-
Notifications
You must be signed in to change notification settings - Fork 0
/
middleware.js
82 lines (64 loc) · 3.13 KB
/
middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
const Listing = require("./models/listing.js");
const Review = require("./models/review.js");
const ExpressError = require("./utils/ExpressError.js"); // For throwing custom express error
const { listingSchema, reviewSchema } = require("./schema.js"); // Requiring schema.js vor validate the schema with Joi
// Middleware for check if the user is loged in or not
module.exports.isLoggedIn = (req, res, next) => {
if(!req.isAuthenticated()){ // Check if the user logged in or not before creating new listing with the help of 'isAuthenticated()' inbuilt method by passport, if not flash a error message and redirect to /listing page
req.session.redirectUrl = req.originalUrl; // Store the originalUrl from req object where the user try to go before redirect in login page. Store with a new parameter(redirectUrl) inside req's session object
req.flash("error", "You must be Logged in to Create Listing!");
return res.redirect("/login");
};
next();
};
// After loged in Passport automatically reset the session object because of new user session. For this we never access the redirectUrl that save above. to prevent this need to store it inside 'res. locals' in different middleware
module.exports.saveRedirectUrl = (req, res, next) => {
if(req.session.redirectUrl){
res.locals.redirectUrl = req.session.redirectUrl;
};
next();
};
// Middleware for authorization
module.exports.isOwner = async(req, res, next) => {
let { id } = req.params;
let listing = await Listing.findById(id);
if(!listing.owner._id.equals(res.locals.currUser._id)){
req.flash("error", "You are not the owner of this listing!");
return res.redirect(`/listings/${id}`);
};
next();
};
// Middleware for Review authorization
module.exports.isReviewAuthor = async(req, res, next) => {
let { id, reviewId } = req.params;
let review = await Review.findById(reviewId);
if(!review.author._id.equals(res.locals.currUser._id)){
req.flash("error", "You are not the author of this review!");
return res.redirect(`/listings/${id}`);
};
next();
};
// Validation for listing schema using a middleware function
module.exports.validateListing = (req, res, next) => {
let {error} = listingSchema.validate(req.body); // check that the data inside the req.body is valid according to schema that defined using Joi
// console.log(result);
if (error) {
let errMsg = error.details.map((el) => el.message).join(", "); // If there is additional message for every element from 'error.details' hen join them by ',' and pass as a error message
// If there is a Error occured because of Joi validation then it throw it's error message along with 400 status code
throw new ExpressError(400, errMsg);
}
else{
next();
};
};
// Validation for review schema using a middleware function
module.exports.validateReview = (req, res, next) => {
let {error} = reviewSchema.validate(req.body);
if (error) {
let errMsg = error.details.map((el) => el.message).join(", ");
throw new ExpressError(400, errMsg);
}
else{
next();
};
};