DEVfancybear
diff --git a/‎.env
+3 b/‎.env
+3
diff --git a/‎.gitignore
+1 b/‎.gitignore
+1
diff --git a/‎config/passport.js
+28 b/‎config/passport.js
+28
diff --git a/‎index.js
+58 b/‎index.js
+58
diff --git a/‎middleware/index.js
+72 b/‎middleware/index.js
+72
diff --git a/‎models/Comment.js
+24 b/‎models/Comment.js
+24
diff --git a/‎models/Post.js
+33 b/‎models/Post.js
+33
diff --git a/‎models/User.js
+41 b/‎models/User.js
+41
@@ -0,0 +1,3 @@
+PORT=5000
+MONGODB_URL=mongodb://localhost/simple-blog
+SECRET=mysecret
@@ -0,0 +1 @@
+node_modules
@@ -0,0 +1,28 @@
+const passport = require('passport')
+const localStrategy = require('passport-local').Strategy
+const User = require('../models/User')
+
+module.exports = function (app) {
+    app.use(passport.initialize())
+    app.use(passport.session())
+
+    passport.serializeUser((user, done) => { done(null, user.id) })
+    passport.deserializeUser((id, done) => {
+        User.findById(id, (err, user) => {
+            done(err, user)
+        })
+    })
+
+    passport.use(new localStrategy(function (username, password, done) {
+        User.findOne({ username }, (err, user) => {
+            if (err) return done(err)
+            if (!user) return done(null, false, { message: 'User not found'})
+
+            user.comparePassword(password, (err, isMatch) => {
+                if (err) return done(null, { message: 'Something went wrong'})
+                if (!isMatch) return done(null, false,{ message: 'Invalid password'})
+                return done(null, user)
+            })
+        })
+    }))
+}
@@ -0,0 +1,58 @@
+// modules
+const express = require('express')
+const dotenv = require('dotenv')
+const mongoose = require('mongoose')
+const bodyParser = require('body-parser')
+const flash = require('connect-flash')
+const session = require('express-session')
+
+// routes
+const indexRoutes = require('./routes/index')
+const postRoutes = require('./routes/post')
+const commentRoutes = require('./routes/comment')
+// setup the environment
+dotenv.config()
+
+// connect database
+mongoose.connect(process.env.MONGODB_URL, { useNewUrlParser: true })
+.then(() => console.log('Mongodb connected')) 
+
+// create app
+const app = express()
+
+// configuration ejs
+app.set('view engine', 'ejs')
+
+// setup public folder
+app.use(express.static('public'))
+// middlewares
+app.use(bodyParser.json())
+app.use(bodyParser.urlencoded({ extended: false }))
+app.use(session({
+    secret: process.env.SECRET,
+    resave: false,
+    saveUninitialized: false 
+}))
+app.use(flash())
+
+// setup passport
+require('./config/passport')(app)
+
+// custom middeware
+app.use((req, res, next) => {
+    res.locals.currentUser = req.user;
+    res.locals.error = req.flash('error')
+    res.locals.success = req.flash('success')
+    next()
+})
+
+
+// setup routes
+app.use('/', indexRoutes)
+app.use('/post', postRoutes)
+app.use('/post/:id/comments', commentRoutes)
+
+const PORT = process.env.PORT || 5000
+
+// run server
+app.listen(PORT, () => console.log(`Server is running on port ${PORT}`))
@@ -0,0 +1,72 @@
+const Post = require('../models/Post')
+const Comment = require('../models/Comment')
+
+exports.isLoggedIn = (req, res, next) => {
+    if (req.isAuthenticated()) {
+        next()
+    } else {
+        req.flash('error', 'You must be logged')
+        res.redirect('/login')
+    }
+}
+
+// check ownership
+exports.isOwnerPost = async (req, res, next) => {
+    if (req.isAuthenticated()) {
+        try {
+            // find post by id
+            const post = await Post.findById(req.params.id)
+
+            if (!post) {
+                // if not found the post
+                req.flash('error', 'Post not found')
+                return res.redirect('back')
+            } else {
+                // check ownership
