const { default: mongoose } = require("mongoose"); const asyncHandler = require("express-async-handler"); const { body, validationResult } = require("express-validator"); const Comment = require("../models/comment.js"); // makes new comment - C exports.post = [ // Validate and sanitize text body("text", "Please enter comment!").isLength({ min: 1 }).trim().escape(), // Validate and sanitize text body("author", "Please enter comment author!") .isLength({ min: 1 }) .trim() .escape(), // Validate and sanitize password body("password", "Please enter password for future comment modification!") .isLength({ min: 1 }) .trim() .escape(), // Process request after authentication, validation and sanitization asyncHandler(async (req, res, next) => { const errors = validationResult(req); // if there are validation errors, render with errors if (!errors.isEmpty()) { return res.status(400).json({ message: "Comment produced validation errors!", errors: errors.array(), }); } // else data is valid, make post object const comment = new Comment({ date: new Date(), text: req.body.text, author: req.body.author, post: req.params.postID, _id: new mongoose.Types.ObjectId(), password: req.body.password, }); // save to DB await comment.save(); return res.status(200).json({ message: "Comment uploaded!", }); }), ]; // returns comment in json format - R exports.get = asyncHandler(async (req, res, next) => { const comment = await Comment.findOne({ _id: req.params.commentID }) .lean() .exec(); return res.status(200).json({ comment }); }); // updates comment - U exports.put = [ // Validate and sanitize text body("text", "Please enter comment!").isLength({ min: 1 }).trim().escape(), // Validate and sanitize author name body("author", "Please enter comment author!") .isLength({ min: 1 }) .trim() .escape(), // Validate and sanitize password body("password", "Please enter password to modify comment!") .isLength({ min: 1 }) .trim() .escape(), // Process request after sanitization and validation asyncHandler(async (req, res, next) => { const errors = validationResult(req); // if there are validation errors, render with errors if (!errors.isEmpty()) { return res.status(400).json({ message: "Comment produced validation errors!", errors: errors.array(), }); } const dbComment = await Comment.findOne({ _id: req.params.commentID }) .lean() .exec(); if (req.body.author === dbComment.author) { if (req.body.password === dbComment.password) { const comment = { date: new Date(), text: req.body.text, author: req.body.author, post: dbComment.post, _id: dbComment._id, password: dbComment.password, }; await comment.save(); return res.status(200).json({ message: "Post updated!", }); } return res.status(401).json({ message: "Comments can only be updated with their original password!", }); } return res.status(401).json({ message: "Comments can only be updated by their original author!", }); }), ]; // deletes a comment - D exports.delete = [ // Validate and sanitize password body("password", "Please enter comment deletion password!") .isLength({ min: 1 }) .trim() .escape(), // Process request after authentication, validation and sanitization asyncHandler(async (req, res, next) => { const errors = validationResult(req); // if there are validation errors, render with errors if (!errors.isEmpty()) { return res.status(400).json({ message: "Comment password produced validation errors!", errors: errors.array(), }); } const dbComment = await Comment.findOne({ _id: req.params.commentID }) .lean() .exec(); if (req.body.password === dbComment.password) { await Comment.findByIdAndDelete({ _id: req.params.commentID }).exec(); return res.status(200).json({ message: "Comment deleted!" }); } return res.status(401).json({ message: "Incorrect password!", }); }), ];