From 087ed58bfa6431e8a4db8ffc0e1234196147c1d5 Mon Sep 17 00:00:00 2001 From: baijanathTharu Date: Wed, 13 Jan 2021 23:04:45 +0545 Subject: [PATCH] protect rating from unverified users --- server/.env.example | 3 ++- server/src/middlewares/checkActive.js | 15 +++++++++++++++ server/src/modules/users/secret/secret.model.js | 2 +- server/src/route/api.route.js | 3 ++- 4 files changed, 20 insertions(+), 3 deletions(-) create mode 100644 server/src/middlewares/checkActive.js diff --git a/server/.env.example b/server/.env.example index 5350211..4aee663 100644 --- a/server/.env.example +++ b/server/.env.example @@ -1,5 +1,6 @@ PORT=8080 -DB_URL=mongodb://localhost:27017/movie-rating +DB_URL_LOCAL=mongodb://localhost:27017/movie-rating +DB_URL_PROD= SECRET_KEY=12345 CLOUDINARY_CLOUD_NAME= CLOUDINARY_API_KEY= diff --git a/server/src/middlewares/checkActive.js b/server/src/middlewares/checkActive.js new file mode 100644 index 0000000..154005a --- /dev/null +++ b/server/src/middlewares/checkActive.js @@ -0,0 +1,15 @@ +const UserModel = require('../modules/users/user.model'); + +module.exports = function (req, res, next) { + UserModel.findById(req.userId, function (e, user) { + if (e) return next(e); + console.log('user: ', user); + if (user.status === 'active') { + return next(); + } + next({ + msg: 'Please verify your email to start rating movie!', + status: 403, + }); + }); +}; diff --git a/server/src/modules/users/secret/secret.model.js b/server/src/modules/users/secret/secret.model.js index 98b54e3..38dd635 100644 --- a/server/src/modules/users/secret/secret.model.js +++ b/server/src/modules/users/secret/secret.model.js @@ -13,7 +13,7 @@ const SecretModel = new mongoose.Schema({ createdAt: { type: Date, default: Date.now(), - expires: '120s', + expires: '600s', }, }); diff --git a/server/src/route/api.route.js b/server/src/route/api.route.js index 5e2b3a8..b9b5e32 100644 --- a/server/src/route/api.route.js +++ b/server/src/route/api.route.js @@ -7,9 +7,10 @@ const authenticate = require('../middlewares/authenticate'); const authorize = require('../middlewares/authorize'); const ratingRoute = require('../modules/movies/rating.route'); const searchMovies = require('../modules/movies/movie.search'); +const checkActive = require('../middlewares/checkActive'); router.use('/movies', authenticate, authorize, movieRoute); -router.use('/rate', authenticate, ratingRoute); +router.use('/rate', authenticate, checkActive, ratingRoute); router.use('/users', userRoute); router.use('/auth', authRoute); router.use('/search/movies', searchMovies);