+                if (post.userId.equals(req.user._id)) {
+                    // same ids
+                    next()
+                } else {
+                    // not same ids
+                    req.flash('error', "You don't have permission")
+                    return res.redirect('back')
+                }
+            }
+        } catch (err) {
+            req.flash('error', 'Something went wrong')
+            return res.redirect('back')
+        }
+    } else {
+        req.flash('error', 'You must be logged in')
+        res.redirect('back')
+    }
+}
+
+exports.checkOwnershipComment = async (req, res, next) => {
+    if (req.isAuthenticated()) {
+        try {
+            // find post and comment
+            const post = await Post.findById(req.params.id)
+            const comment = await Comment.findById(req.params.commentId)
+            // not found comment or post
+            if (!comment || !post) {
+                req.flash('error', 'Something went wrong')
+                return res.redirect('back')
+            }
+            // check ownership of comment
+            if (comment.author.id.equals(req.user._id)) {
+                next()
+            } else {
+                // dont have permisson
+                req.flash('error', "You don't have permission")
+                return res.redirect('back')
+            }
+        } catch (err) {
+            console.log(err)
+            return res.redirect('back')
+        }
+    } else {
+        req.flash('error', 'You must be logged in')
+        return res.redirect('back')
+    }
+}
@@ -0,0 +1,24 @@
+const mongoose = require('mongoose')
+const Schema = mongoose.Schema
+
+
+const commentSchema = new Schema({
+    text: {
+        type: String,
+        required: true 
+    },
+    author: {
+        id: {
+            type: Schema.Types.ObjectId,
+            ref: 'User'
+        },
+        username: String 
+    },
+    createdAt: {
+        type: Date,
+        default: Date.now
+    }
+})
+
+
+module.exports = mongoose.model('Comment', commentSchema)
@@ -0,0 +1,33 @@
+const mongoose = require('mongoose')
+const Schema = mongoose.Schema
+
+const postSchema = new Schema({
+    title: {
+        type: String,
+        required: true 
+    },
+    image: {
+        type: String,
+        required: true
+    },
+    body: {
+        type: String,
+        required: true 
+    },
+    createdAt: {
+        type: Date,
+        default: Date.now 
+    },
+    userId: {
+        type: Schema.Types.ObjectId,
+        ref: 'User'
+    },
+    comments: [
+        {
+            type: Schema.Types.ObjectId,
+            ref: 'Comment'
+        }
+    ]
+})
+
+module.exports = mongoose.model('Post', postSchema)
@@ -0,0 +1,41 @@
+const mongoose = require('mongoose')
+const bcrypt = require('bcryptjs')
+const Schema = mongoose.Schema
+
+const userSChema = new Schema({
+    username: {
+        type: String,
+        required: true, 
+        unique: true
+    },
+    password: {
+        type: String,
+        require: true
+    }
+})
+
+userSChema.pre('save', function (next) {
+    var user = this 
+
+    if (!user.isModified('password')) {
+        return next()
+    }
+
+    bcrypt.genSalt(10, (err, salt) => {
+        if (err) return next(err)
+
+        bcrypt.hash(user.password, salt, function(err, hash) {
+            if (err) return next(err)
+            user.password = hash
+            next()
+        })
+    })
+})
+
+userSChema.methods.comparePassword = function (clientPassword, cb) {
+    bcrypt.compare(clientPassword, this.password, (err, isMatch) => {
+        if (err) return cb(err)
+        cb(null, isMatch)
+    })
+}
+module.exports = mongoose.model('User', userSChema)
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+PORT=5000`
	`2`	`+MONGODB_URL=mongodb://localhost/simple-blog`
	`3`	`+SECRET=mysecret`