jonaszbigda/menui_backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

changes overanges

Browse Source
This commit is contained in:
Jonasz Bigda
2021-01-29 15:27:08 +01:00
parent d5684d922f
commit dc7a92f22a
5 changed files with 78 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
models/users.js
View File

@@ -12,33 +12,40 @@ const userSchema = mongoose.Schema({
}, },
firstname: { firstname: {
type: String, type: String,
required: true,
maxlength: 24, maxlength: 24,
}, },
lastname: { lastname: {
type: String, type: String,
required: true,
maxlength: 24, maxlength: 24,
}, },
login: {
type: String,
maxlength: 64
},
billing: { billing: {
NIP: { NIP: {
type: String, type: String,
required: true,
maxlength: 20, maxlength: 20,
}, },
adress: { adress: {
type: String, type: String,
required: true,
maxlength: 128, maxlength: 128,
}, },
companyName: { companyName: {
type: String, type: String,
required: true,
maxlength: 64, maxlength: 64,
}, },
}, },
isRestaurant: Boolean,
restaurants: [mongoose.Types.ObjectId], restaurants: [mongoose.Types.ObjectId],
trialUsed: Boolean, trialUsed: Boolean,
preferences: {
excludeAllergens: [String],
vegetarian: Boolean,
vegan: Boolean,
},
favoriteRestaurants: [mongoose.Types.ObjectId],
photos: [mongoose.Types.ObjectId]
}); });
module.exports = mongoose.model("User", userSchema); module.exports = mongoose.model("User", userSchema);

13
routes/routeSearch.js
View File

@@ -2,6 +2,7 @@ const express = require("express");
const Restaurant = require("../models/restaurant.js"); const Restaurant = require("../models/restaurant.js");
const sanitizer = require("string-sanitizer"); const sanitizer = require("string-sanitizer");
const { handleError } = require("../services/services.js"); const { handleError } = require("../services/services.js");
const { validateSearch } = require("../services/validations.js");
var router = express.Router(); var router = express.Router();
@@ -11,6 +12,7 @@ router.get("/", async (req, res) => {
try { try {
if (req.query.string.length > 0) { if (req.query.string.length > 0) {
const query = sanitizer.sanitize.keepUnicode(decodeURI(req.query.string)); const query = sanitizer.sanitize.keepUnicode(decodeURI(req.query.string));
validateSearch(query);
const regex = new RegExp(query, "i"); const regex = new RegExp(query, "i");
Restaurant.find( Restaurant.find(
@@ -43,12 +45,6 @@ router.get("/", async (req, res) => {
} }
}); });
// TEST
router.get("/test/", (req, res) => {
res.send(req.query.string);
});
// SEARCH RESTAURANTS BY LOCATION // SEARCH RESTAURANTS BY LOCATION
router.get("/location", async (req, res) => { router.get("/location", async (req, res) => {
@@ -72,12 +68,17 @@ router.get("/location", async (req, res) => {
router.get("/autocomplete/", (req, res) => { router.get("/autocomplete/", (req, res) => {
if (req.query.string.length > 0) { if (req.query.string.length > 0) {
var query = sanitizer.sanitize.keepUnicode(decodeURI(req.query.string)); var query = sanitizer.sanitize.keepUnicode(decodeURI(req.query.string));
validateSearch(query);
const regex = new RegExp(query, "i"); const regex = new RegExp(query, "i");
let cities = new Set(); let cities = new Set();
let restaurants = new Set(); let restaurants = new Set();
Restaurant.find( Restaurant.find(
{ $and: [
{ $or: [{ city: { $regex: regex } }, { name: { $regex: regex } }] }, { $or: [{ city: { $regex: regex } }, { name: { $regex: regex } }] },
{ $or: [{ hidden: false }, { hidden: { $exists: false } }] },
{ subscriptionActive: true },
], },
"name city", "name city",
(err, doc) => { (err, doc) => {
if (err) { if (err) {

