Added lesson 13

Author: gitdagray

README.md

@@ -65,6 +65,7 @@
 - 🔗 [Redux Toolkit](https://redux-toolkit.js.org/)
 - 🔗 [FontAwesome Icons](https://fontawesome.com/docs/web/use-with/react/)
 - 🔗 [React Spinners](https://www.npmjs.com/package/react-spinners)
+- 🔗 [@fvilers/disable-react-devtools](https://www.npmjs.com/package/@fvilers/disable-react-devtools)
 
 ### 📚 Other Node.js REST API Dependencies
 - 🔗 [date-fns](https://www.npmjs.com/package/date-fns)
@@ -102,3 +103,5 @@
 - 🔗 [Chapter 11 - MERN User Role-Based Access Control and Permissions](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_11-frontend)
 - 🔗 [Chapter 12 - Pt. 1 - MERN Review & Refactor - Backend Code](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_12-backend)
 - 🔗 [Chapter 12 - Pt. 2 - MERN Review & Refactor - Frontend Code](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_12-frontend)
+- 🔗 [Chapter 13 - Pt. 1 - MERN Deployment - Frontend Code](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_13-frontend)
+- 🔗 [Chapter 13 - Pt. 2 - MERN Deployment - Backend Code](https://github.com/gitdagray/mern_stack_course/tree/main/lesson_13-backend)

lesson_13-backend/.gitignore

@@ -0,0 +1,3 @@
+node_modules
+logs
+.env

lesson_13-backend/UserStories.md

@@ -0,0 +1,22 @@
+# User Stories for techNotes
+
+1. [ ] Replace current sticky note system
+2. [ ] Add a public facing page with basic contact info 
+3. [ ] Add an employee login to the notes app 
+4. [ ] Provide a welcome page after login 
+5. [ ] Provide easy navigation
+6. [ ] Display current user and assigned role 
+7. [ ] Provide a logout option 
+8. [ ] Require users to login at least once per week
+9. [ ] Provide a way to remove user access asap if needed 
+10. [ ] Notes are assigned to specific users 
+11. [ ] Notes have a ticket #, title, note body, created & updated dates
+12. [ ] Notes are either OPEN or COMPLETED 
+13. [ ] Users can be Employees, Managers, or Admins 
+14. [ ] Notes can only be deleted by Managers or Admins 
+15. [ ] Anyone can create a note (when customer checks-in)
+16. [ ] Employees can only view and edit their assigned notes  
+17. [ ] Managers and Admins can view, edit, and delete all notes 
+18. [ ] Only Managers and Admins can access User Settings 
+19. [ ] Only Managers and Admins can create new users 
+20. [ ] Desktop mode is most important but should be available in mobile 

lesson_13-backend/config/allowedOrigins.js

@@ -0,0 +1,5 @@
+const allowedOrigins = [
+    'https://technotes.onrender.com'
+]
+
+module.exports = allowedOrigins

lesson_13-backend/config/corsOptions.js

@@ -0,0 +1,15 @@
+const allowedOrigins = require('./allowedOrigins')
+
+const corsOptions = {
+    origin: (origin, callback) => {
+        if (allowedOrigins.indexOf(origin) !== -1 || !origin) {
+            callback(null, true)
+        } else {
+            callback(new Error('Not allowed by CORS'))
+        }
+    },
+    credentials: true,
+    optionsSuccessStatus: 200
+}
+
+module.exports = corsOptions 

lesson_13-backend/config/dbConn.js

@@ -0,0 +1,11 @@
+const mongoose = require('mongoose')
+
+const connectDB = async () => {
+    try {
+        await mongoose.connect(process.env.DATABASE_URI)
+    } catch (err) {
+        console.log(err)
+    }
+}
+
+module.exports = connectDB

