const User = require("../models/user.js"); const asyncHandler = require("express-async-handler"); const { body, validationResult } = require("express-validator"); const { default: mongoose } = require("mongoose"); const bcrypt = require("bcryptjs"); exports.user_create_get = (req, res, next) => { res.render("createuser"); }; exports.user_create_post = [ // Validate and sanitize name body("name", "Please enter your name!").trim().isLength({ min: 1 }).escape(), // Validate and sanitize username body("username", "Please enter your username!") .trim() .isLength({ min: 1 }) .escape(), // Validate and sanitize password body("password", "Please enter your password!") .trim() .isLength({ min: 1 }) .escape(), // Validate and sanitize password confirmation body("password_confirmation", "Please confirm your password!") .trim() .isLength({ min: 1 }) .custom((value, { req }) => { if (value !== req.body.password) throw new Error("Passwords don't match!"); else return value; }) .escape(), // Process request after validation and sanitization. asyncHandler(async (req, res, next) => { // Extract the validation errors from a request. const errors = validationResult(req); // if there are validation errors if (!errors.isEmpty()) { // Render the creation form again with sanitized values/error messages. res.render("createuser", { errors: errors.array(), }); return; } // else data is valid // create new user with hashed password const user = new User({ name: req.body.name, username: req.body.username, password: await bcrypt.hash(req.body.password, 10), isMember: false, isAdmin: false, _id: new mongoose.Types.ObjectId(), }); await user.save(); // saved. Redirect to home page. res.redirect(`/`); }), ]; exports.user_signin_get = (req, res, next) => { res.render("signin"); }; exports.user_initiation_get = (req, res, next) => { res.render("initiation"); }; exports.user_initiation_post = [ // Validate and sanitize Secret Code body("code", "Secret Code not entered!") .trim() .isLength({ min: 1 }) .custom((value) => { if (value !== process.env.INITIATION_CODE) throw new Error("Incorrect Secret Code"); else return value; }) .escape(), // Process request after validation and sanitization. asyncHandler(async (req, res, next) => { // Extract the validation errors from a request. const errors = validationResult(req); // if there are validation errors if (!errors.isEmpty()) { // Render the Initiation form again with sanitized values/error messages. res.render("initiation", { errors: errors.array(), }); return; } // Data from form is valid. else { // find user from DB const dbUser = await User.findById(req.user._id).lean().exec(); // make a "new" user with same fields except member set to true const user = new User({ name: dbUser.name, username: dbUser.username, password: dbUser.password, isMember: true, isAdmin: false, //always false if not a member _id: dbUser._id, }); await User.findByIdAndUpdate(dbUser._id, user, {}); // saved. Redirect to home page. res.redirect(`/`); } }), ]; exports.user_sudo_get = (req, res, next) => { res.render("sudo"); }; exports.user_sudo_post = [ // Validate and sanitize Great Secret body("greatsecret", "Answer not entered!") .trim() .isLength({ min: 1 }) .custom((value) => { if (value != process.env.GREAT_SECRET) throw new Error("You are incorrect, Initiate"); else return value; }) .escape(), // Process request after validation and sanitization. asyncHandler(async (req, res, next) => { // Extract the validation errors from a request. const errors = validationResult(req); // if there are validation errors if (!errors.isEmpty()) { // Render the Initiation form again with sanitized values/error messages. res.render("sudo", { errors: errors.array(), }); return; } // else data from form is valid. // find user from DB const dbUser = await User.findById(req.user._id).lean().exec(); // make a "new" user with same fields except admin set to true const user = new User({ name: dbUser.name, username: dbUser.username, password: dbUser.password, isMember: true, // always true if admin isAdmin: true, _id: dbUser._id, }); await User.findByIdAndUpdate(dbUser._id, user, {}); // saved. Redirect to home page. res.redirect(`/`); }), ];