9
routes/routeUser.js
View File

@@ -20,6 +20,7 @@ const {
} = require("../services/services.js"); } = require("../services/services.js");
const { resetPassword } = require("../services/mailServices.js"); const { resetPassword } = require("../services/mailServices.js");
const cookie = require("cookie"); const cookie = require("cookie");
const { validateLogin, validateRegister, validatePassword } = require("../services/validations.js");
var router = express.Router(); var router = express.Router();
@@ -29,6 +30,7 @@ router.post("/login", async (req, res) => {
if (!req.body.password || !req.body.email) { if (!req.body.password || !req.body.email) {
throw newError("Niepełne dane.", 204); throw newError("Niepełne dane.", 204);
} }
validateLogin(req.body);
const user = await fetchUser(req.body.email); const user = await fetchUser(req.body.email);
await checkPassword(req.body.password, user.password); await checkPassword(req.body.password, user.password);
const safeUser = await prepareSafeUser(user); const safeUser = await prepareSafeUser(user);
@@ -73,6 +75,7 @@ router.post("/refresh", async (req, res) => {
// REGISTER // REGISTER
router.post("/register", async (req, res) => { router.post("/register", async (req, res) => {
try { try {
validateRegister(req.body);
await checkEmailTaken(req.body.email); await checkEmailTaken(req.body.email);
const user = await createUser(req); const user = await createUser(req);
await user.save().catch((e) => { await user.save().catch((e) => {
@@ -90,6 +93,7 @@ router.post("/changepass", async (req, res) => {
if (!req.body.password || !req.body.email || !req.body.newPass) { if (!req.body.password || !req.body.email || !req.body.newPass) {
throw newError("Niepełne dane.", 204); throw newError("Niepełne dane.", 204);
} }
validateLogin(req.body);
const token = req.headers["x-auth-token"]; const token = req.headers["x-auth-token"];
validateUserToken(token); validateUserToken(token);
const user = await fetchUser(req.body.email); const user = await fetchUser(req.body.email);
@@ -117,8 +121,9 @@ router.post("/forgotpassword", async (req, res) => {
// RESET PASS // RESET PASS
router.post("/resetpass", async (req, res) => { router.post("/resetpass", async (req, res) => {
try { try {
validateUserToken(req.body.token); decodedToken = validateUserToken(req.body.token);
const user = await fetchUser(req.body.email); validatePassword(req.body.newPass)
const user = await fetchUser(decodedToken.email);
const newPassword = await hashPass(req.body.newPass); const newPassword = await hashPass(req.body.newPass);
await changeUserPass(user._id, newPassword); await changeUserPass(user._id, newPassword);
res.send("Hasło zostało zmienione."); res.send("Hasło zostało zmienione.");

2
services/services.js
View File

@@ -160,7 +160,7 @@ function yearFromNowDate() {
async function hashPass(pass) { async function hashPass(pass) {
if (pass.length < 6) { if (pass.length < 6) {
throw newError("Hasło za krótkie.", 500); throw newError("Hasło za krótkie.", 400);
} }
try { try {
const salt = await bcrypt.genSalt(10); const salt = await bcrypt.genSalt(10);

50
services/validations.js Normal file
View File

@@ -0,0 +1,50 @@
const validator = require('validator');
const { newError } = require("./services.js");
const validateLogin = function(requestBody){
const email = validator.isEmail(requestBody.email) && validator.isLength(requestBody.email, { max: 64 })
const password = validator.isLength(requestBody.password, { max: 64 });
if(!email || !password){
throw newError("Dane logowania nieprawidłowe :/", 400);
}
}
const validatePassword = function(pass){
const password = validator.isLength(pass, { min: 2, max: 64 });
}
const validateRegister = function(requestBody){
if(requestBody.isRestaurant){
const email = validator.isEmail(requestBody.email) && validator.isLength(requestBody.email, { max: 64 })
const password = validator.isLength(requestBody.password, { min:6, max:64 });
const firstname = validator.isLength(requestBody.firstname, { min:1, max:24 });
const lastname = validator.isLength(requestBody.lastname, { min:1, max:24 });
const NIP = validator.isLength(requestBody.NIP, { min:10, max:20 });
const adress = validator.isLength(requestBody.adress, { min:2, max:64 });
const companyName = validator.isLength(requestBody.companyName, { min:2, max:64 });
if(!email || !password || !firstname || !lastname || !NIP || !adress || !companyName) {
throw newError("Dane nieprawidłowe", 400)
}
} else {
const email = validator.isEmail(requestBody.email) && validator.isLength(requestBody.email, { max: 64 })
const password = validator.isLength(requestBody.password, { min:6, max:64 });
const login = validator.isLength(requestBody.login, { min:2, max:64 });
if(!email || !password || !login) {
throw newError("Dane nieprawidłowe", 400)
}
}
}
const validateSearch = function(string){
const valid = validator.isLength(string, { max: 64 }) && validator.isAlphanumeric(string)
if(!valid){
throw newError("Niepoprawne zapytanie", 400)
}
}
// EXPORTS
exports.validateLogin = validateLogin;
exports.validateRegister = validateRegister;
exports.validatePassword = validatePassword;
exports.validateSearch = validateSearch;