmet());
 app.use(bodyParser.urlencoded({extended: true}));
 app.set('port', process.env.PORT || 8080);
 app.use(logger('dev'));
@@ -32,7 +36,14 @@ var router = require('./routes/index.js');
 
 app.use('/api', router);
 
-app.listen(app.get('port'), function () {
+// app.listen(app.get('port'), function () {
+//   console.log('Express server listening on port ' + app.get('port'));
+// });
+
+https.createServer({
+  key: fs.readFileSync('key.pem'),
+  cert: fs.readFileSync('server.crt')
+}, app).listen(app.get('port'), function () {
   console.log('Express server listening on port ' + app.get('port'));
 });
 

backend/test/controllers/bookmark.test.js

@@ -95,7 +95,7 @@ describe('Bookmark controller test', function () {
       .send('movieId=test000001')
       .expect(200)
       .end(function (err, res) {
-        res.status.should.equal(200);
+        res.status.should.equal(409);
         res.body.status.should.equal('fail');
         res.body.message.should.equal('Bookmark Existed');
         done();
@@ -126,7 +126,7 @@ describe('Bookmark controller test', function () {
         .send('movieId=test000003')
         .expect(200)
         .end(function (err, res) {
-          res.status.should.equal(200);
+          res.status.should.equal(404);
           res.body.status.should.equal('fail');
           res.body.message.should.equal('Bookmark Not Found');
           done();

backend/test/controllers/rate.test.js

@@ -101,7 +101,7 @@ describe('Rate controller test', function () {
       .send('score=-1')
       .expect(200)
       .end(function (err, res) {
-        res.status.should.equal(200);
+        res.status.should.equal(400);
         res.body.status.should.equal('fail');
         res.body.message.should.equal('Invalid Score');
       });
@@ -114,7 +114,7 @@ describe('Rate controller test', function () {
       .send('score=10.3')
       .expect(200)
       .end(function (err, res) {
-        res.status.should.equal(200);
+        res.status.should.equal(400);
         res.body.status.should.equal('fail');
         res.body.message.should.equal('Invalid Score');
         done();
@@ -130,7 +130,7 @@ describe('Rate controller test', function () {
       .send('score=abcde')
       .expect(200)
       .end(function (err, res) {
-        res.status.should.equal(200);
+        res.status.should.equal(400);
         res.body.status.should.equal('fail');
         res.body.message.should.equal('Invalid Score');
         done();
@@ -146,7 +146,7 @@ describe('Rate controller test', function () {
       .send('score=1.5')
       .expect(200)
       .end(function (err, res) {
-        res.status.should.equal(200);
+        res.status.should.equal(404);
         res.body.status.should.equal('fail');
         res.body.message.should.equal('Invalid MovieId');
         done();