-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.js
More file actions
137 lines (112 loc) · 3.69 KB
/
app.js
File metadata and controls
137 lines (112 loc) · 3.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
// imported modules
const express = require("express");
const bodyParser = require("body-parser");
const session = require("express-session");
const cors = require("cors");
const app = express();
//port number
const PORT = 5000;
//in memory database
const users = [];
const posts = [];
//set engine to react
app.use(cors({
origin: "http://localhost:3000",
credentials: true,
}));
//middleware using body-parser
app.use(express.json());
app.use(bodyParser.urlencoded({ extended: true}));
//setup for authentication
app.use(session({
secret: "supersecretkey",
resave: false,
saveUninitialized: false,
cookie: {
secure: false,
httpOnly: true,
sameSite: "lax"
}
}));
// made logged in user available to all
app.use((req, res, next) => {
res.locals.user = req.session.user;
next();
});
// Get all posts
app.get("/api/blogs", (req, res) => {
const sorted = posts.sort((a, b) => new Date(b.date_created) - new Date(a.date_created));
res.json(sorted);
});
//signup page route
app.post("/signup", async (req, res) => {
const { user_id, password, name } = req.body;
if (users.find(u => u.user_id === user_id)) {
return res.status(400).json({ error: "User ID already exists. Please choose another."});
}
const newUser = { user_id, password, name };
users.push(newUser);
req.session.user = newUser;
res.json({ success: true });
});
//route to signin page
app.post("/signin", async (req, res) => {
const { user_id, password } = req.body;
const user = users.find(u => u.user_id === user_id);
if(!user || user.password !== password) {
return res.status(401).json({ error: "Invalid user ID or password"});
}
req.session.user = user;
res.json({ success: true, user});
});
//logout route
app.get("/api/logout", (req, res) => {
req.session.destroy(() => {
res.json({ success: true});
});
});
// route to add new post
app.post("/api/blogs", async (req, res) => {
//check if the correct user is logging in
const user = req.session.user;
//if not user send to signin page
if (!user) return res.status(401).json({ error: "Not signed in"});
const { title, content } = req.body;
const id = posts.length + 1;
const newPost = {
id,
creator_user_id: user.user_id,
creator_name: user.name,
title,
content,
date_created: new Date()
};
posts.push(newPost);
res.json({ success: true });
});
//route to show edit form for post
app.put("/api/blogs/:id", async (req, res) => {
const user = req.session.user;
if (!user) return res.status(401).json({ error: "Not signed in" });
const post = posts.find(p => p.id === parseInt(req.params.id));
if (!post) return res.status(404).json({ error: "Post not found"});
if (post.creator_user_id !== user.user_id) return res.status(403).json({ error: "Unauthorized edit" });
post.title = req.body.title;
post.content = req.body.content;
//sending post data to edit
res.json({ success: true });
});
//route to delete post
app.delete("/api/blogs/:id", async (req, res) => {
const user = req.session.user;
if (!user) return res.status(401).json({ error: "Not signed in" });
const index = posts.findIndex(p => p.id === parseInt(req.params.id));
if (index === -1) return res.status(404).json({ error: "Post not found" });
if (posts[index].creator_user_id !== user.user_id) return res.status(403).json({ error: "Unauthorized delete" });
posts.splice(index, 1);
res.json({ success: true });
});
//start server listen for port
app.listen(PORT, () => {
console.log(`API Server running at http://localhost:${PORT}`);
});