calParks3/authMiddleware.js at main · Nspired1/calParks3 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
const Joi = require('joi');
const { reviewSchema, parkSchema } = require('./joiSchemas.js');
//const { reviewSchema } = require('./joiSchemas.js');
const ExpressError = require("./utils/ExpressError");
const Park = require("./models/park");
const Review = require("./models/review");


// Joi validation middleware for parks
module.exports.validatePark = (req, res, next) => {
    // const parkSchema = Joi.object({
    //     park: Joi.object({
    //         title: Joi.string().required(),
    //         description: Joi.string().required(),
    //         location: Joi.string().required(),
    //         price: Joi.number().min(0).allow(null, ''),
    //         image: Joi.string().allow(null, '')
    //     }).required()
    // });
    const { error } = parkSchema.validate(req.body);
    if (error){
        const msg = error.details.map(element => element.message).join(',')
        throw new ExpressError(msg, 400)
    } else {
        next();
    }
}

//  joi validation middleware
module.exports.validateReview = (req, res, next) => {
    const { error } = reviewSchema.validate(req.body);
    if (error){
        const msg = error.details.map(element => element.message).join(',')
        throw new ExpressError(msg, 400)
    } else {
        next();
    }
}


// this is auth and validation middleware

module.exports.isLoggedIn = (req, res, next) => {
    if(!req.isAuthenticated()){
        req.session.returnTo = req.originalUrl
        req.flash('error', 'You must be logged in.');
        return res.redirect('/login');
    }
    next();
}

// check for author of park middleware
module.exports.isAuthor = async(req, res, next) => {
    const { id } = req.params;
    const park = await Park.findById(id);
    if(!park.author.equals(req.user._id)){
        req.flash('error', 'You do not have permission to do that.');
        return res.redirect(`/parks/${id}`);
    }
    next();
}

module.exports.isReviewAuthor = async(req, res, next) => {
    const { id, reviewId } = req.params;
    const review = await Review.findById(reviewId);
    if(!review.author.equals(req.user._id)){
        req.flash('error', 'You do not have permission to do that.');
        return res.redirect(`/parks/${id}`);
    }
    next();
}