freeCodeCamp/api-server/server/utils/middleware.js

import dedent from 'dedent';
import { validationResult } from 'express-validator/check';

import { createValidatorErrorFormatter } from './create-handled-error.js';
import { homeLocation } from '../../../config/env';
import {
  getAccessTokenFromRequest,
  removeCookies
} from './getSetAccessToken.js';

export function ifNoUserRedirectTo(url, message, type = 'errors') {
  return function(req, res, next) {
    const { path } = req;
    if (req.user) {
      return next();
    }

    req.flash(type, message || `You must be signed in to access ${path}`);

    return res.redirect(url);
  };
}

export function ifNoUserSend(sendThis) {
  return function(req, res, next) {
    if (req.user) {
      return next();
    }
    return res.status(200).send(sendThis);
  };
}

export function ifNoUser401(req, res, next) {
  if (req.user) {
    return next();
  }
  return res.status(401).end();
}

export function ifNotVerifiedRedirectToUpdateEmail(req, res, next) {
  const { user } = req;
  if (!user) {
    return next();
  }
  if (!user.emailVerified) {
    req.flash(
      'danger',
      dedent`
        We do not have your verified email address on record,
        please add it in the settings to continue with your request.
      `
    );
    return res.redirect('/settings');
  }
  return next();
}

export function ifUserRedirectTo(path = `${homeLocation}/welcome`, status) {
  status = status === 302 ? 302 : 301;
  return (req, res, next) => {
    const { accessToken } = getAccessTokenFromRequest(req);
    if (req.user && accessToken) {
      return res.status(status).redirect(path);
    }
    if (req.user && !accessToken) {
      // This request has an active auth session
      // but there is no accessToken attached to the request
      // perhaps the user cleared cookies?
      // we need to remove the zombie auth session
      removeCookies(req, res);
      delete req.session.passport;
    }
    return next();
  };
}

// for use with express-validator error formatter
export const createValidatorErrorHandler = (...args) => (req, res, next) => {
  const validation = validationResult(req).formatWith(
    createValidatorErrorFormatter(...args)
  );

  if (!validation.isEmpty()) {
    const errors = validation.array();
    return next(errors.pop());
  }

  return next();
};
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`import dedent from 'dedent';`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00			`import { validationResult } from 'express-validator/check';`

			`import { createValidatorErrorFormatter } from './create-handled-error.js';`
feat(docker): Prep master for docker deploys 2019-02-04 11:42:31 +00:00			`import { homeLocation } from '../../../config/env';`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`import {`
			`getAccessTokenFromRequest,`
			`removeCookies`
			`} from './getSetAccessToken.js';`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00
			`export function ifNoUserRedirectTo(url, message, type = 'errors') {`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00			`return function(req, res, next) {`
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00			`const { path } = req;`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00			`if (req.user) {`
			`return next();`
			`}`
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			req.flash(type, message \|\| `You must be signed in to access ${path}`);
Add redirect to user page on submit 2015-10-06 00:13:51 -07:00
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00			`return res.redirect(url);`
			`};`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
refactor returnIndividualBonfires 2015-06-20 11:43:12 -07:00
Add certification page 2015-10-02 11:47:36 -07:00			`export function ifNoUserSend(sendThis) {`
fix send 200 to non users on post to challenges fix remove random 'yo' debug 2015-06-22 16:43:31 -07:00			`return function(req, res, next) {`
			`if (req.user) {`
			`return next();`
			`}`
			`return res.status(200).send(sendThis);`
			`};`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
fix cannot read property id of user durring upvote post to upvote without auth returns 401 2015-08-18 19:48:42 -07:00
Add certification page 2015-10-02 11:47:36 -07:00			`export function ifNoUser401(req, res, next) {`
fix cannot read property id of user durring upvote post to upvote without auth returns 401 2015-08-18 19:48:42 -07:00			`if (req.user) {`
			`return next();`
			`}`
			`return res.status(401).end();`
Add certification page 2015-10-02 11:47:36 -07:00			`}`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`export function ifNotVerifiedRedirectToUpdateEmail(req, res, next) {`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`const { user } = req;`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`if (!user) {`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30			`return next();`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`}`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`if (!user.emailVerified) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash(`
			`'danger',`
			dedent`
			`We do not have your verified email address on record,`
			`please add it in the settings to continue with your request.`
			`
			`);`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return res.redirect('/settings');`
fix(email): Remove flash until author required bug is fixed 2016-06-02 23:39:23 -07:00			`}`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return next();`
Add email verification and notifications This commit - [x] Fixes the flash notice color (Trivial) - [x] Adds flash message for user with no email. - [x] Adds checks to see if user's email is verified, and displays corresponding notification. - [x] Adds email templates. 2016-05-07 17:46:39 +05:30			`}`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			export function ifUserRedirectTo(path = `${homeLocation}/welcome`, status) {
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`status = status === 302 ? 302 : 301;`
			`return (req, res, next) => {`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`const { accessToken } = getAccessTokenFromRequest(req);`
			`if (req.user && accessToken) {`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`return res.status(status).redirect(path);`
			`}`
fix: Delete zombie auth properties from session 2019-03-04 21:14:41 +00:00			`if (req.user && !accessToken) {`
			`// This request has an active auth session`
			`// but there is no accessToken attached to the request`
			`// perhaps the user cleared cookies?`
			`// we need to remove the zombie auth session`
			`removeCookies(req, res);`
			`delete req.session.passport;`
			`}`
fix(passwordless): Reduce db calls, run in parallel Adds validations, reduces the number of database calls, separates concers. reduces logic 2017-12-27 10:11:17 -08:00			`return next();`
			`};`
			`}`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00
			`// for use with express-validator error formatter`
			`export const createValidatorErrorHandler = (...args) => (req, res, next) => {`
fix(auth): Fix auth flow for the client app 2018-10-24 00:24:48 +01:00			`const validation = validationResult(req).formatWith(`
			`createValidatorErrorFormatter(...args)`
			`);`
fix(updateMyCurrentChallenge): Bad mongo id will return user error Mark these errors to be reported to the user instead of logged as a server fault 2018-01-22 17:08:33 -08:00
			`if (!validation.isEmpty()) {`
			`const errors = validation.array();`
			`return next(errors.pop());`
			`}`

			`return next();`
			`};`