R01-kxnenao100@yahoo.com.tw

.github/workflows/ci.yml

@@ -1,16 +1,12 @@
 name: Node.js test
 
 on:
-  pull_request_target:
+  push:
     branches:
-      - main
-#  push:
-#    branches:
 #      - main
-#      - 'R*'
-#      - '*-test'
-#  pull_request:
-#    branches:
+      - '*-test'
+  pull_request:
+    branches:
 #      - main
 
 env:
@@ -38,11 +34,7 @@ jobs:
           # mysql user: 'github'                 # Required if "mysql root password" is empty, default is empty. The superuser for the specified database. Can use secrets, too
           # mysql password: 'password'           # Required if "mysql user" exists. The password for the "mysql user"
       - run: mysql --version
-      - run: echo "checkout head ${{ github.event.pull_request.head.sha }}"
-      - run: echo "base ${{ github.event.pull_request.base.sha }}"
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
+      - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v3
         with:

app.js

@@ -1,13 +1,43 @@
-const express = require('express')
-const routes = require('./routes')
+const express = require("express");
+const routes = require("./routes");
+const handlebars = require("express-handlebars");
+const app = express();
+const port = process.env.PORT || 3000;
+const flash = require("connect-flash");
+const session = require("express-session");
+const SESSION_SECRET = "secret";
+const passport = require("passport");
+const { getUser } = require("./helpers/auth-helpers");
+const handlebarsHelpers = require("./helpers/handlebars-helpers");
+const methodOverride = require("method-override");
+const path = require("path");
 
-const app = express()
-const port = process.env.PORT || 3000
 
-app.use(routes)
+app.use(
+  session({ secret: SESSION_SECRET, resave: false, saveUninitialized: false })
+);
+
+app.use(passport.initialize());
+app.use(passport.session());
+app.use(flash());
+app.use(express.urlencoded({ extended: true }));
+app.use(express.json()); 
+app.use(methodOverride("_method"));
+app.use("/upload", express.static(path.join(__dirname, "upload")));
+
+app.use((req, res, next) => {
+  res.locals.success_messages = req.flash("success_messages"); // 設定 success_msg 訊息
+  res.locals.error_messages = req.flash("error_messages"); // 設定 warning_msg 訊息
+  res.locals.user = getUser(req);
+  next();
+});
+
+app.use(routes);
+app.engine("hbs", handlebars({ extname: ".hbs", helpers: handlebarsHelpers }));
+app.set("view engine", "hbs");
 
 app.listen(port, () => {
-  console.info(`Example app listening on port ${port}!`)
-})
+  console.info(`Example app listening on port http://localhost:${port}/`);
+});
 
-module.exports = app
+module.exports = app;

config/passport.js

@@ -0,0 +1,47 @@
+const passport = require("passport");
+const LocalStrategy = require("passport-local");
+const bcrypt = require("bcryptjs");
+const db = require("../models");
+const User = db.User;
+// set up Passport strategy
+passport.use(
+  new LocalStrategy(
+    // customize user field
+    {
+      usernameField: "email",
+      passwordField: "password",
+      passReqToCallback: true,
+    },
+    // authenticate user
+    (req, email, password, cb) => {
+      User.findOne({ where: { email } }).then((user) => {
+        if (!user)
+          return cb(
+            null,
+            false,
+            req.flash("error_messages", "帳號或密碼輸入錯誤！")
+          );
+        bcrypt.compare(password, user.password).then((res) => {
+          if (!res)
+            return cb(
+              null,
+              false,
+              req.flash("error_messages", "帳號或密碼輸入錯誤！")
+            );
+          return cb(null, user);
+        });
+      });
+    }
+  )
+);
+// serialize and deserialize user
+passport.serializeUser((user, cb) => {
+  cb(null, user.id);
+});
+passport.deserializeUser((id, cb) => {
+  User.findByPk(id).then((user) => {
+    user = user.toJSON();
+    return cb(null, user);
+  });
+});
+module.exports = passport;

