lint and logging pass prepared for in server auth from this end

2025-12-24 18:32:41 +00:00 · 2024-12-14 22:24:52 +01:00
parent 4f57f006ce
commit b26526a2f1
1 changed files with 50 additions and 52 deletions
--- a/server/app.js
+++ b/server/app.js
@@ -2,7 +2,7 @@
 // Set working directory to project root
 import { dirname }       from 'path';
 import { fileURLToPath } from 'url';
-import packageJSON       from './../package.json' with { type: "json" };
+import packageJSON       from './../package.json' with { type: 'json' };

 const __dirname = dirname(fileURLToPath(import.meta.url));
 process.chdir(`${__dirname}/..`);
@@ -26,7 +26,7 @@ import serveCompressedStaticAssets from './static-assets.mv.js';
 import sanitizeFilename            from 'sanitize-filename';
 import asyncHandler                from 'express-async-handler';
 import templateFn                  from '../client/template.js';
-import {model as HomebrewModel }   from './homebrew.model.js';
+import { model as HomebrewModel }   from './homebrew.model.js';

 import { DEFAULT_BREW }              from './brewDefaults.js';
 import { splitTextStyleAndMetadata } from '../shared/helpers.js';
@@ -47,7 +47,7 @@ const sanitizeBrew = (brew, accessType)=>{
 	return brew;
 };

-app.set('trust proxy', 1 /* number of proxies between user and server */)
+app.set('trust proxy', 1 /* number of proxies between user and server */);

 app.use('/', serveCompressedStaticAssets(`build`));
 app.use(contentNegotiation);
@@ -61,30 +61,30 @@ const nodeEnv = config.get('node_env');
 const isLocalEnvironment = config.get('local_environments').includes(nodeEnv);

 const corsOptions = {
-    origin: (origin, callback) => {
+	origin : (origin, callback)=>{

-        const allowedOrigins = [
-            'https://homebrewery.naturalcrit.com',
-            'https://naturalcrit.com',
-            'https://naturalcrit-stage.herokuapp.com',
-            'https://homebrewery-stage.herokuapp.com',
-        ];
+		const allowedOrigins = [
+			'https://homebrewery.naturalcrit.com',
+			'https://naturalcrit.com',
+			'https://naturalcrit-stage.herokuapp.com',
+			'https://homebrewery-stage.herokuapp.com',
+		];

-        if (isLocalEnvironment) {
-            allowedOrigins.push('http://localhost:8000', 'http://localhost:8010');
-        }
+		if(isLocalEnvironment) {
+			allowedOrigins.push('http://localhost:8000', 'http://localhost:8010');
+		}

-        const herokuRegex = /^https:\/\/(?:homebrewery-pr-\d+\.herokuapp\.com|naturalcrit-pr-\d+\.herokuapp\.com)$/; // Matches any Heroku app
+		const herokuRegex = /^https:\/\/(?:homebrewery-pr-\d+\.herokuapp\.com|naturalcrit-pr-\d+\.herokuapp\.com)$/; // Matches any Heroku app

-        if (!origin || allowedOrigins.includes(origin) || herokuRegex.test(origin)) {
-            callback(null, true);
-        } else {
-            console.log(origin, 'not allowed');
-            callback(new Error('Not allowed by CORS, if you think this is an error, please contact us'));
-        }
-    },
-    methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
-    credentials: true,
+		if(!origin || allowedOrigins.includes(origin) || herokuRegex.test(origin)) {
+			callback(null, true);
+		} else {
+			console.log(origin, 'not allowed');
+			callback(new Error('Not allowed by CORS, if you think this is an error, please contact us'));
+		}
+	},
+	methods     : ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
+	credentials : true,
 };

 app.use(cors(corsOptions));
@@ -94,7 +94,6 @@ app.use((req, res, next)=>{
 	console.log('passing through acc middleware, checking for cookies now: does cookies exist? ', !!req.cookies, ', ok, does the session cookie exist? ', !!req.cookies.nc_session);
 	if(req.cookies && req.cookies.nc_session){
 		try {
-			console.log(`creating req.account equal to "${JSON.stringify(jwt.decode(req.cookies.nc_session, config.get('secret')))}"`);
 			req.account = jwt.decode(req.cookies.nc_session, config.get('secret'));
 			//console.log("Just loaded up JWT from cookie:");
 			//console.log(req.account);
@@ -312,7 +311,7 @@ app.get('/user/:username', async (req, res, next)=>{
 		console.log(err);
 	});