lesson_13-backend/controllers/authController.js

@@ -0,0 +1,104 @@
+const User = require('../models/User')
+const bcrypt = require('bcrypt')
+const jwt = require('jsonwebtoken')
+
+// @desc Login
+// @route POST /auth
+// @access Public
+const login = async (req, res) => {
+    const { username, password } = req.body
+
+    if (!username || !password) {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    const foundUser = await User.findOne({ username }).exec()
+
+    if (!foundUser || !foundUser.active) {
+        return res.status(401).json({ message: 'Unauthorized' })
+    }
+
+    const match = await bcrypt.compare(password, foundUser.password)
+
+    if (!match) return res.status(401).json({ message: 'Unauthorized' })
+
+    const accessToken = jwt.sign(
+        {
+            "UserInfo": {
+                "username": foundUser.username,
+                "roles": foundUser.roles
+            }
+        },
+        process.env.ACCESS_TOKEN_SECRET,
+        { expiresIn: '15m' }
+    )
+
+    const refreshToken = jwt.sign(
+        { "username": foundUser.username },
+        process.env.REFRESH_TOKEN_SECRET,
+        { expiresIn: '7d' }
+    )
+
+    // Create secure cookie with refresh token 
+    res.cookie('jwt', refreshToken, {
+        httpOnly: true, //accessible only by web server 
+        secure: true, //https
+        sameSite: 'None', //cross-site cookie 
+        maxAge: 7 * 24 * 60 * 60 * 1000 //cookie expiry: set to match rT
+    })
+
+    // Send accessToken containing username and roles 
+    res.json({ accessToken })
+}
+
+// @desc Refresh
+// @route GET /auth/refresh
+// @access Public - because access token has expired
+const refresh = (req, res) => {
+    const cookies = req.cookies
+
+    if (!cookies?.jwt) return res.status(401).json({ message: 'Unauthorized' })
+
+    const refreshToken = cookies.jwt
+
+    jwt.verify(
+        refreshToken,
+        process.env.REFRESH_TOKEN_SECRET,
+        async (err, decoded) => {
+            if (err) return res.status(403).json({ message: 'Forbidden' })
+
+            const foundUser = await User.findOne({ username: decoded.username }).exec()
+
+            if (!foundUser) return res.status(401).json({ message: 'Unauthorized' })
+
+            const accessToken = jwt.sign(
+                {
+                    "UserInfo": {
+                        "username": foundUser.username,
+                        "roles": foundUser.roles
+                    }
+                },
+                process.env.ACCESS_TOKEN_SECRET,
+                { expiresIn: '15m' }
+            )
+
+            res.json({ accessToken })
+        }
+    )
+}
+
+// @desc Logout
+// @route POST /auth/logout
+// @access Public - just to clear cookie if exists
+const logout = (req, res) => {
+    const cookies = req.cookies
+    if (!cookies?.jwt) return res.sendStatus(204) //No content
+    res.clearCookie('jwt', { httpOnly: true, sameSite: 'None', secure: true })
+    res.json({ message: 'Cookie cleared' })
+}
+
+module.exports = {
+    login,
+    refresh,
+    logout
+}

lesson_13-backend/controllers/notesController.js

@@ -0,0 +1,122 @@
+const Note = require('../models/Note')
+const User = require('../models/User')
+
+// @desc Get all notes 
+// @route GET /notes
+// @access Private
+const getAllNotes = async (req, res) => {
+    // Get all notes from MongoDB
+    const notes = await Note.find().lean()
+
+    // If no notes 
+    if (!notes?.length) {
+        return res.status(400).json({ message: 'No notes found' })
+    }
+
+    // Add username to each note before sending the response 
+    // See Promise.all with map() here: https://youtu.be/4lqJBBEpjRE 
+    // You could also do this with a for...of loop
+    const notesWithUser = await Promise.all(notes.map(async (note) => {
+        const user = await User.findById(note.user).lean().exec()
+        return { ...note, username: user.username }
+    }))
+
+    res.json(notesWithUser)
+}
+
+// @desc Create new note
+// @route POST /notes
+// @access Private
+const createNewNote = async (req, res) => {
+    const { user, title, text } = req.body
+
+    // Confirm data
+    if (!user || !title || !text) {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    // Check for duplicate title
+    const duplicate = await Note.findOne({ title }).collation({ locale: 'en', strength: 2 }).lean().exec()
+
+    if (duplicate) {
+        return res.status(409).json({ message: 'Duplicate note title' })
+    }
+
+    // Create and store the new user 
+    const note = await Note.create({ user, title, text })
+
+    if (note) { // Created 
+        return res.status(201).json({ message: 'New note created' })
+    } else {
+        return res.status(400).json({ message: 'Invalid note data received' })
+    }
+
+}
+
+// @desc Update a note
+// @route PATCH /notes
+// @access Private
+const updateNote = async (req, res) => {
+    const { id, user, title, text, completed } = req.body
+
+    // Confirm data
+    if (!id || !user || !title || !text || typeof completed !== 'boolean') {
+        return res.status(400).json({ message: 'All fields are required' })
+    }
+
+    // Confirm note exists to update
+    const note = await Note.findById(id).exec()
+
+    if (!note) {
+        return res.status(400).json({ message: 'Note not found' })
+    }
+
+    // Check for duplicate title
+    const duplicate = await Note.findOne({ title }).collation({ locale: 'en', strength: 2 }).lean().exec()
+
+    // Allow renaming of the original note 
+    if (duplicate && duplicate?._id.toString() !== id) {
+        return res.status(409).json({ message: 'Duplicate note title' })
+    }
+
+    note.user = user
+    note.title = title
+    note.text = text
+    note.completed = completed
+
+    const updatedNote = await note.save()
+
+    res.json(`'${updatedNote.title}' updated`)
+}
+
+// @desc Delete a note
+// @route DELETE /notes
+// @access Private
+const deleteNote = async (req, res) => {
+    const { id } = req.body
+
+    // Confirm data
+    if (!id) {
+        return res.status(400).json({ message: 'Note ID required' })
+    }
+
+    // Confirm note exists to delete 
+    const note = await Note.findById(id).exec()
+
+    if (!note) {
+        return res.status(400).json({ message: 'Note not found' })
+    }
+
+    const result = await note.deleteOne()
+
+    const reply = `Note '${result.title}' with ID ${result._id} deleted`
+
+    res.json(reply)
+}
+
+module.exports = {
+    getAllNotes,
+    createNewNote,
+    updateNote,
+    deleteNote
+}