[前後分離組]于旺、Yan.Y、ET

.env.example

@@ -0,0 +1,4 @@
+SESSION_SECRET=
+JWT_SECRET=
+PORT=
+IMGUR_CLIENT_ID=

.eslintignore

@@ -0,0 +1,2 @@
+/node_modules/*
+/tests/*

.eslintrc.yml

@@ -0,0 +1,12 @@
+env:
+  browser: true
+  commonjs: true
+  es2021: true
+extends: 
+  - standard
+parserOptions:
+  ecmaVersion: 12
+rules:
+  arrow-parens:
+    - warn
+    - as-needed

.gitignore

@@ -84,4 +84,8 @@ typings/
 .fusebox/
 
 # DynamoDB Local files
-.dynamodb/
+.dynamodb/
+
+#temp
+temp/
+upload/

Procfile

@@ -0,0 +1 @@
+web: NODE_ENV=production node app.js

README.md

@@ -0,0 +1,27 @@
+# twitter-api-2023
+ALPHA Camp | 學期 3 | Simple Twitter | 自動化測試檔 (前後分離組) 
+# 前端網站: 
+https://s1030905.github.io/twitter-frontend-2023/
+由 blueelsa 開發(https://github.com/bluelsa)
+
+# Environment - 開發環境
+node v14.16.0
+nodemon
+
+#Installation and Execution - 安裝與執行步驟
+1. 創建資料夾
+2. 安裝所需packages。指令`npm i`
+3. 建立SQL資料庫。指令 `create database ac_twitter_workspace`
+4. 建立資料表。指令 `npx sequelize db:migrate`
+5. 建立種子檔。指令 `npx sequelize db:seed:all`
+6. 建立環境參數(請參考.env.example)。
+7. 啟動伺服器。指令`npm run dev`
+
+# Note:
+#管理者帳號:
+account: root
+password: 12345678
+
+#使用者帳號:
+account: user1
+password: 12345678

_helpers.js

@@ -1,8 +1,17 @@
 
-function getUser(req) {
-  return req.user;
+function getUser (req) {
+  return req.user || null
+}
+
+function ensureAuthenticated (req) {
+  return req.isAuthenticated()
 }
 
 module.exports = {
-  getUser,
-};
+  getUser, ensureAuthenticated
+}
+
+// use helpers.getUser(req) to replace req.user
+// function authenticated (req, res, next) {
+//   // passport.authenticate('jwt', { ses...
+// }

app.js

@@ -1,15 +1,67 @@
+if (process.env.NODE_ENV !== 'production') {
+  require('dotenv').config()
+}
+
+const path = require('path')
 const express = require('express')
-const helpers = require('./_helpers');
+const passport = require('./config/passport')
+const flash = require('connect-flash')
+const { apis, pages } = require('./routes')
+const methodOverride = require('method-override')
+const session = require('express-session')
+const cors = require('cors')
 
 const app = express()
-const port = 3000
+const port = process.env.PORT || 8080
+
+// 解析request主體
+app.use(express.urlencoded({ extended: true }))
+app.use(express.json())
+app.use(methodOverride('_method'))
+app.use('/upload', express.static(path.join(__dirname, 'upload')))
+
+// session設定
+app.use(
+  session({
+    secret: process.env.SESSION_SECRET || 'NonSecret',
+    resave: false,
+    saveUninitialized: true
+  })
+)
+
+// passport初始化
+app.use(passport.initialize())
+// app.use(passport.session())
+
+// flash
+app.use(flash())
+
+// cors
+const corsOptions = {
+  // origin: [
+  //   'http://localhost:3000',
+  //   'https://bluelsa.github.io',
+  //   'https://s1030905.github.io',
+  //   'https://4457-2001-b011-7003-76bd-f067-d1c2-c9bc-905.ngrok-free.app'
+  // ],
+  origin: '*',
+  methods: 'GET,HEAD,PUT,PATCH,POST,DELETE,OPTIONS',
+  allowedHeaders: ['Content-Type', 'Authorization']
+}
+app.use(cors(corsOptions))
+
+// locals
+app.use((req, res, next) => {
+  res.locals.error_messages = req.flash('error_messages')
+  next()
+})
 
-// use helpers.getUser(req) to replace req.user
-function authenticated(req, res, next){
-  // passport.authenticate('jwt', { ses...
-};
+// routes
+app.use('/api', apis)
+app.use('/', pages)
 
-app.get('/', (req, res) => res.send('Hello World!'))
-app.listen(port, () => console.log(`Example app listening on port ${port}!`))
+app.listen(port, () =>
+  console.log(`Example app listening on http://localhost:${port}`)
+)
 
 module.exports = app

config/config.json

@@ -15,11 +15,7 @@
     "logging": false
   },
   "production": {
-    "username": "root",
-    "password": null,
-    "database": "database_production",
-    "host": "127.0.0.1",
-    "dialect": "mysql"
+    "use_env_variable": "CLEARDB_DATABASE_URL"
   },
   "travis": {
     "username": "travis",
@@ -34,4 +30,4 @@
     "host": "127.0.0.1",
     "dialect": "mysql"
   }
-}
+}

config/passport.js

@@ -1,5 +1,75 @@
 const passport = require('passport')
+const LocalStrategy = require('passport-local').Strategy
+const passportJWT = require('passport-jwt')
+const JWTStrategy = passportJWT.Strategy
+const ExtractJWT = passportJWT.ExtractJwt
+const bcrypt = require('bcryptjs')
+const { User } = require('../models')
 
