Added lesson 4

Author: gitdagray

README.md

@@ -67,6 +67,8 @@
 - 🔗 [dotenv](https://www.npmjs.com/package/dotenv)
 - 🔗 [MongooseJS](https://mongoosejs.com/)
 - 🔗 [mongoose-sequence](https://www.npmjs.com/package/mongoose-sequence)
+- 🔗 [express-async-handler](https://www.npmjs.com/package/express-async-handler)
+- 🔗 [bcrypt](https://www.npmjs.com/package/bcrypt)
 
 ### ⚙ VS Code Extensions I Use:
 
@@ -81,3 +83,4 @@
 - 🔗 [Chapter 1 - Intro to MERN](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_01)
 - 🔗 [Chapter 2 - MERN Middleware](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_02)
 - 🔗 [Chapter 3 - MERN MongoDB](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_03)
+- 🔗 [Chapter 4 - MERN Controllers](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_04)

lesson_04/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+logs
+.env

lesson_04/UserStories.md

@@ -0,0 +1,22 @@
+# User Stories for techNotes
+
+1. [ ] Replace current sticky note system
+2. [ ] Add a public facing page with basic contact info 
+3. [ ] Add an employee login to the notes app 
+4. [ ] Provide a welcome page after login 
+5. [ ] Provide easy navigation
+6. [ ] Display current user and assigned role 
+7. [ ] Provide a logout option 
+8. [ ] Require users to login at least once per week
+9. [ ] Provide a way to remove user access asap if needed 
+10. [ ] Notes are assigned to specific users 
+11. [ ] Notes have a ticket #, title, note body, created & updated dates
+12. [ ] Notes are either OPEN or COMPLETED 
+13. [ ] Users can be Employees, Managers, or Admins 
+14. [ ] Notes can only be deleted by Managers or Admins 
+15. [ ] Anyone can create a note (when customer checks-in)
+16. [ ] Employees can only view and edit their assigned notes  
+17. [ ] Managers and Admins can view, edit, and delete all notes 
+18. [ ] Only Managers and Admins can access User Settings 
+19. [ ] Only Managers and Admins can create new users 
+20. [ ] Desktop mode is most important but should be available in mobile 

lesson_04/config/allowedOrigins.js

@@ -0,0 +1,7 @@
+const allowedOrigins = [
+    'http://localhost:3000',
+    'https://www.dandrepairshop.com',
+    'https://dandrepairshop.com'
+]
+
+module.exports = allowedOrigins

lesson_04/config/corsOptions.js

@@ -0,0 +1,15 @@
+const allowedOrigins = require('./allowedOrigins')
+
+const corsOptions = {
+    origin: (origin, callback) => {
+        if (allowedOrigins.indexOf(origin) !== -1 || !origin) {
+            callback(null, true)
+        } else {
+            callback(new Error('Not allowed by CORS'))
+        }
+    },
+    credentials: true,
+    optionsSuccessStatus: 200
+}
+
+module.exports = corsOptions 

lesson_04/config/dbConn.js

@@ -0,0 +1,11 @@
+const mongoose = require('mongoose')
+
+const connectDB = async () => {
+    try {
+        await mongoose.connect(process.env.DATABASE_URI)
+    } catch (err) {
+        console.log(err)
+    }
+}
+
+module.exports = connectDB

