Campgrounds/middleware.js at master · AlexOneUp/Campgrounds · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
const { campgroundSchema } = require('./validationSchemas');
const { reviewSchema } = require('./validationSchemas');
const ExpressError = require('./utils/ExpressError');
const Campground = require('./models/campgrounds');
const Review = require('./models/review');


module.exports.isLoggedIn = (req, res, next) => {

    if (!req.isAuthenticated()) {
        // store url requested and redirect them after registered or login
        // console.log(req.path,req.originalUrl)
        req.session.returnTo = req.originalUrl;
        req.flash('error', 'You must be signed in');
        return res.redirect('/login');
    }
    next();
}
// Validation Middleware to check if campground edits and posts are valid in the form Server-Side
module.exports.validateCampground = (req, res, next) => {
    const { error } = campgroundSchema.validate(req.body);
    if (error) {
        const msg = error.details.map(element => element.message).join(',');
        throw new ExpressError(msg, 400);
    } else {
        next();
    }

}

/**
 *  This async function checks for
 *  if a user trying to do some action is the AUTHOR of this campground
 */
module.exports.isAuthor = async (req, res, next) => {
    const { id } = req.params;
    const campground = await Campground.findById(id);
    if (!campground.author.equals(req.user._id)) {
        req.flash('error', "You don't have permission to do this");
        return res.redirect(`/campgrounds/${id}`);
    }
    next();
}

// Validation Middleware to check if a review is valid in the form Server-Side
module.exports.validateReview = (req, res, next) => {
    const { error } = reviewSchema.validate(req.body);
    if (error) {
        const msg = error.details.map(element => element.message).join(',');
        throw new ExpressError(msg, 400);
    } else {
        next();
    }
}

// Validation Middleware to check if a review's author is the author in the DB
module.exports.isReviewAuthor = async (req, res, next) => {
    const { id, reviewId } = req.params;
    const review = await Review.findById(reviewId);
    if (!review.author.equals(req.user._id)) {
        req.flash('error', "You don't have permission to do this");
        return res.redirect(`/campgrounds/${id}`);
    }
    next();
}