From b979bfd47caef70d5133e24160dc5f257ded4636 Mon Sep 17 00:00:00 2001
From: Akif9748 <akif9748@gmail.com>
Date: Thu, 11 Aug 2022 00:49:44 +0300
Subject: [PATCH] Better error handling

---
 README.md                    |  4 ++--
 index.js                     |  5 ++---
 middlewares/user.js          |  1 +
 routes/admin.js              |  7 +++----
 routes/api/routes/message.js |  2 +-
 routes/login.js              |  9 ++++-----
 routes/message.js            |  7 +++----
 routes/register.js           |  5 ++---
 routes/threads.js            | 11 +++++------
 routes/users.js              |  7 +++----
 10 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/README.md b/README.md
index c834022..ed9a27c 100644
--- a/README.md
+++ b/README.md
@@ -20,8 +20,8 @@ And, you can learn about API in `util/APIDOCS.md`.
 * [Camroku](https://github.com/Camroku) - Made stylesheets
 
 ## To do (Backend, bug fixes) 
-- `/errors/error` will ~~change~~ deprecate, it will be in res.error . And we will use "alert" for errors with fetch api. this added for messages and reactions...
-- message.js/12, so, admin perms,(req.user?.admin || !thread.deleted), and api in message.
+- We will use "alert" for errors with fetch api. this added for messages and reactions...
+- message.js/12, so, admin perms,, and api in message.
 - the forum will only use api path... this added for messages and reactions...
 
 ## Roadmap
diff --git a/index.js b/index.js
index 1774aee..31ee785 100644
--- a/index.js
+++ b/index.js
@@ -1,5 +1,4 @@
-const error = require("./errors/error.js"),
-        session = require('express-session'),
+const session = require('express-session'),
         bodyParser = require('body-parser'),
         port = process.env.PORT || 3000,
         mongoose = require("mongoose"),
@@ -20,6 +19,6 @@ app.use(require("./middlewares/user"));
 for (const file of fs.readdirSync("./routes"))
         app.use("/" + file.replace(".js", ""), require(`./routes/${file}`));
 
-app.all("*", (req, res) => error(res, 404, "We have not got this page."));
+app.all("*", (req, res) => res.error(404, "We have not got this page."));
 
 app.listen(port, () => console.log("akf-forum on port:", port));
\ No newline at end of file
diff --git a/middlewares/user.js b/middlewares/user.js
index fbb58a5..40a0e5c 100644
--- a/middlewares/user.js
+++ b/middlewares/user.js
@@ -1,6 +1,7 @@
 const { UserModel } = require("../models");
 
 module.exports = async (req, res, next) => {
+    req.error = (type, error) => res.status(type).render("error", { type, error });
     req.user = await UserModel.get(req.session.userid);
     next();
 }   
\ No newline at end of file
diff --git a/routes/admin.js b/routes/admin.js
index 420521b..106f7bc 100644
--- a/routes/admin.js
+++ b/routes/admin.js
@@ -1,7 +1,6 @@
 const { UserModel } = require("../models")
 
 const { Router } = require("express")
-const error = require("../errors/error")
 
 const app = Router();
 
@@ -10,7 +9,7 @@ app.use(require("../middlewares/login"));
 app.get("/", async (req, res) => {
     const user = req.user;
 
-    if (!user.admin) return error(res, 403, "You have not got permissions for view to this page.");
+    if (!user.admin) return res.error(  403, "You have not got permissions for view to this page.");
 
     res.render("admin", { user, user2: false })
 });
@@ -19,11 +18,11 @@ app.post("/", async (req, res) => {
 
     const user = req.user;
 
-    if (!user.admin) return error(res, 403, "You have not got permissions for view to this page.");
+    if (!user.admin) return res.error(403, "You have not got permissions for view to this page.");
     const user2 = await UserModel.get(req.body.userid);
 
     if (!user2)
-        return error(res, 404, "We have not got this user in all of the forum. Vesselam.");
+        return res.error( 404, "We have not got this user in all of the forum. Vesselam.");
 
     else {
         user2.admin = true;
diff --git a/routes/api/routes/message.js b/routes/api/routes/message.js
index 53a7365..e585f91 100644
--- a/routes/api/routes/message.js
+++ b/routes/api/routes/message.js
@@ -12,7 +12,7 @@ app.get("/:id", async (req, res) => {
     if (!id) return res.error(400, "Missing id in query")
     const message = await MessageModel.get(id);
 
-    if (!message || message.deleted) return res.error(404, "We have not got any message declared as this id.");
+    if (!message || (message.deleted && req.user && !req.user.admin)) return res.error(404, "We have not got any message declared as this id.");
 
     res.complate(message);
 
diff --git a/routes/login.js b/routes/login.js
index bae09d2..5827026 100644
--- a/routes/login.js
+++ b/routes/login.js
@@ -1,6 +1,5 @@
 const { UserModel, SecretModel } = require("../models");
 const { Router } = require("express");
-const error = require("../errors/error");
 const app = Router();
 const bcrypt = require("bcrypt");
 
@@ -17,19 +16,19 @@ app.post("/", async (req, res) => {
 
             const validPassword = await bcrypt.compare(password, user.password);
 
-            if (!validPassword) return error(res, 403, 'Incorrect Password!')
+            if (!validPassword) return res.error( 403, 'Incorrect Password!')
             const member = await UserModel.findOne({ name: username });
-            if (!member || member.deleted) return error(res, 403, 'Incorrect Username and/or Password!')
+            if (!member || member.deleted) return res.error( 403, 'Incorrect Username and/or Password!')
 
             req.session.userid = user.id;
 
             res.redirect( req.query.redirect ||  '/');
         } else
-            error(res, 403, 'Incorrect Username and/or Password!')
+        res.error( 403, 'Incorrect Username and/or Password!')
 
