forked from rahuld7219/CampMe
-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.js
67 lines (58 loc) · 2.34 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
/* ___________________________________________HELPER MIDDLEWARES_____________________________________________ */
const Campground = require('./models/Campground');
const Review = require('./models/Review');
const ExpressError = require('./utils/expressError');
const { campgroundSchema, reviewSchema } = require('./schemas');
// middleware to validate the campground data
module.exports.validateCampground = (req, res, next) => {
// validating the req.body data using the joi schema
const { error } = campgroundSchema.validate(req.body);
// throwing error in express if there is data validation error
if (error) {
const msg = error.details.map(el => el.message).join(',');
throw new ExpressError(msg, 400);
} else {
next();
}
};
// middleware to validate the review data
module.exports.validateReview = (req, res, next) => {
// validating the req.body data using the joi schema
const { error } = reviewSchema.validate(req.body);
if (error) {
const msg = error.details.map(el => el.message).join(',');
throw new ExpressError(msg, 400)
} else {
next();
}
};
// to check if a user logged in
// we use isAuthenticated() method provided by passport in req object,
module.exports.isLoggedIn = (req, res, next) => {
if (!req.isAuthenticated()) { // if user not logged in
req.flash('error', 'You must be signed in first!');
return res.redirect('/login');
}
next();
};
// middleware to check for Authorization to modify a campground
module.exports.isAuthor = async (req, res, next) => {
const { id } = req.params;
const campground = await Campground.findById(id);
if (!campground.author.equals(req.user._id)) {
req.flash('error', "You are not authorized to do that!");
return res.redirect(`/campgrounds/${id}`);
}
next();
};
// middleware to check for Authorization to modify a review
module.exports.isReviewAuthor = async (req, res, next) => {
const { id, reviewId } = req.params;
const review = await Review.findById(reviewId);
// if current logged in user is the author of the review he/she wants too modify, (req.user added by passport)
if (!review.author.equals(req.user._id)) {
req.flash('error', 'You are not authorized to do that!');
return res.redirect(`/campgrounds/${id}`);
}
next();
};