-	brews.forEach(brew => brew.stubbed = true); //All brews from MongoDB are "stubbed"
+	brews.forEach((brew)=>brew.stubbed = true); //All brews from MongoDB are "stubbed"

 	if(ownAccount && req?.account?.googleId){
 		const auth = await GoogleActions.authCheck(req.account, res);
@@ -352,33 +351,32 @@ app.get('/user/:username', async (req, res, next)=>{
 });

 //Change author name on brews
-app.put('/api/user/rename', async (req, res) => {
+app.put('/api/user/rename', async (req, res)=>{
 	console.log(req.account);
-    const { username, newUsername } = req.body;
-
+	const { username, newUsername } = req.body;
+	console.log(`is user ${req.account.username} equal to ${username}? ${req.account.username === username} ${req.account.username === username && 'then add the damn auth for renaming!'}`);
 	console.log('renaming');

-    if (!username || !newUsername) {
-        return res.status(400).json({ error: 'Username and newUsername are required.' });
-    }
-    try {
-        const brews = await HomebrewModel.getByUser(username, true, ['authors']);
-        const renamePromises = brews.map(async (brew) => {
-            const updatedAuthors = brew.authors.map((author) => 
-                author === username ? newUsername : author
-            );
-            return HomebrewModel.updateOne(
-                { _id: brew._id },
-                { $set: { authors: updatedAuthors } }
-            );
-        });
-        await Promise.all(renamePromises);
+	if(!username || !newUsername) {
+		return res.status(400).json({ error: 'Username and newUsername are required.' });
+	}
+	try {
+		const brews = await HomebrewModel.getByUser(username, true, ['authors']);
+		const renamePromises = brews.map(async (brew)=>{
+			const updatedAuthors = brew.authors.map((author)=>author === username ? newUsername : author
+			);
+			return HomebrewModel.updateOne(
+				{ _id: brew._id },
+				{ $set: { authors: updatedAuthors } }
+			);
+		});
+		await Promise.all(renamePromises);

-        return res.json({ success: true, message: `Brews for ${username} renamed to ${newUsername}.` });
-    } catch (error) {
-        console.error('Error renaming brews:', error);
-        return res.status(500).json({ error: 'Failed to rename brews.' });
-    }
+		return res.json({ success: true, message: `Brews for ${username} renamed to ${newUsername}.` });
+	} catch (error) {
+		console.error('Error renaming brews:', error);
+		return res.status(500).json({ error: 'Failed to rename brews.' });
+	}
 });

 //Edit Page
@@ -468,7 +466,7 @@ app.get('/share/:id', asyncHandler(getBrew('share')), asyncHandler(async (req, r
 app.get('/account', asyncHandler(async (req, res, next)=>{
 	const data = {};
 	data.title = 'Account Information Page';
-	
+
 	if(!req.account) {
 		res.set('WWW-Authenticate', 'Bearer realm="Authorization Required"');
 		const error = new Error('No valid account');
@@ -482,7 +480,7 @@ app.get('/account', asyncHandler(async (req, res, next)=>{
 	let googleCount = [];
 	if(req.account) {
 		if(req.account.googleId) {
-			auth = await GoogleActions.authCheck(req.account, res, false)
+			auth = await GoogleActions.authCheck(req.account, res, false);

 			googleCount = await GoogleActions.listGoogleBrews(auth)
 				.catch((err)=>{
@@ -543,8 +541,8 @@ app.get('/vault', asyncHandler(async(req, res, next)=>{
 }));

 //Send rendered page
-app.use(asyncHandler(async (req, res, next) => {
-	if (!req.route) return res.redirect('/'); // Catch-all for invalid routes
+app.use(asyncHandler(async (req, res, next)=>{
+	if(!req.route) return res.redirect('/'); // Catch-all for invalid routes

 	const page = await renderPage(req, res);
 	if(!page) return;