165 lines
4.7 KiB
JavaScript
165 lines
4.7 KiB
JavaScript
const User = require("../models/user.js");
|
|
const asyncHandler = require("express-async-handler");
|
|
const { body, validationResult } = require("express-validator");
|
|
const { default: mongoose } = require("mongoose");
|
|
const bcrypt = require("bcryptjs");
|
|
|
|
exports.user_create_get = (req, res, next) => {
|
|
res.render("createuser");
|
|
};
|
|
|
|
exports.user_create_post = [
|
|
// Validate and sanitize name
|
|
body("name", "Please enter your name!").trim().isLength({ min: 1 }).escape(),
|
|
|
|
// Validate and sanitize username
|
|
body("username", "Please enter your username!")
|
|
.trim()
|
|
.isLength({ min: 1 })
|
|
.escape(),
|
|
|
|
// Validate and sanitize password
|
|
body("password", "Please enter your password!")
|
|
.trim()
|
|
.isLength({ min: 1 })
|
|
.escape(),
|
|
|
|
// Validate and sanitize password confirmation
|
|
body("password_confirmation", "Please confirm your password!")
|
|
.trim()
|
|
.isLength({ min: 1 })
|
|
.custom((value, { req }) => {
|
|
if (value !== req.body.password)
|
|
throw new Error("Passwords don't match!");
|
|
else return value;
|
|
})
|
|
.escape(),
|
|
|
|
// Process request after validation and sanitization.
|
|
asyncHandler(async (req, res, next) => {
|
|
// Extract the validation errors from a request.
|
|
const errors = validationResult(req);
|
|
// if there are validation errors
|
|
if (!errors.isEmpty()) {
|
|
// Render the creation form again with sanitized values/error messages.
|
|
res.render("createuser", {
|
|
errors: errors.array(),
|
|
});
|
|
return;
|
|
}
|
|
// else data is valid
|
|
// create new user with hashed password
|
|
const user = new User({
|
|
name: req.body.name,
|
|
username: req.body.username,
|
|
password: await bcrypt.hash(req.body.password, 10),
|
|
isMember: false,
|
|
isAdmin: false,
|
|
_id: new mongoose.Types.ObjectId(),
|
|
});
|
|
|
|
await user.save();
|
|
// saved. Redirect to home page.
|
|
res.redirect(`/`);
|
|
}),
|
|
];
|
|
|
|
exports.user_signin_get = (req, res, next) => {
|
|
res.render("signin");
|
|
};
|
|
|
|
exports.user_initiation_get = (req, res, next) => {
|
|
res.render("initiation");
|
|
};
|
|
|
|
exports.user_initiation_post = [
|
|
// Validate and sanitize Secret Code
|
|
body("code", "Secret Code not entered!")
|
|
.trim()
|
|
.isLength({ min: 1 })
|
|
.custom((value) => {
|
|
if (value !== process.env.INITIATION_CODE)
|
|
throw new Error("Incorrect Secret Code");
|
|
else return value;
|
|
})
|
|
.escape(),
|
|
|
|
// Process request after validation and sanitization.
|
|
asyncHandler(async (req, res, next) => {
|
|
// Extract the validation errors from a request.
|
|
const errors = validationResult(req);
|
|
|
|
// if there are validation errors
|
|
if (!errors.isEmpty()) {
|
|
// Render the Initiation form again with sanitized values/error messages.
|
|
res.render("initiation", {
|
|
errors: errors.array(),
|
|
});
|
|
return;
|
|
}
|
|
// Data from form is valid.
|
|
else {
|
|
// find user from DB
|
|
const dbUser = await User.findById(req.user._id).lean().exec();
|
|
// make a "new" user with same fields except member set to true
|
|
const user = new User({
|
|
name: dbUser.name,
|
|
username: dbUser.username,
|
|
password: dbUser.password,
|
|
isMember: true,
|
|
isAdmin: false, //always false if not a member
|
|
_id: dbUser._id,
|
|
});
|
|
await User.findByIdAndUpdate(dbUser._id, user, {});
|
|
// saved. Redirect to home page.
|
|
res.redirect(`/`);
|
|
}
|
|
}),
|
|
];
|
|
|
|
exports.user_sudo_get = (req, res, next) => {
|
|
res.render("sudo");
|
|
};
|
|
|
|
exports.user_sudo_post = [
|
|
// Validate and sanitize Great Secret
|
|
body("greatsecret", "Answer not entered!")
|
|
.trim()
|
|
.isLength({ min: 1 })
|
|
.custom((value) => {
|
|
if (value != process.env.GREAT_SECRET)
|
|
throw new Error("You are incorrect, Initiate");
|
|
else return value;
|
|
})
|
|
.escape(),
|
|
|
|
// Process request after validation and sanitization.
|
|
asyncHandler(async (req, res, next) => {
|
|
// Extract the validation errors from a request.
|
|
const errors = validationResult(req);
|
|
|
|
// if there are validation errors
|
|
if (!errors.isEmpty()) {
|
|
// Render the Initiation form again with sanitized values/error messages.
|
|
res.render("sudo", {
|
|
errors: errors.array(),
|
|
});
|
|
return;
|
|
}
|
|
// else data from form is valid.
|
|
// find user from DB
|
|
const dbUser = await User.findById(req.user._id).lean().exec();
|
|
// make a "new" user with same fields except admin set to true
|
|
const user = new User({
|
|
name: dbUser.name,
|
|
username: dbUser.username,
|
|
password: dbUser.password,
|
|
isMember: true, // always true if admin
|
|
isAdmin: true,
|
|
_id: dbUser._id,
|
|
});
|
|
await User.findByIdAndUpdate(dbUser._id, user, {});
|
|
// saved. Redirect to home page.
|
|
res.redirect(`/`);
|
|
}),
|
|
];
|