diff --git a/api/v1/content.js b/api/v1/content.js index 521d3d1..3f41348 100755 --- a/api/v1/content.js +++ b/api/v1/content.js @@ -2,12 +2,11 @@ const User = require('../../models/User'); const Category = require('../../models/Category'); const Post = require('../../models/Post'); const config = require('../../config'); -const secret = require('../../secret'); const { authenticateEndpoint } = require('./authfunctions'); const mongoose = require('mongoose'); -const { body, query, param, validationResult } = require('express-validator'); +const { body, param, validationResult } = require('express-validator'); const express = require('express'); const app = express.Router(); @@ -40,12 +39,7 @@ app.post('/category/create', [ res.status(200).json({ error: false, message: 'SUCCESS_CATEGORY_CREATED', - category: { - title: category.title, - creator: category.creator, - posts: category.posts, - _id: category._id - } + category: category.getPublicObject() }); }, undefined, config.roleMap.USER)); @@ -104,10 +98,10 @@ app.get('/category/:category/info', [ } const categoryId = req.params.category; - const category = await Category.findById(categoryId).populate('posts.creator', 'username _id'); + const category = await Category.findById(categoryId).populate('posts.creator', User.getPulicFields()); // TODO: Implement subscribing to a channel and stuff - const users = await User.find().sort({ _id: -1 }).limit(50).select('username _id') + const users = await User.find().sort({ _id: -1 }).limit(50).select(User.getPulicFields()) if (!category) { res.status(404).json({ @@ -120,12 +114,10 @@ app.get('/category/:category/info', [ res.status(200).json({ error: false, message: 'SUCCESS_CATEGORY_DATA_FETCHED', - category: { - title: category.title, - creator: category.creator, - posts: category.posts, - users: users, - usersListLimit: 50 + category: category.getPublicObject(), + userInfo: { + userListLimit: 50, + users: users } }); })); @@ -137,7 +129,7 @@ app.get('/category/list', authenticateEndpoint(async (req, res, user) => { } // TODO: This is probably not efficient - const categories = await Category.find().sort({ _id: -1 }).limit(count).select('-posts -__v').populate('creator', 'username _id'); + const categories = await Category.find().sort({ _id: -1 }).limit(count).select('-posts -__v').populate('creator', User.getPulicFields()); res.status(200).json({ error: false, diff --git a/api/v1/users.js b/api/v1/users.js index b0d4adb..1274df7 100755 --- a/api/v1/users.js +++ b/api/v1/users.js @@ -147,17 +147,15 @@ app.post('/token/create', [ }); }); -app.get('/current/info', authenticateEndpoint((req, res, user) => { +app.get('/current/info', authenticateEndpoint(async (req, res, user) => { + const userObject = await user.getFullObject(); + res.status(200).json({ error: false, message: 'SUCCESS_USER_DATA_FETCHED', user: { - _id: user._id, - username: user.username, - email: user.email, - role: user.role, - permissionLevel: config.roleMap[user.role], - token: req.cookies.token // TODO: Passing the token like this is *terribly* insecure + token: req.cookies.token, // TODO: Passing the token like this is *terribly* insecure + ...userObject }, }); }, undefined, 0)); @@ -184,11 +182,7 @@ app.get('/user/:userid/info', [ res.status(200).json({ error: false, message: 'SUCCESS_USER_DATA_FETCHED', - user: { - _id: otherUser._id, - username: otherUser.username, - role: otherUser.role - }, + user: await otherUser.getPublicObject(), }); })); diff --git a/config.js b/config.js index 38600f1..a225337 100755 --- a/config.js +++ b/config.js @@ -3,7 +3,7 @@ module.exports = { mainServerPort: 3000, }, address: 'localhost', - mongoUrl: 'mongodb://localhost:27017/app', + mongoUrl: 'mongodb://192.168.0.105:27017/app', bcryptRounds: 10, roleMap: { 'BANNED': 0, diff --git a/models/Category.js b/models/Category.js index 70e7562..2641b79 100755 --- a/models/Category.js +++ b/models/Category.js @@ -1,10 +1,22 @@ const mongoose = require('mongoose'); const Post = require('./Post'); +const User = require('./User'); -const Category = mongoose.model('Category', { +const categorySchema = new mongoose.Schema({ title: String, creator: {type: mongoose.Schema.Types.ObjectId, ref: 'User'}, posts: [Post.schema] }); +categorySchema.method('getPublicObject', function() { + return { + title: this.title, + creator: this.populate('creator', User.getPulicFields()).creator, + posts: this.posts, + _id: this._id + } +}); + +const Category = mongoose.model('Category', categorySchema); + module.exports = Category; \ No newline at end of file diff --git a/models/User.js b/models/User.js index f0b7add..cf93929 100755 --- a/models/User.js +++ b/models/User.js @@ -1,14 +1,42 @@ +const config = require('../config'); + const mongoose = require('mongoose'); -const User = mongoose.model('User', { +const userSchema = new mongoose.Schema({ username: String, password: String, email: String, role: String }); +userSchema.method('getPublicObject', function() { + return { + username: this.username, + permissionLevel: config.roleMap[this.role], + role: this.role, + _id: this._id + } +}); + +userSchema.method('getFullObject', function() { + return { + username: this.username, + password: this.password, + email: this.email, + permissionLevel: config.roleMap[this.role], + role: this.role, + _id: this._id + } +}); + +const User = mongoose.model('User', userSchema); + User.findByUsername = async function(username) { return await User.findOne({ username }).exec(); }; +User.getPulicFields = function() { + return 'username role _id'; +}; + module.exports = User; \ No newline at end of file