srummanf · hariketsheth · Aug 26, 2023 · Aug 26, 2023 · Aug 26, 2023 · Aug 26, 2023
diff --git a/.gitignore b/.gitignore
@@ -128,6 +128,7 @@ dist
 .yarn/build-state.yml
 .yarn/install-state.gz
 .pnp.*
+yarn.lock
 
 # Personal Folder
 personal/
diff --git a/app.js b/app.js
@@ -1,43 +1,90 @@
-require('dotenv').config();
+require("dotenv").config();
 
-const express = require('express');
-const expressLayouts = require('express-ejs-layouts');
-const cookieParser = require('cookie-parser');
-const session = require('express-session');
-const MongoStore = require('connect-mongo');
+const express = require("express");
+const expressLayouts = require("express-ejs-layouts");
+const cookieParser = require("cookie-parser");
+const session = require("express-session");
+const MongoStore = require("connect-mongo");
+const passport = require("passport");
+const LocalStrategy = require("passport-local").Strategy;
+const bcrypt = require("bcrypt");
 
-const connectDB = require('./server/config/db.js');
+const connectDB = require("./server/config/db.js");
 
 const app = express();
 const port = 5000 || process.env.PORT;
 
+// User Model (replace with actual user Model created)
+const User = require("./server/models/User");
+
 app.use(express.urlencoded({ extended: true }));
 app.use(express.json()); //allows to use form values
 app.use(cookieParser());
 
 // Connect to MongoDB
 connectDB();
 
-app.use(express.static('public'));
+app.use(express.static("public"));
 
-app.use(session({
-    secret: 'keyboard cat',
+app.use(
+  session({
+    secret: "keyboard cat",
     resave: false,
     saveUninitialized: true,
     store: MongoStore.create({
-        mongoUrl: process.env.MONGODB_URI
+      mongoUrl: process.env.MONGODB_URI,
     }),
-    //cookie: { maxAge: new Date ( Date.now() + (3600000) ) } 
-}));
+    //cookie: { maxAge: new Date ( Date.now() + (3600000) ) }
+  })
+);
 
 // Templating engine
 app.use(expressLayouts);
-app.set('layout', './layouts/main');
-app.set('view engine', 'ejs');
+app.set("layout", "./layouts/main");
+app.set("view engine", "ejs");
+
+// Passport Configuration
+passport.use(
+  new LocalStrategy(
+    { usernameField: "email" },
+    async (email, password, done) => {
+      try {
+        const user = await User.findOne({ email });
+
+        if (!user) {
+          return done(null, false, { message: "Incorrect email or password" });
+        }
+
+        const isMatch = await bcrypt.compare(password, user.password);
+        if (isMatch) {
+          return done(null, user);
+        } else {
+          return done(null, false, { message: "Incorrect email or password" });
+        }
+      } catch (err) {
+        return done(err);
+      }
+    }
+  )
+);
+
+passport.serializeUser((user, done) => {
+  done(null, user.id);
+});
+
+passport.deserializeUser(async (id, done) => {
+  try {
+    const user = await User.findById(id);
+    done(null, user);
+  } catch (err) {
+    done(err);
+  }
+});
+
 
-app.use('/', require('./server/routes/main'))
-app.use('/', require('./server/routes/admin'))
+app.use("/", require("./server/routes/main"));
+app.use("/", require("./server/routes/admin"));
 
 app.listen(port, (req, res) => {
-    console.log(`Server is running on port ${port}`);
+  console.log(`Server is running on port ${port}`);
 });
diff --git a/server/routes/admin.js b/server/routes/admin.js
@@ -4,6 +4,7 @@ const Post = require('../models/Post');
 const User = require('../models/User');
 const bcrypt = require('bcrypt');
 const jwt = require('jsonwebtoken');
+const { body, validationResult } = require('express-validator');
 
 const adminLayout = '../views/layouts/admin';
 const jwtSecret = process.env.JWT_SECRET;
@@ -13,22 +14,38 @@ const jwtSecret = process.env.JWT_SECRET;
  * POST /
  * Admin - Register
 */
-router.post('/register', async (req, res) => {
+router.post('/register', [
+    // Validate username
+    body('username')
+        .notEmpty().withMessage('Username is required')
+        .isLength({ min: 4 }).withMessage('Username must be at least 4 characters'),
+
+    // Validate password
+    body('password')
+        .notEmpty().withMessage('Password is required')
+        .isLength({ min: 6 }).withMessage('Password must be at least 6 characters')
+], async (req, res) => {
     try {
+        const errors = validationResult(req);
+        if (!errors.isEmpty()) {
+            return res.status(400).json({ errors: errors.array() });
+        }
+
         const { username, password } = req.body;
         const hashedPassword = await bcrypt.hash(password, 10);
+
         try {
             const user = await User.create({ username, password: hashedPassword });
             res.status(201).json({ message: 'User Created', user });
         } catch (error) {
             if (error.code === 11000) {
-                res.status(409).json({ message: 'User already in use' });
+                return res.status(409).json({ message: 'User already in use' });
             }
-            res.status(500).json({ message: 'Internal server error' })
+            res.status(500).json({ message: 'Internal server error' });
         }
-
     } catch (error) {
         console.log(error);
+        res.status(500).json({ message: 'Internal server error' });
     }
 });
 
@@ -100,6 +117,47 @@ router.post('/admin', async (req, res) => {
     }
 });
 
+/**
+ * PUT /
+ * User - Update Profile
+ */
+router.put('/update-profile', [
+    authMiddleware, // Authenticate the user
+    body('password')
+        .optional()
+        .isLength({ min: 6 }).withMessage('New password must be at least 6 characters')
+], async (req, res) => {
+    try {
+        const errors = validationResult(req);
+        if (!errors.isEmpty()) {
+            return res.status(400).json({ errors: errors.array() });
+        }
+
+        const userId = req.userId;
+        const { password } = req.body;
+
+        try {
+            const user = await User.findById(userId);
+            if (!user) {
+                return res.status(404).json({ message: 'User not found' });
+            }
+
+            if (password) {
+                const hashedPassword = await bcrypt.hash(password, 10);
+                user.password = hashedPassword;
+            }
+
+            await user.save();
+            res.status(200).json({ message: 'Profile updated successfully' });
+        } catch (error) {
+            console.log(error);
+            res.status(500).json({ message: 'Internal server error' });
+        }
+    } catch (error) {
+        console.log(error);
+        res.status(500).json({ message: 'Internal server error' });
+    }
+});
 
 // Post request`
 router.post('/admin', async (req, res) => {