controllers/admin-controller.js

@@ -0,0 +1,130 @@
+const { Restaurant, User } = require("../models");
+const { localFileHandler } = require("../helpers/file-helpers");
+const { raw } = require("express");
+const { where } = require("sequelize");
+
+const adminController = {
+  getRestaurants: (req, res, next) => {
+    Restaurant.findAll({
+      raw: true,
+    })
+
+      .then((restaurants) => res.render("admin/restaurants", { restaurants }))
+
+      .catch((err) => next(err));
+  },
+  createRestaurant: (req, res) => {
+    return res.render("admin/create-restaurant");
+  },
+  postRestaurant: (req, res, next) => {
+    const { name, tel, address, openingHours, description } = req.body;
+    if (!name) throw new Error("Restaurant name is required!");
+    //修改以下
+    const { file } = req; // 把檔案取出來，也可以寫成 const file = req.file
+    localFileHandler(file) // 把取出的檔案傳給 file-helper 處理後
+      .then((filePath) =>
+        Restaurant.create({
+          // 再 create 這筆餐廳資料
+          name,
+          tel,
+          address,
+          openingHours,
+          description,
+          image: filePath || null,
+        })
+      )
+      .then(() => {
+        req.flash("success_messages", "restaurant was successfully created");
+        res.redirect("/admin/restaurants");
+      })
+      .catch((err) => next(err));
+  },
+  getRestaurant: (req, res, next) => {
+    Restaurant.findByPk(req.params.id, {
+      raw: true,
+    })
+      .then((restaurant) => {
+        if (!restaurant) throw new Error("Restaurant didn't exist!");
+        res.render("admin/restaurant", { restaurant });
+      })
+      .catch((err) => next(err));
+  },
+  editRestaurant: (req, res, next) => {
+    Restaurant.findByPk(req.params.id, {
+      raw: true,
+    })
+      .then((restaurant) => {
+        if (!restaurant) throw new Error("Restaurant didn't exist!");
+        res.render("admin/edit-restaurant", { restaurant });
+      })
+      .catch((err) => next(err));
+  },
+  putRestaurant: (req, res, next) => {
+    const { name, tel, address, openingHours, description } = req.body;
+    if (!name) throw new Error("Restaurant name is required!");
+    const { file } = req; // 把檔案取出來
+    Promise.all([
+      // 非同步處理
+      Restaurant.findByPk(req.params.id), // 去資料庫查有沒有這間餐廳
+      localFileHandler(file), // 把檔案傳到 file-helper 處理
+    ])
+      .then(([restaurant, filePath]) => {
+        // 以上兩樣事都做完以後
+        if (!restaurant) throw new Error("Restaurant didn't exist!");
+        return restaurant.update({
+          // 修改這筆資料
+          name,
+          tel,
+          address,
+          openingHours,
+          description,
+          image: filePath || restaurant.image, // 如果 filePath 是 Truthy (使用者有上傳新照片) 就用 filePath，是 Falsy (使用者沒有上傳新照片) 就沿用原本資料庫內的值
+        });
+      })
+      .then(() => {
+        req.flash("success_messages", "restaurant was successfully to update");
+        res.redirect("/admin/restaurants");
+      })
+      .catch((err) => next(err));
+  },
+  deleteRestaurant: (req, res, next) => {
+    return Restaurant.findByPk(req.params.id)
+      .then((restaurant) => {
+        if (!restaurant) throw new Error("Restaurant didn't exist!");
+        return restaurant.destroy();
+      })
+      .then(() => res.redirect("/admin/restaurants"))
+      .catch((err) => next(err));
+  },
+  getUsers: (req, res, next) => {
+    return User.findAll({
+      raw: true,
+    })
+      .then((users) => {
+        console.log(users)
+        res.render("admin/users", { users });
+      })
+      .catch((err) => next(err));
+  },
+  patchUser: (req, res, next) => {
+    const id = req.params.id;
+    return User.findByPk(id)
+      .then((user) => {
+        if (!user) throw new Error("User didn't exist!");
+        if (user.email === "root@example.com") {
+          req.flash("error_messages", "禁止變更 root 權限");
+          return res.redirect("back");
+        }
+        return user.update({
+          isAdmin: !user.isAdmin,
+        });
+      })
+      .then(() => {
+        req.flash("success_messages", "使用者權限變更成功");
+        return res.redirect("/admin/users");
+      })
+      .catch((err) => next(err));
+  },
+};
+
+module.exports = adminController;

controllers/restaurant-controller.js

@@ -0,0 +1,6 @@
+const restaurantController = {
+  getRestaurants: (req, res) => {
+    return res.render('restaurants')
+  }
+}
+module.exports = restaurantController

controllers/user-controller.js

@@ -0,0 +1,45 @@
+const bcrypt = require("bcryptjs");
+const db = require("../models");
+const { where } = require("sequelize");
+const User = db.User;
+
+const userController = {
+  signUpPage: (req, res) => {
+    res.render("signup");
+  },
+  signUp: (req, res, next) => {
+    if (req.body.password !== req.body.passwordCheck)
+      throw new Error("Passwords do not match!");
+
+    User.findOne({ where: { email: req.body.email } })
+      .then((user) => {
+        if (user) throw new Error("Email already exists!");
+        return bcrypt.hash(req.body.password, 10); 
+      })
+      .then((hash) => {
+        User.create({
+          name: req.body.name,
+          email: req.body.email,
+          password: hash,
+        });
+      })
+      .then(() => {
+        req.flash("success_messages", "成功註冊帳號！"); 
+        res.redirect("/signin");
+      })
+      .catch((err) => next(err)); 
+  },
+  signInPage: (req, res) => {
+    res.render('signin')
+  },
+  signIn: (req, res) => {
+    req.flash('success_messages', '成功登入！')
+    res.redirect('/restaurants')
+  },
+  logout: (req, res) => {
+    req.flash('success_messages', '登出成功！')
+    req.logout()
+    res.redirect('/signin')
+  }
+};
+module.exports = userController;

helpers/auth-helpers.js

@@ -0,0 +1,10 @@
+const getUser = (req) => {
+  return req.user || null;
+};
+const ensureAuthenticated = req => {
+  return req.isAuthenticated()
+}
+module.exports = {
+  getUser,
+  ensureAuthenticated
+};

helpers/file-helpers.js

@@ -0,0 +1,15 @@
+const fs = require("fs");
+const localFileHandler = (file) => {
+  return new Promise((resolve, reject) => {
+    if (!file) return resolve(null);
+    const fileName = `upload/${file.originalname}`;
+    return fs.promises
+      .readFile(file.path)
+      .then((data) => fs.promises.writeFile(fileName, data))
+      .then(() => resolve(`/${fileName}`))
+      .catch((err) => reject(err));
+  });
+};
+module.exports = {
+  localFileHandler,
+};

helpers/handlebars-helpers.js

@@ -0,0 +1,4 @@
+const dayjs = require('dayjs') //載入 dayjs 套件
+module.exports = {
+  currentYear: () => dayjs().year() //取得當年年份作為 currentYear 的屬性值，並導出
+}