edited app.js

Author: atharv02-git

.gitignore

@@ -1,3 +1,4 @@
 node_modules/
-package.json
+.env
 package-lock.json
+images/

ErrorSchemas.js

@@ -1,17 +1,42 @@
-const Joi = require('joi')
+const BaseJoi = require('joi');
+const sanitizeHtml = require('sanitize-html');
+
+const extension = (joi) => ({
+    type: 'string',
+    base: joi.string(),
+    messages: {
+        'string.escapeHTML': '{{#label}} must not include HTML!'
+    },
+    rules: {
+        escapeHTML: {
+            validate(value, helpers) {
+                const clean = sanitizeHtml(value, {
+                    allowedTags: [],
+                    allowedAttributes: {},
+                });
+                if (clean !== value) return helpers.error('string.escapeHTML', { value })
+                return clean;
+            }
+        }
+    }
+});
+
+const Joi = BaseJoi.extend(extension)
+
 module.exports.campgroundSchema = Joi.object({
     campground: Joi.object({
-        title: Joi.string().required(),
+        title: Joi.string().required().escapeHTML(),
         price: Joi.number().required().min(0),
-        image: Joi.string().required(),
-        location: Joi.string().required(),
-        description: Joi.string().required()
-    }).required()
+        // image: Joi.string().required(),
+        location: Joi.string().required().escapeHTML(),
+        description: Joi.string().required().escapeHTML()
+    }).required(),
+    deleteImages: Joi.array()
 });
 
 module.exports.reviewSchema = Joi.object({
     review: Joi.object({
         rating: Joi.number().required().min(1).max(5),
-        body: Joi.string().required()
+        body: Joi.string().required().escapeHTML()
     }).required()
 })

README.md

@@ -0,0 +1,3 @@
+# ratemycamp
+$ npm install passport passport-local pass passport-local-mongoose
+// Passport local passportLocalMongoose will add a Username,hash and salt field to store the username,the hashed password and the salt value.

app.js

@@ -1,17 +1,32 @@
+if (process.env.NODE_ENV !== "production") {
+    require('dotenv').config();
+}
+
 const express = require('express');
 const path = require('path');
 const mongoose = require('mongoose');
 const ejsMate = require('ejs-mate');
-const Joi = require('joi')
-const { campgroundSchema, reviewSchema } = require('./ErrorSchemas')
+
+const session = require('express-session');
+const flash = require('connect-flash');
+const passport = require('passport');
+const LocalStrategy = require('passport-local');
+const User = require('./models/user');
+
 const ExpressError = require('./utils/ExpressError')
-const CatchAsync = require('./utils/CatchAsync')
-const Campground = require('./models/campground')
-const Review = require('./models/review')
 const methodOverride = require('method-override');
-const review = require('./models/review');
 
-mongoose.connect('mongodb://localhost:27017/yelp-camp', {
+const userRoutes = require('./routes/users')
+const campgroundRoutes = require('./routes/campgrounds')
+const reviewRoutes = require('./routes/reviews')
+const mongoSanitize = require('express-mongo-sanitize');
+const helmet = require("helmet");
+
+// setting Mongo Atlas
+const dbUrl = process.env.DB_URL || 'mongodb://localhost:27017/yelp-camp';
+const MongoStore = require('connect-mongo');
+
+mongoose.connect(dbUrl, {
     useNewUrlParser: true,
     // useCreateIndex: true,
     useUnifiedTopology: true
@@ -28,98 +43,80 @@ const app = express();
 app.engine('ejs', ejsMate);
 app.set('view engine', 'ejs');
 app.set('views', path.join(__dirname, 'views'))
+
 app.use(express.urlencoded({ extended: true }))
 app.use(methodOverride('_method'))
+app.use(express.static(path.join(__dirname, 'public')))
+
+app.use(
+    mongoSanitize({
+        replaceWith: '_',
+    }),
+);
+
+app.use(
+    helmet({
+        contentSecurityPolicy: false,
+    })
+);
+
+const secret = process.env.SECRET || 'thisshouldbeabettersecret!'
+const store = MongoStore.create({
+    mongoUrl: dbUrl,
+    secret,
+    touchAfter: 24 * 60 * 60,
+    // crypto: {
+    //     secret: 'thisshouldbeabettersecret!',
+    // }
+});
 
