Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added Validations for Add-Post & Contact-Us #112

Merged
merged 1 commit into from
Oct 30, 2024
Merged

Added Validations for Add-Post & Contact-Us #112

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions server/routes/admin.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ const User = require('../models/User');
const bcrypt = require('bcrypt');
const jwt = require('jsonwebtoken');
const passport = require('passport'); // Added passport import
const { validateRegistration, validatePost } = require('../validations/authValidator');

const adminLayout = '../views/layouts/admin';
const jwtSecret = process.env.JWT_SECRET;
Expand Down Expand Up @@ -119,7 +120,7 @@ router.get('/add-post', authMiddleware, async (req, res) => {
description: 'Simple Blog created with NodeJs, Express & MongoDb.',
};

res.render('admin/add-post', { locals, layout: adminLayout });
res.render('admin/add-post', {locals, layout: adminLayout });
} catch (error) {
console.log(error);
}
Expand All @@ -129,7 +130,7 @@ router.get('/add-post', authMiddleware, async (req, res) => {
* POST /add-post
* Admin Create New Post Route
*/
router.post('/add-post', authMiddleware, async (req, res) => {
router.post('/add-post', authMiddleware,validatePost, async (req, res) => {
try {
const token = req.cookies.token
const newPost = new Post({
Expand Down Expand Up @@ -170,7 +171,7 @@ router.get('/edit-post/:id', authMiddleware, async (req, res) => {
* PUT /edit-post/:id
* Admin Update Post Route
*/
router.put('/edit-post/:id', authMiddleware, async (req, res) => {
router.put('/edit-post/:id', authMiddleware,validatePost, async (req, res) => {
try {
await Post.findByIdAndUpdate(req.params.id, {
title: req.body.title,
Expand Down Expand Up @@ -219,7 +220,7 @@ router.get('/register',restrictAuthRouteMiddleware, (req, res) => {



router.post('/register', async (req, res) => {
router.post('/register',validateRegistration, async (req, res) => {
const { username, password } = req.body;

// Simple validation
Expand Down
7 changes: 5 additions & 2 deletions server/routes/main.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ const router = express.Router();
const Post = require('../models/Post');
const ContactMessage = require('../models/contactMessage');
const transporter = require('../config/nodemailerConfig');
const { validateContact } = require('../validations/authValidator');


/**
* GET /
* HOME
Expand Down Expand Up @@ -149,10 +152,10 @@ router.get('/contact', (req, res) => {
});
});

router.post('/send-message', async (req, res) => {
router.post('/send-message',validateContact ,async (req, res) => {
const { name, email, message } = req.body;

try {
try {``
// Create a new contact message
const newMessage = new ContactMessage({ name, email, message });
await newMessage.save();
Expand Down
107 changes: 107 additions & 0 deletions server/validations/authValidator.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
const { body, validationResult } = require('express-validator');

// Validation middleware for registration
const validateRegistration = [
body('username')
.trim()
.isLength({ min: 3 })
.withMessage('Username must be at least 3 characters long')
.matches(/^[a-zA-Z0-9]+$/)
.withMessage('Username can only contain letters and numbers')
.escape(),

body('password')
.isLength({ min: 8 })
.withMessage('Password must be at least 8 characters long')
.matches(/\d/)
.withMessage('Password must contain at least one number')
.matches(/[!@#$%^&*]/)
.withMessage('Password must contain at least one special character')
.escape(),

// Middleware to handle validation results
(req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
req.flash('error', errors.array()[0].msg);
return res.redirect('/register');
}
next();
}
];

// Validation middleware for posts
const validatePost = [
body('title')
.trim()
.notEmpty()
.withMessage('Title is required')
.isLength({ max: 200 })
.withMessage('Title must not exceed 200 characters')
.escape(),

body('body')
.trim()
.notEmpty()
.withMessage('Post content is required')
.escape(),

body('author')
.trim()
.notEmpty()
.withMessage('Author name is required')
.escape(),

(req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
res.render('admin/add-post', {message: errors });
}
next();
}
];

// Validation middleware for contact form
const validateContact = [
body('name')
.trim()
.notEmpty()
.withMessage('Name is required')
.isLength({ max: 100 })
.withMessage('Name must not exceed 100 characters')
.escape(),

body('email')
.trim()
.notEmpty()
.withMessage('Email is required')
.isEmail()
.withMessage('Please provide a valid email address')
.normalizeEmail(),

body('message')
.trim()
.notEmpty()
.withMessage('Message is required')
.isLength({ max: 1000 })
.withMessage('Message must not exceed 1000 characters')
.escape(),

(req, res, next) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.render('contact', {
currentRoute: '/contact',
message: errors.array()[0].msg,
user: req.cookies.token
});
}
next();
}
];

module.exports = {
validateRegistration,
validatePost,
validateContact
};
10 changes: 8 additions & 2 deletions views/admin/add-post.ejs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,13 +184,19 @@

<div class="content-right">
<div class="blog-form-container">
<% if (typeof message !== 'undefined' && message.errors && message.errors.length) { %>
<div class="message" style="background-color: #f0a2a8; color: #000000;">
<% message.errors.forEach(err => { %>
<p><%= err.msg %></p>
<% }); %>
</div>
<% } %>
<h2>Add a New Blog</h2>
<form class="blog-form" method="post" action="/add-post">
<div class="form-group">
<label for="blog-title">Blog Title</label>
<input
name ="title"

name ="title"
type="text"
id="blog-title"
placeholder="Enter your blog title..."
Expand Down
Loading