backend project (nodeapp) is added

Author: pablo-sch

nodeapp/.env.example

@@ -0,0 +1,2 @@
+MONGODB_CONNSTR=mongodb://localhost/cursonode
+SESSION_SECRET="secret_string"

nodeapp/README.md

@@ -0,0 +1,23 @@
+# NodeApp
+
+## Installation
+
+Install dependencies with:
+
+```sh
+npm install
+```
+
+Copy environment variables example to .env:
+
+```sh
+cp .env.example .env
+```
+
+Review your new .env values to match your configuration.
+
+On first deploy you can use the next command to initialize the database:
+
+```sh
+npm run initDB
+```

nodeapp/app.js

@@ -0,0 +1,73 @@
+import path from 'node:path'
+import express from 'express'
+import createError from 'http-errors'
+import logger from 'morgan'
+import connectMongoose from './lib/connectMongoose.js'
+import * as homeController from './controllers/homeController.js'
+import * as loginController from './controllers/loginController.js'
+import * as agentsController from './controllers/agentsController.js'
+import * as sessionManager from './lib/sessionManager.js'
+import upload from './lib/uploadConfigure.js'
+import i18n from './lib/i18nConfigure.js'
+
+await connectMongoose() // top level await thanks to ES modules
+console.log('Connected to MongoDB.')
+
+const app = express()
+
+app.set('views', 'views') // views folder
+app.set('view engine', 'html')
+app.engine('html', (await import('ejs')).__express)
+
+app.locals.appName = 'NodeApp'
+
+app.use(logger('dev'))
+app.use(express.urlencoded({ extended: false }))
+app.use(express.static(path.join(import.meta.dirname, 'public')))
+
+/**
+ * Application routes
+ */
+app.use(sessionManager.middleware)
+app.use(sessionManager.useSessionInViews)
+app.use(i18n.init)
+app.get('/', homeController.index)
+app.get('/login', loginController.index)
+app.post('/login', loginController.postLogin)
+app.get('/logout', loginController.logout)
+app.get('/agents/new', sessionManager.guard, agentsController.index)
+app.post('/agents/new', sessionManager.guard, upload.single('avatar') , agentsController.postNew)
+app.get('/agents/delete/:agentId', sessionManager.guard, agentsController.deleteAgent)
+
+// Ejemplos
+app.get('/param_in_route/:num?', homeController.paranInRoute)
+app.get('/param_in_route_multiple/:product/size/:size([0-9]+)/color/:color', homeController.paranInRouteMultiple)
+app.get('/param_in_query', homeController.validateParamInQuery, homeController.paramInQuery)
+app.post('/post_with_body', homeController.postWithBody)
+
+// catch 404 and send error
+app.use((req, res, next) => {
+  next(createError(404))
+})
+
+// error handler
+app.use((err, req, res, next) => {
+
+  // manage validation errors
+  if (err.array) {
+    err.message = 'Invalid request: ' + err.array()
+      .map(e => `${e.location} ${e.type} "${e.path}" ${e.msg}`)
+      .join(', ')
+    err.status = 422
+  }
+
+  res.status(err.status || 500)
+
+  // set locals, including error information in development
+  res.locals.message = err.message
+  res.locals.error = process.env.NODEAPP_ENV === 'development' ? err : {}
+
+  res.render('error')
+})
+
+export default app

nodeapp/controllers/agentsController.js

@@ -0,0 +1,44 @@
+import Agent from '../models/Agent.js'
+
+export function index(req, res, next) {
+  res.render('new-agent')
+}
+
+export async function postNew(req, res, next) {
+  try {
+    const { name, age } = req.body
+    const userId = req.session.userId
+
+    // TODO validaciones
+
+    // creo una instancia de agente en memoria
+    const agent = new Agent({
+      name,
+      age,
+      owner: userId,
+      avatar: req.file.filename
+    })
+
+    // lo guardo en base de datos
+    await agent.save()
+
+    res.redirect('/')
+
+  } catch (error) {
+    next(error)
+  }
+}
+
+export async function deleteAgent(req, res, next) {
+  try {
+    const userId = req.session.userId
+    const agentId = req.params.agentId
+
+    await Agent.deleteOne({ _id: agentId, owner: userId })
+
+    res.redirect('/')
+
+  } catch (error) {
+    next(error)
+  }
+}

