protect rating from unverified users

baijanathTharu · Jan 13, 2021 · 087ed58 · 087ed58
1 parent 3afc266
commit 087ed58
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 3 deletions.
diff --git a/server/.env.example b/server/.env.example
@@ -1,5 +1,6 @@
 PORT=8080
-DB_URL=mongodb://localhost:27017/movie-rating
+DB_URL_LOCAL=mongodb://localhost:27017/movie-rating
+DB_URL_PROD=
 SECRET_KEY=12345
 CLOUDINARY_CLOUD_NAME=
 CLOUDINARY_API_KEY=

diff --git a/server/src/middlewares/checkActive.js b/server/src/middlewares/checkActive.js
@@ -0,0 +1,15 @@
+const UserModel = require('../modules/users/user.model');
+
+module.exports = function (req, res, next) {
+  UserModel.findById(req.userId, function (e, user) {
+    if (e) return next(e);
+    console.log('user: ', user);
+    if (user.status === 'active') {
+      return next();
+    }
+    next({
+      msg: 'Please verify your email to start rating movie!',
+      status: 403,
+    });
+  });
+};
diff --git a/server/src/modules/users/secret/secret.model.js b/server/src/modules/users/secret/secret.model.js
@@ -13,7 +13,7 @@ const SecretModel = new mongoose.Schema({
   createdAt: {
     type: Date,
     default: Date.now(),
-    expires: '120s',
+    expires: '600s',
   },
 });
 

diff --git a/server/src/route/api.route.js b/server/src/route/api.route.js
@@ -7,9 +7,10 @@ const authenticate = require('../middlewares/authenticate');
 const authorize = require('../middlewares/authorize');
 const ratingRoute = require('../modules/movies/rating.route');
 const searchMovies = require('../modules/movies/movie.search');
+const checkActive = require('../middlewares/checkActive');
 
 router.use('/movies', authenticate, authorize, movieRoute);
-router.use('/rate', authenticate, ratingRoute);
+router.use('/rate', authenticate, checkActive, ratingRoute);
 router.use('/users', userRoute);
 router.use('/auth', authRoute);
 router.use('/search/movies', searchMovies);