Skip to content

Commit

Permalink
Merge pull request #61 from bellaabdelouahab/dev
Browse files Browse the repository at this point in the history 
Enhance -  appError & code cleanup & login page in frontend [#61]
  • Loading branch information
@bellaabdelouahab
bellaabdelouahab authored Jul 1, 2023
2 parents 55be937 + 92eddd6 commit 372d6ce
Show file tree
Hide file tree
Showing 16 changed files with 411 additions and 322 deletions.
2 changes: 1 addition & 1 deletion backend-app/config/app_config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,6 @@ exports.ADMIN_EMAIL = process.env.ADMIN_EMAIL || "[email protected]";
exports.ADMIN_PASSWORD = process.env.ADMIN_PASSWORD || "admin123";
exports.JWT_SECRET = process.env.JWT_SECRET || "sdfsdf";
exports.JWT_EXPIRES_IN = "360000";
exports.REQUIRE_ACTIVATION = process.env.REQUIRE_ACTIVATION || false;
exports.REQUIRE_ACTIVATION = process.env.REQUIRE_ACTIVATION || true;
// RATE_LIMIT_PER_HOUR
exports.RATE_LIMIT_PER_HOUR = process.env.RATE_LIMIT_PER_HOUR || 500;
14 changes: 0 additions & 14 deletions backend-app/controllers/admin_controller.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ exports.addAdmin = async (req, res, next) => {
);
await user.save();
res.status(200).json({
status: 'success',
message: 'User is now an admin',
});
} catch (err) {
Expand All @@ -49,7 +48,6 @@ exports.removeAdmin = async (req, res, next) => {
user.restrictions = Roles.USER.restrictions;
await user.save();
res.status(200).json({
status: 'success',
message: 'User is no longer an admin',
});
} catch (err) {
Expand All @@ -75,7 +73,6 @@ exports.addSuperAdmin = async (req, res, next) => {
);
await user.save();
res.status(200).json({
status: 'success',
message: 'User is now a super admin',
});
} catch (err) {
Expand All @@ -101,7 +98,6 @@ exports.removeSuperAdmin = async (req, res, next) => {
user.restrictions = Roles.ADMIN.restrictions;
await user.save();
res.status(200).json({
status: 'success',
message: 'User is no longer a super admin',
});
} catch (err) {
Expand Down Expand Up @@ -145,7 +141,6 @@ exports.authorizeOrRestrict = async (req, res, next) => {
);
await user.save();
res.status(200).json({
status: 'success',
message: 'User authorities and restrictions updated',
});
} catch (err) {
Expand All @@ -169,7 +164,6 @@ exports.banUser = async (req, res, next) => {
user.accessRestricted = true;
await user.save();
res.status(200).json({
status: 'success',
message: 'User is now banned',
});
} catch (err) {
Expand All @@ -188,7 +182,6 @@ exports.unbanUser = async (req, res, next) => {
user.accessRestricted = false;
await user.save();
res.status(200).json({
status: 'success',
message: 'User is now unbanned',
});
} catch (err) {
Expand All @@ -202,7 +195,6 @@ exports.createRole = async (req, res, next) => {
throw new AppError(400, 'fail', 'Role already exists');
const createdRole = await role.createRole(name, authorities, restrictions);
res.status(201).json({
status: 'success',
message: 'Role created',
data: createdRole,
});
Expand All @@ -214,7 +206,6 @@ exports.getRoles = async (req, res, next) => {
try {
const roles = await role.getRoles();
res.status(200).json({
status: 'success',
message: 'Roles retrieved',
data: roles,
});
Expand All @@ -227,7 +218,6 @@ exports.getRole = async (req, res, next) => {
try {
const singleRole = await role.getRoleByName(name);
res.status(200).json({
status: 'success',
message: 'Role retrieved',
data: singleRole,
});
Expand All @@ -240,7 +230,6 @@ exports.deleteRole = async (req, res, next) => {
try {
const deletedRole = await role.deleteRoleByName(name);
res.status(200).json({
status: 'success',
message: 'Role deleted',
data: deletedRole,
});
Expand All @@ -258,7 +247,6 @@ exports.updateRole = async (req, res, next) => {
restrictions
);
res.status(200).json({
status: 'success',
message: 'Role updated',
data: updatedRole,
});
Expand All @@ -284,7 +272,6 @@ exports.assignRoleToUser = async (req, res, next) => {
);
await user.save();
res.status(200).json({
status: 'success',
message: 'Role assigned to user',
});
} catch (err) {
Expand All @@ -309,7 +296,6 @@ exports.removeRoleFromUser = async (req, res, next) => {
);
await user.save();
res.status(200).json({
status: 'success',
message: 'Role removed from user',
});
} catch (err) {
Expand Down
99 changes: 25 additions & 74 deletions backend-app/controllers/auth_controller.js
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const { promisify } = require('util');
const mongoose = require('mongoose');
const jwt = require('jsonwebtoken');
const User = require('../models/user_model');
const AppError = require('../utils/app_error');
Expand Down Expand Up @@ -33,12 +34,7 @@ exports.login = async (req, res, next) => {

