akf-forum/routes/threads.js

const { Router } = require("express");
const app = Router();
const rateLimit = require('express-rate-limit')

const error = require("../errors/error")
const { ThreadModel, MessageModel } = require("../models")


app.get("/", async (req, res) => {

    const user = req.user;

    const threads = await ThreadModel.find(user?.admin ? {} : { deleted: false }).limit(10);

    return res.render("threads", { threads, user });
});


app.get("/create*", async (req, res) => {

    const user = req.user
    res.render("createThread", { user })

});

app.get("/:id", async (req, res) => {

    const { id } = req.params;

    const thread = await ThreadModel.get(id);
    const user = req.user;

    if (thread && (user?.admin || !thread.deleted)) {

        const messages = await Promise.all(thread.messages.map(async id => {
            const message = await MessageModel.get(id)
            return user?.admin || !message?.deleted ? message : null;
        }));

        res.render("thread", { thread, messages, user })
    } else
        error(res, 404, "We have not got this thread.");
});


app.use(require("../middlewares/login"));


app.post("/", rateLimit({
    windowMs: 10 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false,
    handler: (request, response, next, options) =>
        !request.user.admin ?
            error(response, options.statusCode, "You are begin ratelimited")
            : next()
}), async (req, res) => {

    const { title = null, content = null } = req.body;

    if (!title || !content) return error(res, 400, "Title and/or content is missing");
    const user = req.user
    const thread = await new ThreadModel({ title, author: user }).takeId()

    const message = await new MessageModel({ content, author: user, threadID: thread.id }).takeId()

    await thread.push(message.id).save();

    await message.save();

    res.redirect('/threads/' + thread.id);
})

app.post("/:id/delete", async (req, res) => {
    const thread = await ThreadModel.get(req.params.id);
    if (!thread || thread.deleted) return error(res, 404, "We have not got any thread declared as this id.");
    const user = req.user;
    if (user.id != thread.authorID && !user.admin)
        return error(res, 403, "You have not got permission for this.");

    thread.deleted = true;
    await thread.save();


    res.status(200).redirect("/threads/");

})

module.exports = app;
Routes are fixed 2022-03-21 23:53:22 +03:00			`const { Router } = require("express");`
			`const app = Router();`
ratelimit & crypto & .ejs fix added ratelimit to post threads and messages. Added encryption to passwords. Thread.ejs is fixed 2022-08-10 00:22:12 +03:00			`const rateLimit = require('express-rate-limit')`
Routes are fixed 2022-03-21 23:53:22 +03:00
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`const error = require("../errors/error")`
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`const { ThreadModel, MessageModel } = require("../models")`
Routes are fixed 2022-03-21 23:53:22 +03:00

Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`app.get("/", async (req, res) => {`
Routes are fixed 2022-03-21 23:53:22 +03:00
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`const user = req.user;`
Routes are fixed 2022-03-21 23:53:22 +03:00
Added thread deleting 2022-08-10 00:44:13 +03:00			`const threads = await ThreadModel.find(user?.admin ? {} : { deleted: false }).limit(10);`
Routes are fixed 2022-03-21 23:53:22 +03:00
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`return res.render("threads", { threads, user });`
Routes are fixed 2022-03-21 23:53:22 +03:00			`});`


Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`app.get("/create*", async (req, res) => {`
Added message post to api 2022-04-03 21:39:26 +03:00
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`const user = req.user`
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`res.render("createThread", { user })`
Added message post to api 2022-04-03 21:39:26 +03:00
			`});`

Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`app.get("/:id", async (req, res) => {`
Routes are fixed 2022-03-21 23:53:22 +03:00
			`const { id } = req.params;`

Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`const thread = await ThreadModel.get(id);`
API is optimized, and better ratelimit 2022-08-10 02:08:18 +03:00			`const user = req.user;`
Routes are fixed 2022-03-21 23:53:22 +03:00
API is optimized, and better ratelimit 2022-08-10 02:08:18 +03:00			`if (thread && (user?.admin \|\| !thread.deleted)) {`
Database changed to MongoDB 2022-04-06 21:14:46 +03:00
			`const messages = await Promise.all(thread.messages.map(async id => {`
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`const message = await MessageModel.get(id)`
Added thread deleting 2022-08-10 00:44:13 +03:00			`return user?.admin \|\| !message?.deleted ? message : null;`
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`}));`

Routes are fixed 2022-03-21 23:53:22 +03:00			`res.render("thread", { thread, messages, user })`
			`} else`
			`error(res, 404, "We have not got this thread.");`
			`});`

Not login support 2022-04-03 21:01:55 +03:00


Added message post to api 2022-04-03 21:39:26 +03:00			`app.use(require("../middlewares/login"));`
Not login support 2022-04-03 21:01:55 +03:00

ratelimit & crypto & .ejs fix added ratelimit to post threads and messages. Added encryption to passwords. Thread.ejs is fixed 2022-08-10 00:22:12 +03:00			`app.post("/", rateLimit({`
API is optimized, and better ratelimit 2022-08-10 02:08:18 +03:00			`windowMs: 10 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false,`
			`handler: (request, response, next, options) =>`
			`!request.user.admin ?`
			`error(response, options.statusCode, "You are begin ratelimited")`
			`: next()`
ratelimit & crypto & .ejs fix added ratelimit to post threads and messages. Added encryption to passwords. Thread.ejs is fixed 2022-08-10 00:22:12 +03:00			`}), async (req, res) => {`
Routes are fixed 2022-03-21 23:53:22 +03:00
			`const { title = null, content = null } = req.body;`

Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`if (!title \|\| !content) return error(res, 400, "Title and/or content is missing");`
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`const user = req.user`
			`const thread = await new ThreadModel({ title, author: user }).takeId()`

			`const message = await new MessageModel({ content, author: user, threadID: thread.id }).takeId()`
Routes are fixed 2022-03-21 23:53:22 +03:00
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`await thread.push(message.id).save();`
Routes are fixed 2022-03-21 23:53:22 +03:00
Mongoose is fixed & optimized The dublicate key error fixed, ids as string. classes removed. using mongoose's magic 2022-08-09 19:16:34 +03:00			`await message.save();`
Routes are fixed 2022-03-21 23:53:22 +03:00
Database changed to MongoDB 2022-04-06 21:14:46 +03:00			`res.redirect('/threads/' + thread.id);`
Routes are fixed 2022-03-21 23:53:22 +03:00			`})`

Added thread deleting 2022-08-10 00:44:13 +03:00			`app.post("/:id/delete", async (req, res) => {`
			`const thread = await ThreadModel.get(req.params.id);`
			`if (!thread \|\| thread.deleted) return error(res, 404, "We have not got any thread declared as this id.");`
			`const user = req.user;`
			`if (user.id != thread.authorID && !user.admin)`
			`return error(res, 403, "You have not got permission for this.");`

			`thread.deleted = true;`
			`await thread.save();`


			`res.status(200).redirect("/threads/");`

			`})`
Routes are fixed 2022-03-21 23:53:22 +03:00
			`module.exports = app;`