app.js

//jshint esversion:6
// require("dotenv").config(); -> Error on Heroku
const dotenv = require("dotenv").config();
const express = require("express");
const bodyParser = require("body-parser");
const ejs = require("ejs");
const mongoose = require("mongoose");


// Level 5 security: session and cookie
const session = require("express-session");
const passport = require("passport");
const passportLocalMongoose = require("passport-local-mongoose");
const GoogleStrategy = require("passport-google-oauth20").Strategy;
const findOrCreate = require("mongoose-findorcreate");


const app = express();
app.use(express.static("public"));
app.set('view engine', 'ejs');
app.use(bodyParser.urlencoded({extended: true}));

app.use(session({
  secret: "our little secret.",
  resave: false,
  saveUninitialized: false
}));

app.use(passport.initialize());
app.use(passport.session());

// Connect to MongoDB
// const dbUrl = "mongodb+srv://" + process.env.DB_USER + ":" + process.env.DB_PASSWORD  + "@" + process.env.DB_HOST + "/" + process.env.DB_DATABASE;
const dbUrl = "mongodb+srv://" + dotenv.parsed.DB_USER + ":" + dotenv.parsed.DB_PASSWORD  + "@" + dotenv.parsed.DB_HOST + "/" + dotenv.parsed.DB_DATABASE;
mongoose.connect(dbUrl, { useNewUrlParser: true, useUnifiedTopology: true });
//mongoose.connect("mongodb://localhost:27017/wikiDB", { useNewUrlParser: true, useUnifiedTopology: true });


//mongoose.connect("mongodb://localhost:27017/userDB", { useNewUrlParser: true, useUnifiedTopology: true });
mongoose.set("useCreateIndex", true);

const userSchema = new mongoose.Schema({
  email: String,
  password: String,
  googleId: String,
  secret: String
});

// Set a plugin to hash, salt a password and save it to MongoDB
userSchema.plugin(passportLocalMongoose);
userSchema.plugin(findOrCreate);

const User = new mongoose.model("User", userSchema);

// passport/passport-local configuration
passport.use(User.createStrategy()); // Create the local strategy to authenticate users using their username and password
// passport.serializeUser(User.serializeUser()); // Create a cookie and add user's information to the cookie
// passport.deserializeUser(User.deserializeUser()); // Destroy a cookie

passport.serializeUser(function(user, done) {
  done(null, user.id);
});

passport.deserializeUser(function(id, done) {
  User.findById(id, function(err, user) {
    done(err, user);
  });
});

// Add Google OAuth
passport.use(new GoogleStrategy({
    clientID: dotenv.parsed.CLIENT_ID,
    clientSecret: dotenv.parsed.CLIENT_SECRET,
    // callbackURL: "http://localhost:3000/auth/google/secrets",
    callbackURL: dotenv.parsed.CALLBACK_URL,
    userProfileURL: "https://www.googleapis.com/oauth2/v3/userinfo"
  },
  function(accessToken, refreshToken, profile, cb) {
    //console.log(profile);
    User.findOrCreate({ googleId: profile.id }, function (err, user) {
      return cb(err, user);
    });
  }
));


app.get("/", function(req, res){
  res.render("home");
});

app.get("/auth/google",
  passport.authenticate("google", { scope: [ "email", "profile" ] }
));

app.get("/auth/google/secrets",
  passport.authenticate("google", { failureRedirect: '/login' }),
  function(req, res) {
    // Successful authentication, redirect to secrets.
    res.redirect("/secrets");
  });

app.get("/login", function(req, res){
  res.render("login");
});

app.get("/register", function(req, res){
  res.render("register");
});

app.get("/secrets", function(req, res){

  User.find({"secret": {$ne: null}}, function(err, foundUsers) {
    if(err) {
      console.log(err);
    } else {
      if(foundUsers) {
        res.render("secrets", {userWithSecrets: foundUsers});
      }
    }
  });

  // if(req.isAuthenticated()) {
  //   res.render("secrets");
  // } else {
  //   res.render("login");
  // }
});

app.get("/logout", function(req, res){
  req.logout();
  res.redirect("/");
});

app.get("/submit", function(req, res){
  if(req.isAuthenticated()) {
    res.render("submit");
  } else {
    res.redirect("/");
  }
});

app.post("/register", function(req, res){
  // Use passport-local-mongoose as a middleware
  // to replace creating new user, saving and interacting with Mongoose directly
  User.register({username: req.body.username},     req.body.password, function(err, user){
    if(err) {
      console.log(err);
      res.redirect("/register");
    } else {
      // authenticate type: local
      passport.authenticate("local")(req, res, function() {
        res.redirect("/secrets");
      });
    }
  });
});


app.post("/login", function(req, res){
  const user = new User({
    username: req.body.username,
    password: req.body.password
  });

    req.login(user, function(err){
      if (err) {
        console.log(err);
      } else {
        passport.authenticate("local")( req, res, function() {
          res.redirect("/secrets");
        });
      }
    });
});


app.post("/submit", function(req, res){
  const submittedSecret = req.body.secret;
  User.findById(req.user.id, function(err, foundUser){
    if(err) {
      console.log(err);
    } else {
      if(foundUser) {
        foundUser.secret = submittedSecret;
        foundUser.save(function() {
          res.redirect("/secrets");
        });
      }
    }
  });
});

app.listen(process.env.PORT || 3000, function(){
  console.log("Server started");
});