+// LocalStrategy Setting
+passport.use(new LocalStrategy(
+  { usernameField: 'account', passwordField: 'password', passReqToCallback: true },
+  async (req, account, password, cb) => {
+    try {
+      const accountError = '帳號不存在！'
+      const passwordError = '帳號或密碼輸入錯誤！'
 
+      const user = await User.findOne({ where: { account } })
 
-module.exports = passport
+      // 帳號或密碼輸入錯誤 暫時的錯誤處理 status code 200
+      if (!user) {
+        // return cb(null, false)
+        return cb(accountError, false)
+      }
+      const isMatch = await bcrypt.compare(password, user.password)
+
+      // 帳號或密碼輸入錯誤 暫時的錯誤處理 status code 200
+      if (!isMatch) {
+        // return cb(null, false)
+        return cb(passwordError, false)
+      }
+      return cb(null, user)
+    } catch (error) {
+      cb(error)
+    }
+  }
+))
+
+// JWTStrategy Setting
+const jwtOptions = {
+  jwtFromRequest: ExtractJWT.fromAuthHeaderAsBearerToken(),
+  secretOrKey: process.env.JWT_SECRET || 'secret'
+}
+
+passport.use(new JWTStrategy(jwtOptions, async (jwtPayload, cb) => {
+  try {
+    const errorMessage = 'unAuthenticated'
+    const user = await User.findByPk(jwtPayload.id
+      , {
+        include: [
+          // join table FollowShip
+          { model: User, as: 'Followers' },
+          { model: User, as: 'Followings' }
+        ]
+      }
+    )
+    if (!user) return cb(errorMessage, false, { message: errorMessage })
+    return cb(null, user)
+  } catch (error) {
+    cb(error)
+  }
+}))
+
+// passport serializeUser & deserializeUser
+passport.serializeUser((user, cb) => cb(null, user.id))
+
+passport.deserializeUser(async (id, cb) => {
+  try {
+    const user = await User.findByPk(id)
+    return cb(null, user.toJSON())
+  } catch (error) {
+    cb(error)
+  }
+})
+
+module.exports = passport

controllers/apis/admin-controller.js

@@ -0,0 +1,98 @@
+const jwt = require('jsonwebtoken')
+const { User, Tweet, Like, Reply } = require('../../models')
+const { getUser } = require('../../_helpers')
+
+const adminController = {
+  adminLogin: async (req, res, next) => {
+    try {
+      const reqUser = getUser(req).toJSON()
+      const token = jwt.sign(reqUser, process.env.JWT_SECRET, { expiresIn: '30d' })
+      const { account } = req.body
+      const user = await User.findOne({
+        where: { account },
+        raw: true
+      })
+
+      // 錯誤處理
+      if (!user || user.role !== 'admin') {
+        const error = new Error('You are not admin')
+        error.status = 404
+        throw error
+      }
+      const userData = user
+      delete userData.password
+      userData.token = token
+      return res.status(200).json(userData)
+    } catch (error) {
+      next(error)
+    }
+  },
+  getUsers: async (req, res, next) => {
+    try {
+      const users = await User.findAll({
+        attributes: ['id', 'name', 'account', 'avatar', 'background'],
+        include: [
+          { model: User, as: 'Followers' },
+          { model: User, as: 'Followings' },
+          { model: Tweet, as: 'UserTweets' }
+        ]
+      })
+
+      const data = users.map(user => {
+        const { Followers, Followings, UserTweets, ...userData } = user.toJSON()
+        let likedCount = 0
+        for (const i of UserTweets) {
+          likedCount += i.likedCount
+        }
+        userData.followerCount = Followers.length
+        userData.followingCount = Followings.length
+        userData.userTweetCount = UserTweets.length
+        userData.likedCount = likedCount
+        return userData
+      })
+      const dataSorted = data.sort((a, b) => b.userTweetCount - a.userTweetCount)
+      return res.status(200).json(dataSorted)
+    } catch (error) {
+      next(error)
+    }
+  },
+  getTweets: async (req, res, next) => {
+    try {
+      const tweets = await Tweet.findAll({
+        include: [{ model: User, as: 'TweetUser', attributes: ['id', 'name', 'account', 'avatar'] }],
+        order: [['createdAt', 'DESC']]
+      })
+
+      // 50字快覽
+      const data = tweets.map(tweet => {
+        const { description, ...rest } = tweet.toJSON()
+        return {
+          ...rest,
+          description: description.length >= 50 ? description.slice(0, 50) : description
+        }
+      })
+
+      return res.status(200).json(data)
+    } catch (error) {
+      next(error)
+    }
+  },
+  deleteTweet: async (req, res, next) => {
+    try {
+      const { id } = req.params
+      const tweet = await Tweet.findByPk(id)
+
+      if (!tweet) throw new Error('The tweet does not exist')
+      await Promise.all([
+        tweet.destroy(),
+        Like.destroy({ where: { TweetId: id } }),
+        Reply.destroy({ where: { TweetId: id } })
+      ])
+      return res.status(200).json({ status: 'success', message: 'The tweet was successfully deleted' })
+    } catch (error) {
+      next(error)
+    }
+  }
+}
+
+module.exports = adminController