me/express-blog-api
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
express-blog-api/controllers/comment.js
ak 7ea24df56b functional RESTful API
2023-09-18 13:43:22 -07:00

155 lines
4.2 KiB
JavaScript
Raw Blame History

const { default: mongoose } = require("mongoose");
const asyncHandler = require("express-async-handler");
const { body, validationResult } = require("express-validator");
const Comment = require("../models/comment.js");
// makes new comment - C
exports.post = [
// Validate and sanitize text
body("text", "Please enter comment!").isLength({ min: 1 }).trim().escape(),
// Validate and sanitize text
body("author", "Please enter comment author!")
.isLength({ min: 1 })
.trim()
.escape(),
// Validate and sanitize password
body("password", "Please enter password for future comment modification!")
.isLength({ min: 1 })
.trim()
.escape(),
// Process request after authentication, validation and sanitization
asyncHandler(async (req, res, next) => {
const errors = validationResult(req);
// if there are validation errors, render with errors
if (!errors.isEmpty()) {
return res.status(400).json({
message: "Comment produced validation errors!",
errors: errors.array(),
});
}
// else data is valid, make post object
const comment = new Comment({
date: new Date(),
text: req.body.text,
author: req.body.author,
post: req.params.postID,
_id: new mongoose.Types.ObjectId(),
password: req.body.password,
});
// save to DB
await comment.save();
return res.status(200).json({
message: "Comment uploaded!",
});
}),
];
// returns comment in json format - R
exports.get = asyncHandler(async (req, res, next) => {
const comment = await Comment.findOne({ _id: req.params.commentID })
.lean()
.exec();
return res.status(200).json({ comment });
});
// updates comment - U
exports.put = [
// Validate and sanitize text
body("text", "Please enter comment!").isLength({ min: 1 }).trim().escape(),
// Validate and sanitize author name
body("author", "Please enter comment author!")
.isLength({ min: 1 })
.trim()
.escape(),
// Validate and sanitize password
body("password", "Please enter password to modify comment!")
.isLength({ min: 1 })
.trim()
.escape(),
// Process request after sanitization and validation
asyncHandler(async (req, res, next) => {
const errors = validationResult(req);
// if there are validation errors, render with errors
if (!errors.isEmpty()) {
return res.status(400).json({
message: "Comment produced validation errors!",
errors: errors.array(),
});
}
const dbComment = await Comment.findOne({ _id: req.params.commentID })
.lean()
.exec();
if (req.body.author === dbComment.author) {
if (req.body.password === dbComment.password) {
const comment = {
date: new Date(),
text: req.body.text,
author: req.body.author,
post: dbComment.post,
_id: dbComment._id,
password: dbComment.password,
};
await comment.save();
return res.status(200).json({
message: "Post updated!",
});
}
return res.status(401).json({
message: "Comments can only be updated with their original password!",
});
}
return res.status(401).json({
message: "Comments can only be updated by their original author!",
});
}),
];
// deletes a comment - D
exports.delete = [
// Validate and sanitize password
body("password", "Please enter comment deletion password!")
.isLength({ min: 1 })
.trim()
.escape(),
// Process request after authentication, validation and sanitization
asyncHandler(async (req, res, next) => {
const errors = validationResult(req);
// if there are validation errors, render with errors
if (!errors.isEmpty()) {
return res.status(400).json({
message: "Comment password produced validation errors!",
errors: errors.array(),
});
}
const dbComment = await Comment.findOne({ _id: req.params.commentID })
.lean()
.exec();
if (req.body.password === dbComment.password) {
await Comment.findByIdAndDelete({ _id: req.params.commentID }).exec();
return res.status(200).json({ message: "Comment deleted!" });
}
return res.status(401).json({
message: "Incorrect password!",
});
}),
];
Reference in a new issue View git blame Copy permalink