freeCodeCamp/api-server/src/server/utils/middleware.js

import dedent from 'dedent';
import { validationResult } from 'express-validator';

import { createValidatorErrorFormatter } from './create-handled-error.js';

import {
  getAccessTokenFromRequest,
  removeCookies
} from './getSetAccessToken.js';
import { getRedirectParams } from './redirection';

export function ifNoUserRedirectHome(message, type = 'errors') {
  return function (req, res, next) {
    const { path } = req;
    if (req.user) {
      return next();
    }

    const { origin } = getRedirectParams(req);
    req.flash(type, message || `You must be signed in to access ${path}`);

    return res.redirect(origin);
  };
}

export function ifNoUserSend(sendThis) {
  return function (req, res, next) {
    if (req.user) {
      return next();
    }
    return res.status(200).send(sendThis);
  };
}

export function ifNoUser401(req, res, next) {
  if (req.user) {
    return next();
  }
  return res.status(401).end();
}

export function ifNotVerifiedRedirectToUpdateEmail(req, res, next) {
  const { user } = req;
  if (!user) {
    return next();
  }
  if (!user.emailVerified) {
    req.flash(
      'danger',
      dedent`
        We do not have your verified email address on record,
        please add it in the settings to continue with your request.
      `
    );
    return res.redirect('/settings');
  }
  return next();
}

export function ifUserRedirectTo(status) {
  status = status === 301 ? 301 : 302;
  return (req, res, next) => {
    const { accessToken } = getAccessTokenFromRequest(req);
    const { returnTo } = getRedirectParams(req);
    if (req.user && accessToken) {
      return res.status(status).redirect(returnTo);
    }
    if (req.user && !accessToken) {
      // This request has an active auth session
      // but there is no accessToken attached to the request
      // perhaps the user cleared cookies?
      // we need to remove the zombie auth session
      removeCookies(req, res);
      delete req.session.passport;
    }
    return next();
  };
}

// for use with express-validator error formatter
export const createValidatorErrorHandler = (...args) => (req, res, next) => {
  const validation = validationResult(req).formatWith(
    createValidatorErrorFormatter(...args)
  );

  if (!validation.isEmpty()) {
    const errors = validation.array();
    return next(errors.pop());
  }

  return next();
};
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`import dedent from 'dedent';`
chore(api): migrate from express-validator 5 to 6 (#40363) 2020-12-03 16:47:38 +01:00			`import { validationResult } from 'express-validator';`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00
			`import { createValidatorErrorFormatter } from './create-handled-error.js';`
fix: re-revert the API decoupling (#41263) * fix(api): decouple api from curriculum This reverts commit 8f0e441644c6e31e2e837e2b3d95efb8a6622787 and introduces the implementations from #40703. * fix(gitpod): add curriculum build to GitPod This reverts commit 706d70f58d8e4f82b16544edd6bebb8564953850 and introduces implementations from #41234. * docs: update DevOps manual for api change (#41259) Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com> 2021-02-26 01:32:35 +05:30
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`import {`
			`getAccessTokenFromRequest,`
			`removeCookies`
			`} from './getSetAccessToken.js';`
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`import { getRedirectParams } from './redirection';`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`export function ifNoUserRedirectHome(message, type = 'errors') {`
chore(deps): upgrade eslint, prettier & related packages 2021-03-11 00:31:46 +05:30			`return function (req, res, next) {`
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00			`const { path } = req;`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00			`if (req.user) {`
			`return next();`
			`}`
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`const { origin } = getRedirectParams(req);`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			req.flash(type, message \|\| `You must be signed in to access ${path}`);
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`return res.redirect(origin);`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00			`};`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00
Add certification page 2015-10-02 11:47:36 -07:00			`export function ifNoUserSend(sendThis) {`
chore(deps): upgrade eslint, prettier & related packages 2021-03-11 00:31:46 +05:30			`return function (req, res, next) {`
fix send 200 to non users on post to challenges fix remove random 'yo' debug 2015-06-22 16:43:31 -07:00			`if (req.user) {`
			`return next();`
			`}`
			`return res.status(200).send(sendThis);`
			`};`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
fix cannot read property id of user durring upvote post to upvote without auth returns 401 2015-08-18 19:48:42 -07:00
Add certification page 2015-10-02 11:47:36 -07:00			`export function ifNoUser401(req, res, next) {`
fix cannot read property id of user durring upvote post to upvote without auth returns 401 2015-08-18 19:48:42 -07:00			`if (req.user) {`
			`return next();`
			`}`
			`return res.status(401).end();`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`export function ifNotVerifiedRedirectToUpdateEmail(req, res, next) {`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`const { user } = req;`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`if (!user) {`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30			`return next();`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`}`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`if (!user.emailVerified) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash(`
			`'danger',`
			dedent`
			`We do not have your verified email address on record,`
			`please add it in the settings to continue with your request.`
			`
			`);`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return res.redirect('/settings');`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`}`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return next();`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30			`}`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`export function ifUserRedirectTo(status) {`
feat(api): add custom redirect back 2019-10-21 17:03:00 +05:30			`status = status === 301 ? 301 : 302;`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`return (req, res, next) => {`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`const { accessToken } = getAccessTokenFromRequest(req);`
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`const { returnTo } = getRedirectParams(req);`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`if (req.user && accessToken) {`
fix(api): only use homeLocation as a fallback (#40517) 2020-12-30 20:10:38 +01:00			`return res.status(status).redirect(returnTo);`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`}`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`if (req.user && !accessToken) {`
			`// This request has an active auth session`
			`// but there is no accessToken attached to the request`
			`// perhaps the user cleared cookies?`
			`// we need to remove the zombie auth session`
			`removeCookies(req, res);`
			`delete req.session.passport;`
			`}`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`return next();`
			`};`
			`}`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00
			`// for use with express-validator error formatter`
			`export const createValidatorErrorHandler = (...args) => (req, res, next) => {`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`const validation = validationResult(req).formatWith(`
			`createValidatorErrorFormatter(...args)`
			`);`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00
			`if (!validation.isEmpty()) {`
			`const errors = validation.array();`
			`return next(errors.pop());`
			`}`

			`return next();`
			`};`