-const validateCampground = (req, res, next) => {
-    const { error } = campgroundSchema.validate(req.body)
-    if (error) {
-        const msg = error.details.map(el => el.message).join(',')
-        throw new ExpressError(msg, 400)
-    } else {
-        next();
+store.on("error", function(e) {
+    console.log("SESSION STORE ERROR", e)
+})
+const sessionConfig = {
+    store,
+    name: 'session',
+    secret,
+    resave: false,
+    saveUninitialized: true,
+    cookie: {
+        httpOnly: true,
+        // secure: true
+        expires: Date.now() + 1000 * 60 * 60 * 24 * 7,
+        maxAge: 1000 * 60 * 60 * 24 * 7
     }
 }
+app.use(session(sessionConfig))
+app.use(flash());
+
+// middleware for passport
+app.use(passport.initialize());
+app.use(passport.session());
+// use static authenticate method of model in LocalStrategy
+passport.use(new LocalStrategy(User.authenticate()));
+// use static serialize and deserialize of model for passport session support
+passport.serializeUser(User.serializeUser());
+passport.deserializeUser(User.deserializeUser());
+
+// Flash middleware
+app.use((req, res, next) => {
+    // console.log(req.session);
+    // checking for the current status of user whether user is already logged in or not
+    res.locals.currentUser = req.user;
+    res.locals.success = req.flash('success');
+    res.locals.error = req.flash('error');
+    next();
+})
 
-const validateReview = (req, res, next) => {
-    const { error } = reviewSchema.validate(req.body)
-    if (error) {
-        const msg = error.details.map(el => el.message).join(',')
-        throw new ExpressError(msg, 400)
-    } else {
-        next();
-    }
-}
+// Defining Routes
+app.use('/', userRoutes)
+app.use('/campgrounds', campgroundRoutes)
+app.use('/campgrounds/:id/reviews', reviewRoutes)
 
 app.get('/', (req, res) => {
     res.render('home')
 })
 
-app.get('/campgrounds', CatchAsync(async(req, res) => {
-    const campgrounds = await Campground.find({});
-    res.render('campgrounds/index', { campgrounds })
-}))
-
-// Creating New Campground
-app.get('/campgrounds/new', (req, res) => {
-    res.render('campgrounds/new')
-})
-
-app.post('/campgrounds', validateCampground, CatchAsync(async(req, res, next) => {
-    // if (!req.body.campground) throw new ExpressError('Invalid campground data', 400);
-    const campground = new Campground(req.body.campground)
-    await campground.save();
-    res.redirect(`/campgrounds/${campground._id}`)
-}))
-
-// To show all campgrounds
-app.get('/campgrounds/:id', CatchAsync(async(req, res) => {
-    const campground = await Campground.findById(req.params.id).populate('reviews');
-    // We used .populate method so that review of that particular campground(because of id) can be shown
-    res.render('campgrounds/show', { campground })
-}))
-
-// Update and edit
-app.get('/campgrounds/:id/edit', CatchAsync(async(req, res) => {
-    const campground = await Campground.findById(req.params.id);
-    res.render('campgrounds/edit', { campground })
-}))
-
-app.put('/campgrounds/:id', validateCampground, CatchAsync(async(req, res) => {
-    const { id } = req.params;
-    const campground = await Campground.findByIdAndUpdate(id, req.body.campground);
-    res.redirect(`/campgrounds/${campground._id}`)
-}))
-
-// Delete
-app.delete('/campgrounds/:id', CatchAsync(async(req, res) => {
-    const { id } = req.params;
-    await Campground.findByIdAndDelete(id)
-    res.redirect('/campgrounds');
-}))
-
-// Review Routes
-app.post('/campgrounds/:id/reviews', validateReview, CatchAsync(async(req, res) => {
-    const campground = await Campground.findById(req.params.id);
-    // To instantiate new Review model we need to import the module
-    const review = new Review(req.body.review);
-    // Here req.body.review is what we gave in show.ejs>form>review[rating] and review[body]
-    // Now push the new review into campground.reviews array
-    campground.reviews.push(review);
-    campground.save();
-    review.save();
-    res.redirect(`/campgrounds/${campground._id}`);
-}))
-
-// delete reviews
-app.delete('/campgrounds/:id/reviews/:reviewID', CatchAsync(async(req, res) => {
-    const { id, reviewID } = req.params;
-    // so the problem is our reviewID is assosciated to campgroundId so if we delete using reviewID the whole campground gets deleted.       [13213,123123,141324] suupose this is an array of object ID's adn we wamt to delete the specific ID that belogs to our review id so we will use an poerator in mongo called $pull operator
-    await Campground.findByIdAndUpdate(id, { $pull: { reviews: reviewID } });
-    await Review.findByIdAndDelete(reviewID);
-    res.redirect(`/campgrounds/${id}`);
-}))
-
 // handling errors
 
 app.all('*', (req, res, next) => {

cloudinary/index.js

@@ -0,0 +1,24 @@
+const cloudinary = require('cloudinary').v2;
+const { CloudinaryStorage } = require('multer-storage-cloudinary');
+
+
+// specifying our credentials
+cloudinary.config({
+    cloud_name: process.env.CLOUDINARY_CLOUD_NAME,
+    api_key: process.env.CLOUDINARY_KEY,
+    api_secret: process.env.CLOUDINARY_SECRET
+});
+
+// making the new instance of cloudinary storage and passing cloudinary through multer instead of storing images to our local pc
+const storage = new CloudinaryStorage({
+    cloudinary,
+    params: {
+        folder: 'RateMyCamp',
+        allowedformats: ['jpeg', 'jpg', 'png']
+    }
+});
+
+module.exports = {
+    cloudinary,
+    storage
+}

