first commit

Author: ashemag

.DS_Store

@@ -5,7 +5,8 @@ npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 lerna-debug.log*
-
+.env
+*/data
 # Diagnostic reports (https://nodejs.org/api/report.html)
 report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
 

.gitignore

@@ -0,0 +1,17 @@
+import mongoose from "mongoose";
+
+const connectDB = async () => {
+  try {
+    const conn = await mongoose.connect(process.env.MONGO_URI, {
+      useUnifiedTopology: true,
+      useNewUrlParser: true,
+      useCreateIndex: true,
+    });
+    console.log(`MongoDB Connected: ${conn.connection.host}`.cyan.underline);
+  } catch (error) {
+    console.error(`Error: ${error.message}`.red.underline.bold);
+    process.exit(1);
+  }
+};
+
+export default connectDB;

backend/config/db.js

@@ -0,0 +1,168 @@
+import asyncHandler from "express-async-handler";
+import generateToken from "../utils/generateToken.js";
+import User from "../models/userModel.js";
+import { auth as firebaseAuth } from "../firebase.js";
+import dotenv from "dotenv";
+dotenv.config();
+
+// @desc    Auth user & get token
+// @route   POST /api/users/login
+// @access  Public
+const authUser = asyncHandler(async (req, res) => {
+  const { email, password } = req.body;
+
+  try {
+    const {
+      user: { emailVerified },
+    } = await firebaseAuth.signInWithEmailAndPassword(email, password);
+
+    const user = await User.findOne({ email });
+
+    if (user) {
+      res.json({
+        _id: user._id,
+        firstName: user.firstName,
+        lastName: user.lastName,
+        email: user.email,
+        isAdmin: user.isAdmin,
+        token: generateToken(user._id),
+        verified: emailVerified,
+      });
+    } else {
+      res.status(404);
+      throw new Error("User not found");
+    }
+  } catch (e) {
+    res.status(404);
+    var errorMessage = e.message;
+    if (
+      errorMessage ===
+      "The password is invalid or the user does not have a password."
+    ) {
+      errorMessage = "Invalid password";
+    } else if (
+      errorMessage ===
+      "There is no user record corresponding to this identifier. The user may have been deleted."
+    ) {
+      errorMessage = "User not found";
+    }
+    throw new Error(errorMessage);
+  }
+});
+
+// @desc    Resend email notification
+// @route   POST /api/users/login/email-verification
+// @access  Private
+const sendEmailVerification = asyncHandler(async (req, res) => {
+  const { email, password } = req.body;
+  try {
+    const {
+      user: { emailVerified },
+    } = await firebaseAuth.signInWithEmailAndPassword(email, password);
+    await firebaseAuth.currentUser.sendEmailVerification();
+    res.json({ status: "Email verification sent." });
+  } catch (e) {
+    var errorMessage = e.message;
+    if (
+      e.message ===
+      "We have blocked all requests from this device due to unusual activity. Try again later."
+    ) {
+      errorMessage = "Please wait a few minutes and check your inbox.";
+    }
+    console.log(errorMessage);
+    throw new Error(errorMessage);
+  }
+});
+
+// @desc    Resend email notification
+// @route   POST /api/users/login/forget-password
+// @access  Private
+const sendForgetPasswordEmail = asyncHandler(async (req, res) => {
+  const { email } = req.body;
+  try {
+    firebaseAuth.sendPasswordResetEmail(email);
+    res.json({ status: "Password reset email sent." });
+  } catch (e) {
+    var errorMessage = e.message;
+    if (
+      e.message ===
+      "We have blocked all requests from this device due to unusual activity. Try again later."
+    ) {
+      errorMessage = "Please wait a few minutes and check your inbox.";
+    }
+    throw new Error(errorMessage);
+  }
+});
+
+// @desc    Create user
+// @route   POST /api/users
+// @access  Public
+const registerUser = asyncHandler(async (req, res) => {
+  const { firstName, lastName, email, password, isAdmin } = req.body;
+
+  const {
+    user: { emailVerified },
+  } = await firebaseAuth.createUserWithEmailAndPassword(email, password);
+  await firebaseAuth.currentUser.sendEmailVerification();
+
+  const userExists = await User.findOne({ email });
+  if (userExists) {
+    res.status(400);
+    throw new Error("User already exists.");
+  }
+
+  const user = await User.create({
+    firstName,
+    lastName,
+    email,
+    isAdmin: isAdmin || false,
+  });
+
+  if (user) {
+    res.status(201).json({
+      _id: user._id,
+      firstName: user.firstName,
+      lastName: user.lastName,
+      email: user.email,
+      isAdmin: user.isAdmin,
+      verified: emailVerified,
+      token: generateToken(user._id),
+    });
+  } else {
+    res.status(400);
+    throw new Error("Invalid user data");
+  }
+});
+
+// @desc    Get all users
+// @route   GET /api/users
+// @access  Private/Admin
+const getUsers = asyncHandler(async (req, res) => {
+  const users = await User.find({});
+  res.json(users);
+});
+
+// @desc    Delete a user
+// @route   DELETE /api/users/:id
+// @access  Private/Admin
+const deleteUser = asyncHandler(async (req, res) => {
+  const user = await User.findById(req.params.id);
+  // TODO: maybe delete user in firebase
+
+  if (user) {
+    await user.remove();
+    res.json({ message: "User removed" });
+  } else {
+    res.status(404);
+    throw new Error("User not found.");
+  }
+});
+
+export {
+  authUser,
+  registerUser,
+  getUsers,
+  deleteUser,
+  sendEmailVerification,
+  sendForgetPasswordEmail,
+};

