diff --git a/README.md b/README.md index c834022..ed9a27c 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,8 @@ And, you can learn about API in `util/APIDOCS.md`. * [Camroku](https://github.com/Camroku) - Made stylesheets ## To do (Backend, bug fixes) -- `/errors/error` will ~~change~~ deprecate, it will be in res.error . And we will use "alert" for errors with fetch api. this added for messages and reactions... -- message.js/12, so, admin perms,(req.user?.admin || !thread.deleted), and api in message. +- We will use "alert" for errors with fetch api. this added for messages and reactions... +- message.js/12, so, admin perms,, and api in message. - the forum will only use api path... this added for messages and reactions... ## Roadmap diff --git a/index.js b/index.js index 1774aee..31ee785 100644 --- a/index.js +++ b/index.js @@ -1,5 +1,4 @@ -const error = require("./errors/error.js"), - session = require('express-session'), +const session = require('express-session'), bodyParser = require('body-parser'), port = process.env.PORT || 3000, mongoose = require("mongoose"), @@ -20,6 +19,6 @@ app.use(require("./middlewares/user")); for (const file of fs.readdirSync("./routes")) app.use("/" + file.replace(".js", ""), require(`./routes/${file}`)); -app.all("*", (req, res) => error(res, 404, "We have not got this page.")); +app.all("*", (req, res) => res.error(404, "We have not got this page.")); app.listen(port, () => console.log("akf-forum on port:", port)); \ No newline at end of file diff --git a/middlewares/user.js b/middlewares/user.js index fbb58a5..40a0e5c 100644 --- a/middlewares/user.js +++ b/middlewares/user.js @@ -1,6 +1,7 @@ const { UserModel } = require("../models"); module.exports = async (req, res, next) => { + req.error = (type, error) => res.status(type).render("error", { type, error }); req.user = await UserModel.get(req.session.userid); next(); } \ No newline at end of file diff --git a/routes/admin.js b/routes/admin.js index 420521b..106f7bc 100644 --- a/routes/admin.js +++ b/routes/admin.js @@ -1,7 +1,6 @@ const { UserModel } = require("../models") const { Router } = require("express") -const error = require("../errors/error") const app = Router(); @@ -10,7 +9,7 @@ app.use(require("../middlewares/login")); app.get("/", async (req, res) => { const user = req.user; - if (!user.admin) return error(res, 403, "You have not got permissions for view to this page."); + if (!user.admin) return res.error( 403, "You have not got permissions for view to this page."); res.render("admin", { user, user2: false }) }); @@ -19,11 +18,11 @@ app.post("/", async (req, res) => { const user = req.user; - if (!user.admin) return error(res, 403, "You have not got permissions for view to this page."); + if (!user.admin) return res.error(403, "You have not got permissions for view to this page."); const user2 = await UserModel.get(req.body.userid); if (!user2) - return error(res, 404, "We have not got this user in all of the forum. Vesselam."); + return res.error( 404, "We have not got this user in all of the forum. Vesselam."); else { user2.admin = true; diff --git a/routes/api/routes/message.js b/routes/api/routes/message.js index 53a7365..e585f91 100644 --- a/routes/api/routes/message.js +++ b/routes/api/routes/message.js @@ -12,7 +12,7 @@ app.get("/:id", async (req, res) => { if (!id) return res.error(400, "Missing id in query") const message = await MessageModel.get(id); - if (!message || message.deleted) return res.error(404, "We have not got any message declared as this id."); + if (!message || (message.deleted && req.user && !req.user.admin)) return res.error(404, "We have not got any message declared as this id."); res.complate(message); diff --git a/routes/login.js b/routes/login.js index bae09d2..5827026 100644 --- a/routes/login.js +++ b/routes/login.js @@ -1,6 +1,5 @@ const { UserModel, SecretModel } = require("../models"); const { Router } = require("express"); -const error = require("../errors/error"); const app = Router(); const bcrypt = require("bcrypt"); @@ -17,19 +16,19 @@ app.post("/", async (req, res) => { const validPassword = await bcrypt.compare(password, user.password); - if (!validPassword) return error(res, 403, 'Incorrect Password!') + if (!validPassword) return res.error( 403, 'Incorrect Password!') const member = await UserModel.findOne({ name: username }); - if (!member || member.deleted) return error(res, 403, 'Incorrect Username and/or Password!') + if (!member || member.deleted) return res.error( 403, 'Incorrect Username and/or Password!') req.session.userid = user.id; res.redirect( req.query.redirect || '/'); } else - error(res, 403, 'Incorrect Username and/or Password!') + res.error( 403, 'Incorrect Username and/or Password!') } else - error(res, 400, "You forgot entering some values") + res.error( 400, "You forgot entering some values") diff --git a/routes/message.js b/routes/message.js index 815e9d0..b19a92f 100644 --- a/routes/message.js +++ b/routes/message.js @@ -1,5 +1,4 @@ const { MessageModel } = require("../models"); -const error = require("../errors/error") const { Router } = require("express"); @@ -8,7 +7,7 @@ const app = Router(); app.get("/:id", async (req, res) => { const message = await MessageModel.get(req.params.id); - if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id."); + if (!message || (message.deleted && req.user && !req.user.admin)) return res.error( 404, "We have not got any message declared as this id."); res.redirect("/threads/" + message.threadID); }); @@ -17,10 +16,10 @@ app.use(require("../middlewares/login")); app.post("/:id/delete", async (req, res) => { const message = await MessageModel.get(req.params.id); - if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id."); + if (!message || message.deleted) return res.error( 404, "We have not got any message declared as this id."); const user = req.user; if (user.id != message.authorID && !user.admin) - return error(res, 403, "You have not got permission for this."); + return res.error( 403, "You have not got permission for this."); message.deleted = true; await message.save(); diff --git a/routes/register.js b/routes/register.js index 231dad3..1376aa5 100644 --- a/routes/register.js +++ b/routes/register.js @@ -1,6 +1,5 @@ const { UserModel, SecretModel } = require("../models"); const { Router } = require("express") -const error = require("../errors/error") const bcrypt = require("bcrypt"); const app = Router(); @@ -17,7 +16,7 @@ app.post("/", async (req, res) => { const user = await SecretModel.findOne({ username }); if (user) - error(res, 400, `We have got an user named ${username}!`) + res.error(res, 400, `We have got an user named ${username}!`) else { @@ -35,7 +34,7 @@ app.post("/", async (req, res) => { } } else - error(res, 400, "You forgot entering some values") + res.error(res, 400, "You forgot entering some values") }) diff --git a/routes/threads.js b/routes/threads.js index 6091d40..4a8d472 100644 --- a/routes/threads.js +++ b/routes/threads.js @@ -2,7 +2,6 @@ const { Router } = require("express"); const app = Router(); const rateLimit = require('express-rate-limit') -const error = require("../errors/error") const { ThreadModel, MessageModel } = require("../models") @@ -42,7 +41,7 @@ app.get("/:id", async (req, res) => { res.render("thread", { thread, messages, user }) } else - error(res, 404, "We have not got this thread."); + res.error( 404, "We have not got this thread."); }); @@ -55,13 +54,13 @@ app.post("/", rateLimit({ windowMs: 10 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false, handler: (request, response, next, options) => !request.user.admin ? - error(response, options.statusCode, "You are begin ratelimited") + res.error(options.statusCode, "You are begin ratelimited") : next() }), async (req, res) => { const { title = null, content = null } = req.body; - if (!title || !content) return error(res, 400, "Title and/or content is missing"); + if (!title || !content) return res.error( 400, "Title and/or content is missing"); const user = req.user const thread = await new ThreadModel({ title, author: user }).takeId() @@ -76,10 +75,10 @@ app.post("/", rateLimit({ app.post("/:id/delete", async (req, res) => { const thread = await ThreadModel.get(req.params.id); - if (!thread || thread.deleted) return error(res, 404, "We have not got any thread declared as this id."); + if (!thread || thread.deleted) return res.error( 404, "We have not got any thread declared as this id."); const user = req.user; if (user.id != thread.authorID && !user.admin) - return error(res, 403, "You have not got permission for this."); + return res.error( 403, "You have not got permission for this."); thread.deleted = true; await thread.save(); diff --git a/routes/users.js b/routes/users.js index db0b193..83f8ac6 100644 --- a/routes/users.js +++ b/routes/users.js @@ -1,7 +1,6 @@ const { Router } = require("express"); const app = Router(); -const error = require("../errors/error"); const { UserModel, MessageModel, ThreadModel } = require("../models"); app.get("/", async ({ user }, res) => { @@ -22,7 +21,7 @@ app.get("/:id", async (req, res) => { const thread = await ThreadModel.count({ authorID: id }); res.render("user", { user, member, counts: { message, thread } }) } - else error(res, 404, "We have not got this user."); + else res.error(404, "We have not got this user."); }); @@ -32,12 +31,12 @@ app.use(require("../middlewares/login")); app.post("/:id/delete/", async (req, res) => { const user = req.user; if (!user?.admin) - return error(res, 403, "You have not got permission for this."); + return res.error( 403, "You have not got permission for this."); const { id = null } = req.params; const member = await UserModel.get(id); - if (!member || member.deleted) return error(res, 404, "We have not got any user declared as this id."); + if (!member || member.deleted) return res.error( 404, "We have not got any user declared as this id."); member.deleted = true; await member.save();