controllers/campgrounds.js

@@ -0,0 +1,80 @@
+const Campground = require('../models/campground');
+const { cloudinary } = require('../cloudinary');
+const mbxGeocoding = require("@mapbox/mapbox-sdk/services/geocoding");
+const mapBoxToken = process.env.MAPBOX_TOKEN;
+const geocoder = mbxGeocoding({ accessToken: mapBoxToken });
+
+module.exports.index = async(req, res) => {
+    const campgrounds = await Campground.find({})
+    res.render('campgrounds/index', { campgrounds })
+}
+
+module.exports.renderNewForm = (req, res) => {
+    res.render('campgrounds/new');
+}
+
+module.exports.createCampground = async(req, res, next) => {
+    const geoData = await geocoder.forwardGeocode({
+        query: req.body.campground.location,
+        limit: 1
+    }).send()
+    const campground = new Campground(req.body.campground)
+    campground.geometry = geoData.body.features[0].geometry;
+    campground.images = req.files.map(f => ({ url: f.path, filename: f.filename }));
+    campground.author = req.user._id;
+    // here if some new user logs in it will detect its id so that they can upload the campground and author's name will pop up on the show page
+    await campground.save();
+    console.log(campground)
+    req.flash('success', 'Successfully created a new campground!')
+    res.redirect(`/campgrounds/${campground._id}`)
+}
+
+module.exports.showCampground = async(req, res) => {
+    const campground = await Campground.findById(req.params.id).populate({
+        path: 'reviews',
+        populate: {
+            path: 'author'
+        }
+    }).populate('author');
+    console.log(campground);
+    // We used .populate method so that review of that particular campground(because of id) can be shown
+    if (!campground) {
+        req.flash('error', 'Oops :( Cannot find that campground!')
+        return res.redirect('/campgrounds')
+    }
+    res.render('campgrounds/show', { campground })
+}
+
+module.exports.renderEditForm = async(req, res) => {
+    const { id } = req.params;
+    const campground = await Campground.findById(id)
+    if (!campground) {
+        req.flash('error', 'Oops :( Cannot find that campground!')
+        return res.redirect('/campgrounds')
+    }
+    res.render('campgrounds/edit', { campground })
+}
+
+module.exports.updateCampground = async(req, res) => {
+    const { id } = req.params;
+    console.log(req.body);
+    const campground = await Campground.findByIdAndUpdate(id, req.body.campground);
+    const imgs = req.files.map(f => ({ url: f.path, filename: f.filename }));
+    campground.images.push(...imgs);
+    await campground.save();
+    if (req.body.deleteImages) {
+        for (let filename of req.body.deleteImages) {
+            await cloudinary.uploader.destroy(filename);
+        }
+        await campground.updateOne({ $pull: { images: { filename: { $in: req.body.deleteImages } } } })
+    }
+    req.flash('success', 'Successfully updated campground!');
+    res.redirect(`/campgrounds/${campground._id}`);
+}
+
+module.exports.deleteCampground = async(req, res) => {
+    const { id } = req.params;
+    await Campground.findByIdAndDelete(id);
+    req.flash('success', 'Successfully deleted a campground!')
+    res.redirect('/campgrounds');
+}

controllers/reviews.js

@@ -0,0 +1,25 @@
+const Campground = require('../models/campground');
+const Review = require('../models/review');
+
+module.exports.createReview = async(req, res) => {
+    const campground = await Campground.findById(req.params.id);
+    // To instantiate new Review model we need to import the module
+    const review = new Review(req.body.review);
+    // Here req.body.review is what we gave in show.ejs>form>review[rating] and review[body]
+    // Now push the new review into campground.reviews array
+    review.author = req.user._id;
+    campground.reviews.push(review);
+    campground.save();
+    review.save();
+    req.flash('success', 'Successfully created a review!')
+    res.redirect(`/campgrounds/${campground._id}`);
+}
+
+module.exports.deleteReview = async(req, res) => {
+    const { id, reviewID } = req.params;
+    // so the problem is our reviewID is assosciated to campgroundId so if we delete using reviewID the whole campground gets deleted.[13213,123123,141324] suupose this is an array of object ID's and we want to delete the specific ID that belogs to our review id so we will use an operator in mongo called $pull operator
+    await Campground.findByIdAndUpdate(id, { $pull: { reviews: reviewID } });
+    await Review.findByIdAndDelete(reviewID);
+    req.flash('success', 'Successfully deleted a review!')
+    res.redirect(`/campgrounds/${id}`);
+}