 
     } else
-        error(res, 400, "You forgot entering some values")
+    res.error( 400, "You forgot entering some values")
 
 
 
diff --git a/routes/message.js b/routes/message.js
index 815e9d0..b19a92f 100644
--- a/routes/message.js
+++ b/routes/message.js
@@ -1,5 +1,4 @@
 const { MessageModel } = require("../models");
-const error = require("../errors/error")
 
 const { Router } = require("express");
 
@@ -8,7 +7,7 @@ const app = Router();
 app.get("/:id", async (req, res) => {
     const message = await MessageModel.get(req.params.id);
 
-    if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id.");
+    if (!message || (message.deleted && req.user && !req.user.admin)) return res.error( 404, "We have not got any message declared as this id.");
     res.redirect("/threads/" + message.threadID);
 
 });
@@ -17,10 +16,10 @@ app.use(require("../middlewares/login"));
 
 app.post("/:id/delete", async (req, res) => {
     const message = await MessageModel.get(req.params.id);
-    if (!message || message.deleted) return error(res, 404, "We have not got any message declared as this id.");
+    if (!message || message.deleted) return res.error( 404, "We have not got any message declared as this id.");
     const user = req.user;
     if (user.id != message.authorID && !user.admin)
-        return error(res, 403, "You have not got permission for this.");
+        return res.error( 403, "You have not got permission for this.");
     message.deleted = true;
     await message.save();
 
diff --git a/routes/register.js b/routes/register.js
index 231dad3..1376aa5 100644
--- a/routes/register.js
+++ b/routes/register.js
@@ -1,6 +1,5 @@
 const { UserModel, SecretModel } = require("../models");
 const { Router } = require("express")
-const error = require("../errors/error")
 const bcrypt = require("bcrypt");
 
 const app = Router();
@@ -17,7 +16,7 @@ app.post("/", async (req, res) => {
         const user = await SecretModel.findOne({ username });
 
         if (user)
-            error(res, 400, `We have got an user named ${username}!`)
+            res.error(res, 400, `We have got an user named ${username}!`)
 
         else {
 
@@ -35,7 +34,7 @@ app.post("/", async (req, res) => {
         }
 
     } else
-        error(res, 400, "You forgot entering some values")
+        res.error(res, 400, "You forgot entering some values")
 
 
 })
diff --git a/routes/threads.js b/routes/threads.js
index 6091d40..4a8d472 100644
--- a/routes/threads.js
+++ b/routes/threads.js
@@ -2,7 +2,6 @@ const { Router } = require("express");
 const app = Router();
 const rateLimit = require('express-rate-limit')
 
-const error = require("../errors/error")
 const { ThreadModel, MessageModel } = require("../models")
 
 
@@ -42,7 +41,7 @@ app.get("/:id", async (req, res) => {
 
         res.render("thread", { thread, messages, user })
     } else
-        error(res, 404, "We have not got this thread.");
+        res.error( 404, "We have not got this thread.");
 });
 
 
@@ -55,13 +54,13 @@ app.post("/", rateLimit({
     windowMs: 10 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false,
     handler: (request, response, next, options) =>
         !request.user.admin ?
-            error(response, options.statusCode, "You are begin ratelimited")
+            res.error(options.statusCode, "You are begin ratelimited")
             : next()
 }), async (req, res) => {
 
     const { title = null, content = null } = req.body;
 
-    if (!title || !content) return error(res, 400, "Title and/or content is missing");
+    if (!title || !content) return res.error( 400, "Title and/or content is missing");
     const user = req.user
     const thread = await new ThreadModel({ title, author: user }).takeId()
 
@@ -76,10 +75,10 @@ app.post("/", rateLimit({
 
 app.post("/:id/delete", async (req, res) => {
     const thread = await ThreadModel.get(req.params.id);
-    if (!thread || thread.deleted) return error(res, 404, "We have not got any thread declared as this id.");
+    if (!thread || thread.deleted) return res.error( 404, "We have not got any thread declared as this id.");
     const user = req.user;
     if (user.id != thread.authorID && !user.admin)
-        return error(res, 403, "You have not got permission for this.");
+        return res.error( 403, "You have not got permission for this.");
 
     thread.deleted = true;
     await thread.save();
diff --git a/routes/users.js b/routes/users.js
index db0b193..83f8ac6 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -1,7 +1,6 @@
 const { Router } = require("express");
 const app = Router();
 
-const error = require("../errors/error");
 const { UserModel, MessageModel, ThreadModel } = require("../models");
 
 app.get("/", async ({ user }, res) => {
@@ -22,7 +21,7 @@ app.get("/:id", async (req, res) => {
         const thread = await ThreadModel.count({ authorID: id });
         res.render("user", { user, member, counts: { message, thread } })
     }
-    else error(res, 404, "We have not got this user.");
+    else res.error(404, "We have not got this user.");
 
 });
 
@@ -32,12 +31,12 @@ app.use(require("../middlewares/login"));
 app.post("/:id/delete/", async (req, res) => {
     const user = req.user;
     if (!user?.admin)
-        return error(res, 403, "You have not got permission for this.");
+        return res.error( 403, "You have not got permission for this.");
 
     const { id = null } = req.params;
     const member = await UserModel.get(id);
 
-    if (!member || member.deleted) return error(res, 404, "We have not got any user declared as this id.");
+    if (!member || member.deleted) return res.error( 404, "We have not got any user declared as this id.");
 
     member.deleted = true;
     await member.save();