## Initializing app.js:

- npm i express
    - express = require('express')
- To work with sessions:
    - npm i express-session
    - session = require('express-session')
- To be able to store sessions in MongoDB:
    - This module exports a single function which takes an instance of connect (or Express) and returns a MongoDBStore class that can be used to store sessions in MongoDB.
    - If you pass in an instance of the express-session module the MongoDBStore class will enable you to store your Express sessions in MongoDB.
    - npm i connect-mongodb-session
    - MongoDBStore = require('connect-mongodb-session)(session)
    - store = new MongoDBStore({uri:..., collection:...})
- For javascript template pages
    - npm i ejs
- npm i nodemon --save-dev
- For csrf protection:
    -  csrf = require('csurf')

## Serving General Static Files:

- Static css and javascript files are standalone requests.
- If we have an html file that links other css/javascript files, a seperate http request will be sent by the browser
- We can use a special middleware which is the **use** method in express that can help us serve these static files without having to create a route for each of them.
- **app.use(express.static('public'));**

## use()

- The use method also handles requests, but unlike get and post, it doesn't care about what kind of request. It will be applied to all requests

- We don't have to specify a path in this method, since it is a general handler function

- General handler functions that apply to more than one type of request are called **middleware functions**

- They are in the middle of express seeing that request and our code handling that request

- **app.use(express.urlencoded({extended: false}));** This middleware is used for requests with incoming data. We have to parse the request data(plain text data) into javascript code. 


## Setting up templating engine:

- the set method allows us to set certain options for the express app
- app.set('views', path.join(__dirname, 'views'))
    - This tells express where we want to store our template files that we want to process with our template engine
    - the first param is reserved name
    - the second param is the path to our views folder. doesn't have to be called views
- app.set('view engine', 'ejs'))
    - This tells express that we want to specify a special view engine for our view files.
    - ejs is the template engine
- we can now use res.render to render a template file
    - you can omit the file extension since render will know that our template files will end in ejs



## MongoDB

- npm i mongodb
- const mongodb = require('mongodb')
- const MongoClient = mongodb.MongoClient
- const client = await MongoClient.connect('mongodb://localhost')
- database = client.db('nameOfCollection')

## Routes

- require express for using express.Router()
- require mongodb (for creating ObjectId)
- require bcrypt (for hashing passwords)
- require database file

## Creating Users (signup POST)

- From the post route, get the user input data from the request.body
- Confirm the email exists, the email and the confirmedEmail are the same, the email contains an @ symbol, the password has a length of atleast 6 (use .trim function) and it exists
- If there is an error, we can add an object to the session. The attribute can be called inputData with an attribute hasError, message, email, confirEmail, and password. Make sure to save the session before redirecting (back to signup) and make sure to return after the save function. 
- If there are no errors, check if a user in the database collection already exists with that email. If a user does already exist, just add an object to the session with a different message and same attributes as above.
- If the email has not been used, hash the given password (use await bcrypt.hash(pwd, 12))
- create a user object and insert into collection
- redirect to login page

## Log in Users (login POST)

- From the request's body, get the input data
- Confirm there is a user with the given email in the users collection
- If there is not, add the inputData object to the session. Same outline as above with the added message to let the user know there was an error with credentials (do not specify it is an email error). Save the session and redirect. Also return from if statement.
- If a user with that email exists, check the given password matches the user password stored in database. Use bcrypt.compare(enteredPwd, user.pwd)
- If the passwords don't match, repeat step where email doesn't exists. Keep the same message.
- If the email and password are confirmed, add a user object to the session. req.session.user = {id: user._id, email: user.email}
- You can also add a flag to the session, like req.session.isAuthenticated = true
- Finally save your session and redirect to a page (blog or admin)


## logout:

- Wrap your logout button in a form

- set the route method to post and action to /logout

- the route definition should set the session user to null, isAuth to false and redirect to home page

## locals:

- use locals to help which navigation items should be shown

- if req.session.user is null or req.session.isAuth is false, dont' show logout and adming page, show only login, signup and home page

- set your locals: res.locals.isAuth = ...

- locals are available for all template pages

- in your header template pages, use if !locals.isAuth to check

## CSRF Token:

- npm i csurf
- middleware: app.use(csrf());
- In each template page that has a form, you should have a hidden input type that expects the csrf token value and the input should have a name "_csrf".
-      <input type="hidden" value="<%= csrfToken %>" name="_csrf">


## Blog Posts:

- 