// 1) check if email and password existos
if (!email || !password) {
return next(
new AppError(404, 'fail', 'Please provide email or password'),
req,
res,
next
);
return next(new AppError(404, 'fail', 'Please provide email or password'));
}

// 2) check if user exist and password is correct
Expand All @@ -54,12 +50,7 @@ exports.login = async (req, res, next) => {
);

if (!user || !(await user.correctPassword(password, user.password))) {
return next(
new AppError(401, 'fail', 'Email or Password is wrong'),
req,
res,
next
);
return next(new AppError(401, 'fail', 'Email or Password is wrong'));
}

// 3) All correct, send jwt to client
Expand All @@ -69,7 +60,6 @@ exports.login = async (req, res, next) => {
user.password = undefined;

res.status(200).json({
status: 'success',
token,
data: {
user,
Expand Down Expand Up @@ -105,7 +95,6 @@ exports.signup = async (req, res, next) => {
);

res.status(201).json({
status: 'success',
token,
data: {
user,
Expand All @@ -121,45 +110,31 @@ exports.activateAccount = async (req, res, next) => {
const { id,activationKey } = req.query;

if (!activationKey) {
return next(
new AppError(400, 'fail', 'Please provide activation key'),
req,
res,
next
);
return next(new AppError(400, 'fail', 'Please provide activation key'));
}
if (!id) {
return next(new AppError(400, 'fail', 'Please provide user id'));
}

// find user by activation key
// check if a valid id
if (!mongoose.Types.ObjectId.isValid(id)) {
return next(new AppError(400, 'fail', 'Please provide a valid user id'));
}

const user = await User.findOne({
_id: id,
});
}).select('+activationKey');

if (!user) {
return next(
new AppError(404, 'fail', 'User does not exist'),
req,
res,
next
);
return next(new AppError(404, 'fail', 'User does not exist'));
}

if (!user.activationKey) {
return next(
new AppError(409, 'fail', 'User is already active'),
req,
res,
next
);
if (user.active) {
return next(new AppError(409, 'fail', 'User is already active'));
}

// verify activation key
if (activationKey !== user.activationKey) {
return next(
new AppError(400, 'fail', 'Please provide correct activation key'),
req,
res,
next
);
return next(new AppError(400, 'fail', 'Invalid activation key'));
}
// activate user
user.active = true;
Expand All @@ -169,7 +144,6 @@ exports.activateAccount = async (req, res, next) => {
user.password = undefined;

res.status(200).json({
status: 'success',
data: {
user,
},
Expand Down Expand Up @@ -223,8 +197,7 @@ exports.forgotPassword = async (req, res, next) => {
const user = await User.findOne({ email });

if (!user) {
return next(
new AppError(404, "fail", "User with this email does not exist")
return next(new AppError(404, "fail", "User with this email does not exist")
);
}

Expand Down Expand Up @@ -262,16 +235,11 @@ exports.protect = async (req, res, next) => {
token = req.headers.authorization.split(' ')[1];
}
if (!token) {
return next(
new AppError(
return next(new AppError(
401,
'fail',
'You are not logged in! Please login in to continue'
),
req,
res,
next
);
));
}

// 2) Verify token
Expand All @@ -280,18 +248,12 @@ exports.protect = async (req, res, next) => {
// 3) check if the user is exist (not deleted)
const user = await User.findById(decode.id);
if (!user) {
return next(
new AppError(401, 'fail', 'This user is no longer exist'),
req,
res,
next
);
return next(new AppError(401, 'fail', 'This user is no longer exist'));
}

// Check if the account is banned
if (user?.accessRestricted)
return next(
new AppError(
return next(new AppError(
403,
'fail',
'Your account has been banned. Please contact the admin for more information.'
Expand All @@ -300,8 +262,7 @@ exports.protect = async (req, res, next) => {
req.user = user;
// check if account is active
if (!user.active)
return next(
new AppError(
return next(new AppError(
403,
'fail',
'Your account is not active. Please activate your account to continue.'
Expand All @@ -312,12 +273,7 @@ exports.protect = async (req, res, next) => {
} catch (err) {
// check if the token is expired
if (err.name === 'TokenExpiredError') {
return next(
new AppError(401, 'fail', 'Your token is expired'),
req,
res,
next
);
return next(new AppError(401, 'fail', 'Your token is expired'));
}
next(err);
}
Expand All @@ -330,12 +286,7 @@ exports.restrictTo = (...roles) => {
return req.user.roles.includes(role);
});
if (!roleExist) {
return next(
new AppError(403, 'fail', 'You are not allowed to do this action'),
req,
res,
next
);
return next(new AppError(403, 'fail', 'You are not allowed to do this action'));
}
next();
};
Expand Down
Loading

0 comments on commit 372d6ce

Please sign in to comment.