backend/controllers/userController.js

@@ -0,0 +1,15 @@
+import firebase from "@firebase/app";
+import "@firebase/auth";
+
+const app = firebase.default.initializeApp({
+  apiKey: process.env.REACT_APP_FIREBASE_API_KEY,
+  authDomain: process.env.REACT_APP_FIREBASE_AUTH_DOMAIN,
+  projectId: process.env.REACT_APP_FIREBASE_PROJECT_ID,
+  storageBucket: process.env.REACT_APP_FIREBASE_STORAGE_BUCKET,
+  messagingSenderId: process.env.REACT_APP_FIREBASE_API_MESSAGING_SENDER_ID,
+  appId: process.env.REACT_APP_FIREBASE_APP_ID,
+  measurementId: process.env.REACT_APP_FIREBASE_MEASUREMENT_ID,
+});
+
+export const auth = app.auth();
+export default app;

backend/firebase.js

@@ -0,0 +1,44 @@
+import jwt from "jsonwebtoken";
+import asyncHandler from "express-async-handler";
+import User from "../models/userModel.js";
+
+// use for all user pages
+const protect = asyncHandler(async (req, res, next) => {
+  let token;
+
+  if (
+    req.headers.authorization &&
+    req.headers.authorization.startsWith("Bearer")
+  ) {
+    try {
+      token = req.headers.authorization.split(" ")[1];
+
+      const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+      req.user = await User.findById(decoded.id).select("-password");
+
+      next();
+    } catch (error) {
+      console.error(error);
+      res.status(401);
+      throw new Error("Not authorized, token failed.");
+    }
+  }
+
+  if (!token) {
+    res.status(401);
+    throw new Error("Not authorized, no token.");
+  }
+});
+
+// use for all admin pages
+const admin = (req, res, next) => {
+  if (req.user && req.user.isAdmin) {
+    next();
+  } else {
+    res.status(401);
+    throw new Error("Not authorized as an admin.");
+  }
+};
+
+export { protect, admin };

backend/middleware/authMiddleware.js

@@ -0,0 +1,15 @@
+const notFound = (req, res, next) => {
+  const error = new Error(`Not Found - ${req.originalUrl}`);
+  next(error);
+};
+
+const errorHandler = (err, req, res, next) => {
+  const statusCode = res.statusCode === 200 ? 500 : res.statusCode;
+  res.status(statusCode);
+  res.json({
+    message: err.message,
+    stack: process.env.NODE_ENV === "production" ? null : err.stack,
+  });
+};
+
+export { notFound, errorHandler };

backend/middleware/errorMiddleware.js

@@ -0,0 +1,16 @@
+import mongoose from "mongoose";
+
+const userSchema = mongoose.Schema(
+  {
+    firstName: { type: String, required: true },
+    lastName: { type: String, required: true },
+    email: { type: String, required: true, unique: true },
+    isAdmin: { type: Boolean, required: true, default: false },
+  },
+  {
+    timestamps: true,
+  }
+);
+
+const User = mongoose.model("User", userSchema);
+export default User;

backend/models/userModel.js

@@ -0,0 +1,20 @@
+import express from "express";
+import {
+  authUser,
+  registerUser,
+  getUsers,
+  deleteUser,
+  sendEmailVerification,
+  sendForgetPasswordEmail,
+} from "../controllers/userController.js";
+import { protect, admin } from "../middleware/authMiddleware.js";
+
+const router = express.Router();
+router.route("/").post(registerUser).get(protect, admin, getUsers);
+router.post("/login", authUser);
+router.post("/login/email-verification", sendEmailVerification);
+router.post("/login/forget-password", sendForgetPasswordEmail);
+
+router.route("/:id").delete(protect, admin, deleteUser);
+
+export default router;

backend/routes/userRoutes.js

@@ -0,0 +1,41 @@
+import mongoose from "mongoose";
+import dotenv from "dotenv";
+import connectDB from "./config/db.js";
+import users from "./data/users.js";
+import User from "./models/userModel.js";
+import colors from "colors";
+
+dotenv.config();
+
+connectDB();
+
+const importData = async () => {
+  try {
+    await User.deleteMany();
+    await User.insertMany(users);
+
+    console.log("Data Imported!".green.inverse);
+    process.exit();
+  } catch (error) {
+    console.log(`${error}`.red.inverse);
+    process.exit(1);
+  }
+};
+
+const destroyData = async () => {
+  try {
+    await User.deleteMany();
+
+    console.log("Data Destroyed!".red.inverse);
+    process.exit();
+  } catch (error) {
+    console.log(`${error}`.red.inverse);
+    process.exit(1);
+  }
+};
+
+if (process.argv[2] === "-d") {
+  destroyData();
+} else {
+  importData();
+}

backend/seeder.js

@@ -0,0 +1,41 @@
+import express from "express";
+import dotenv from "dotenv";
+import connectDB from "./config/db.js";
+import { notFound, errorHandler } from "./middleware/errorMiddleware.js";
+import colors from "colors";
+import userRoutes from "./routes/userRoutes.js";
+
+/////////////// setup ///////////////
+
+//env variables
+dotenv.config();
+//mongo db connect
+connectDB();
+/////////////// setup ///////////////
+
+/////////////// api ///////////////
+const app = express();
+//lets us accept json in body
+app.use(express.json());
+
+// return something for main API route - for dev http://localhost:5000/
+app.get("/", (req, res) => {
+  res.send(`API running...`);
+});
+//routes
+app.use("/api/users", userRoutes);
+
+//400
+app.use(notFound);
+// 500
+app.use(errorHandler);
+
+const PORT = process.env.PORT || 5000;
+
+app.listen(
+  PORT,
+  console.log(
+    `Server running in ${process.env.NODE_ENV} mode on port ${PORT}`.yellow.bold
+  )
+);
+/////////////// api ///////////////