lesson_04/controllers/notesController.js

@@ -0,0 +1,123 @@
+const Note = require('../models/Note')
+const User = require('../models/User')
+const asyncHandler = require('express-async-handler')
+
+// @desc Get all notes 
+// @route GET /notes
+// @access Private
+const getAllNotes = asyncHandler(async (req, res) => {
+    // Get all notes from MongoDB
+    const notes = await Note.find().lean()
+
+    // If no notes 
+    if (!notes?.length) {
+        return res.status(400).json({ message: 'No notes found' })
+    }
+
+    // Add username to each note before sending the response 
+    // See Promise.all with map() here: https://youtu.be/4lqJBBEpjRE 
+    // You could also do this with a for...of loop
+    const notesWithUser = await Promise.all(notes.map(async (note) => {
+        const user = await User.findById(note.user).lean().exec()
+        return { ...note, username: user.username }
+    }))
+
+    res.json(notesWithUser)
+})
+
+// @desc Create new note
+// @route POST /notes
+// @access Private
+const createNewNote = asyncHandler(async (req, res) => {
+    const { user, title, text } = req.body
+
+    // Confirm data
+    if (!user || !title || !text) {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    // Check for duplicate title
+    const duplicate = await Note.findOne({ title }).lean().exec()
+
+    if (duplicate) {
+        return res.status(409).json({ message: 'Duplicate note title' })
+    }
+
+    // Create and store the new user 
+    const note = await Note.create({ user, title, text })
+
+    if (note) { // Created 
+        return res.status(201).json({ message: 'New note created' })
+    } else {
+        return res.status(400).json({ message: 'Invalid note data received' })
+    }
+
+})
+
+// @desc Update a note
+// @route PATCH /notes
+// @access Private
+const updateNote = asyncHandler(async (req, res) => {
+    const { id, user, title, text, completed } = req.body
+
+    // Confirm data
+    if (!id || !user || !title || !text || typeof completed !== 'boolean') {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    // Confirm note exists to update
+    const note = await Note.findById(id).exec()
+
+    if (!note) {
+        return res.status(400).json({ message: 'Note not found' })
+    }
+
+    // Check for duplicate title
+    const duplicate = await Note.findOne({ title }).lean().exec()
+
+    // Allow renaming of the original note 
+    if (duplicate && duplicate?._id.toString() !== id) {
+        return res.status(409).json({ message: 'Duplicate note title' })
+    }
+
+    note.user = user
+    note.title = title
+    note.text = text
+    note.completed = completed
+
+    const updatedNote = await note.save()
+
+    res.json(`'${updatedNote.title}' updated`)
+})
+
+// @desc Delete a note
+// @route DELETE /notes
+// @access Private
+const deleteNote = asyncHandler(async (req, res) => {
+    const { id } = req.body
+
+    // Confirm data
+    if (!id) {
+        return res.status(400).json({ message: 'Note ID required' })
+    }
+
+    // Confirm note exists to delete 
+    const note = await Note.findById(id).exec()
+
+    if (!note) {
+        return res.status(400).json({ message: 'Note not found' })
+    }
+
+    const result = await note.deleteOne()
+
+    const reply = `Note '${result.title}' with ID ${result._id} deleted`
+
+    res.json(reply)
+})
+
+module.exports = {
+    getAllNotes,
+    createNewNote,
+    updateNote,
+    deleteNote
+}