nodeapp/controllers/homeController.js

@@ -0,0 +1,95 @@
+import { query, validationResult } from 'express-validator'
+import Agent from '../models/Agent.js'
+
+export async function index(req, res, next) {
+  try {
+    const userId = req.session.userId
+
+    // Filters
+    // http://localhost:3000/?name=Smith
+    const filterName = req.query.name
+    // http://localhost:3000/?age=33
+    const filterAge = req.query.age
+
+    // Pagination
+    // http://localhost:3000/?limit=2&skip=2
+    const limit = req.query.limit
+    const skip = req.query.skip
+
+    // Sorting
+    // http://localhost:3000/?sort=-name
+    // http://localhost:3000/?sort=-age%20-name
+    const sort = req.query.sort
+
+    const filter = {
+      owner: userId,
+    }
+
+    if (filterName) {
+      filter.name = filterName
+    }
+
+    if (filterAge) {
+      filter.age = filterAge
+    }
+
+    res.locals.agents = await Agent.list(filter, limit, skip, sort)
+
+    const now = new Date()
+    res.locals.esPar = (now.getSeconds() % 2) === 0
+    res.locals.segundoActual = now.getSeconds()
+
+    res.locals.codigo = '<script>alert("inyectado!!!")</script>'
+
+    res.render('home')
+
+  } catch (error) {
+    next(error)
+  }
+}
+
+// /param_in_route/45
+export function paranInRoute(req, res, next) {
+  const num = req.params.num
+
+  res.send('me has pasado ' + num)
+}
+
+// /param_in_route_multiple/pantalon/size/M/color/blue
+export function paranInRouteMultiple(req, res, next) {
+  const product = req.params.product
+  const size = req.params.size
+  const color = req.params.color
+
+  res.send(`quieres un ${product} de talla ${size} y color ${color}`)
+}
+
+// /param_in_query?color=rojo
+export const validateParamInQuery = [
+  query('color')
+    // .notEmpty()
+    .custom(value => {
+      return ['red', 'blue'].includes(value)
+    })
+    .withMessage('must be red or blue'),
+  query('talla')
+    .isNumeric()
+    .withMessage('must be numeric')
+]
+export function paramInQuery(req, res, next) {
+  validationResult(req).throw()
+
+  const color = req.query.color
+
+
+  console.log(req.query)
+
+  res.send(`el color es ${color}`)
+}
+
+// POST /post_with_body
+export function postWithBody(req, res, next) {
+  const { age, color } = req.body
+
+  res.send('ok')
+}

nodeapp/controllers/loginController.js

@@ -0,0 +1,43 @@
+import User from '../models/User.js'
+
+export function index(req, res, next) {
+  res.locals.error = ''
+  res.locals.email = ''
+  res.render('login')
+}
+
+export async function postLogin(req, res, next) {
+  try {
+    const { email, password } = req.body
+    const redir = req.query.redir
+
+    // buscar el usuario en la base de datos
+    const user = await User.findOne({ email: email })
+
+    // si no lo encuentro, o la contraseña no coincide --> error
+    if (!user || !(await user.comparePassword(password))) {
+      res.locals.error = 'Invalid credentials'
+      res.locals.email = email
+      res.render('login')
+      return
+    }
+
+    // si el usuario existe y la contraseña es buena --> redirect a la home
+    req.session.userId = user.id
+
+    res.redirect(redir ? redir : '/')
+
+  } catch (error) {
+    next(error)
+  }
+}
+
+export function logout(req, res, next) {
+  req.session.regenerate(err => {
+    if (err) {
+      next(err)
+      return
+    }
+    res.redirect('/')
+  })
+}

nodeapp/initDB.js

@@ -0,0 +1,62 @@
+import 'dotenv/config'
+
+import readline from 'node:readline/promises'
+import connectMongoose from './lib/connectMongoose.js'
+import Agent from './models/Agent.js'
+import User from './models/User.js'
+
+const connection = await connectMongoose()
+console.log('Connected to MongoDB:', connection.name)
+
+const answer = await ask('Are you sure you want to delete database collections? (n)')
+if (answer.toLowerCase() !== 'y') {
+  console.log('Operation aborted.')
+  process.exit()
+}
+
+await initUsers()
+await initAgents()
+
+await connection.close()
+
+async function initAgents() {
+  // delete all agents
+  const result = await Agent.deleteMany()
+  console.log(`Deleted ${result.deletedCount} agents.`)
+
+  const [admin, user] = await Promise.all([
+    User.findOne({ email: 'admin@example.com'}),
+    User.findOne({ email: 'user@example.com'}),
+  ])
+
+  // create agents
+  const insertResult = await Agent.insertMany([
+    { name: 'Smith', age: 45, owner: admin._id },
+    { name: 'Brown', age: 33, owner: admin._id },
+    { name: 'Jones', age: 24, owner: user._id},
+  ])
+  console.log(`Inserted ${insertResult.length} agents.`)
+}
+
+async function initUsers() {
+  // delete all users
+  const result = await User.deleteMany()
+  console.log(`Deleted ${result.deletedCount} users.`)
+
+  // create users
+  const insertResult = await User.insertMany([
+    { email: 'admin@example.com', password: await User.hashPassword('1234') },
+    { email: 'user@example.com', password: await User.hashPassword('1234') },
+  ])
+  console.log(`Inserted ${insertResult.length} users.`)
+}
+
+async function ask(question) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  })
+  const result = await rl.question(question)
+  rl.close()
+  return result
+}

nodeapp/lib/connectMongoose.js

@@ -0,0 +1,7 @@
+import mongoose from 'mongoose'
+
+export default function connectMongoose() {
+  return mongoose.connect(process.env.MONGODB_CONNSTR)
+    .then(mongoose => mongoose.connection)
+}
+

nodeapp/lib/i18nConfigure.js

@@ -0,0 +1,13 @@
+import { I18n } from 'i18n'
+import path from 'node:path'
+import { __dirname } from './utils.js'
+
+const i18n = new I18n({
+  locales: ['en', 'es'],
+  directory: path.join(__dirname, '..', 'locales'),
+  defaultLocale: 'en',
+  autoReload: true, // watch for changes in JSON files to reload locale on updates - defaults to false
+  syncFiles: true, // sync locale information across all files - defaults to false
+})
+
+export default i18n