lesson_04/controllers/usersController.js

@@ -0,0 +1,130 @@
+const User = require('../models/User')
+const Note = require('../models/Note')
+const asyncHandler = require('express-async-handler')
+const bcrypt = require('bcrypt')
+
+// @desc Get all users
+// @route GET /users
+// @access Private
+const getAllUsers = asyncHandler(async (req, res) => {
+    // Get all users from MongoDB
+    const users = await User.find().select('-password').lean()
+
+    // If no users 
+    if (!users?.length) {
+        return res.status(400).json({ message: 'No users found' })
+    }
+
+    res.json(users)
+})
+
+// @desc Create new user
+// @route POST /users
+// @access Private
+const createNewUser = asyncHandler(async (req, res) => {
+    const { username, password, roles } = req.body
+
+    // Confirm data
+    if (!username || !password || !Array.isArray(roles) || !roles.length) {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    // Check for duplicate username
+    const duplicate = await User.findOne({ username }).lean().exec()
+
+    if (duplicate) {
+        return res.status(409).json({ message: 'Duplicate username' })
+    }
+
+    // Hash password 
+    const hashedPwd = await bcrypt.hash(password, 10) // salt rounds
+
+    const userObject = { username, "password": hashedPwd, roles }
+
+    // Create and store new user 
+    const user = await User.create(userObject)
+
+    if (user) { //created 
+        res.status(201).json({ message: `New user ${username} created` })
+    } else {
+        res.status(400).json({ message: 'Invalid user data received' })
+    }
+})
+
+// @desc Update a user
+// @route PATCH /users
+// @access Private
+const updateUser = asyncHandler(async (req, res) => {
+    const { id, username, roles, active, password } = req.body
+
+    // Confirm data 
+    if (!id || !username || !Array.isArray(roles) || !roles.length || typeof active !== 'boolean') {
+        return res.status(400).json({ message: 'All fields except password are required' })
+    }
+
+    // Does the user exist to update?
+    const user = await User.findById(id).exec()
+
+    if (!user) {
+        return res.status(400).json({ message: 'User not found' })
+    }
+
+    // Check for duplicate 
+    const duplicate = await User.findOne({ username }).lean().exec()
+
+    // Allow updates to the original user 
+    if (duplicate && duplicate?._id.toString() !== id) {
+        return res.status(409).json({ message: 'Duplicate username' })
+    }
+
+    user.username = username
+    user.roles = roles
+    user.active = active
+
+    if (password) {
+        // Hash password 
+        user.password = await bcrypt.hash(password, 10) // salt rounds 
+    }
+
+    const updatedUser = await user.save()
+
+    res.json({ message: `${updatedUser.username} updated` })
+})
+
+// @desc Delete a user
+// @route DELETE /users
+// @access Private
+const deleteUser = asyncHandler(async (req, res) => {
+    const { id } = req.body
+
+    // Confirm data
+    if (!id) {
+        return res.status(400).json({ message: 'User ID Required' })
+    }
+
+    // Does the user still have assigned notes?
+    const note = await Note.findOne({ user: id }).lean().exec()
+    if (note) {
+        return res.status(400).json({ message: 'User has assigned notes' })
+    }
+
+    // Does the user exist to delete?
+    const user = await User.findById(id).exec()
+
+    if (!user) {
+        return res.status(400).json({ message: 'User not found' })
+    }
+
+    const result = await user.deleteOne()
+
+    const reply = `Username ${result.username} with ID ${result._id} deleted`
+
+    res.json(reply)
+})
+
+module.exports = {
+    getAllUsers,
+    createNewUser,
+    updateUser,
+    deleteUser
+}

lesson_04/middleware/errorHandler.js

@@ -0,0 +1,14 @@
+const { logEvents } = require('./logger')
+
+const errorHandler = (err, req, res, next) => {
+    logEvents(`${err.name}: ${err.message}\t${req.method}\t${req.url}\t${req.headers.origin}`, 'errLog.log')
+    console.log(err.stack)
+
+    const status = res.statusCode ? res.statusCode : 500 // server error 
+
+    res.status(status)
+
+    res.json({ message: err.message })
+}
+
+module.exports = errorHandler 

lesson_04/middleware/logger.js

@@ -0,0 +1,27 @@
+const { format } = require('date-fns')
+const { v4: uuid } = require('uuid')
+const fs = require('fs')
+const fsPromises = require('fs').promises
+const path = require('path')
+
+const logEvents = async (message, logFileName) => {
+    const dateTime = format(new Date(), 'yyyyMMdd\tHH:mm:ss')
+    const logItem = `${dateTime}\t${uuid()}\t${message}\n`
+
+    try {
+        if (!fs.existsSync(path.join(__dirname, '..', 'logs'))) {
+            await fsPromises.mkdir(path.join(__dirname, '..', 'logs'))
+        }
+        await fsPromises.appendFile(path.join(__dirname, '..', 'logs', logFileName), logItem)
+    } catch (err) {
+        console.log(err)
+    }
+}
+
+const logger = (req, res, next) => {
+    logEvents(`${req.method}\t${req.url}\t${req.headers.origin}`, 'reqLog.log')
+    console.log(`${req.method} ${req.path}`)
+    next()
+}
+
+module.exports = { logEvents, logger }