Initial Commit

.eslintignore

@@ -0,0 +1 @@
+**/node_modules/**

.eslintrc

@@ -0,0 +1,18 @@
+{
+  "extends": [
+    "kentcdodds",
+    "kentcdodds/jest"
+  ],
+  "rules": {
+    "max-len": [
+      2,
+      80
+    ],
+    "import/newline-after-import": "off",
+    "import/no-unassigned-import": "off",
+    "no-console": "off",
+    "func-names": "off",
+    "complexity": ["error", 8],
+    "babel/new-cap": "off",
+  }
+}

.gitignore

@@ -0,0 +1,9 @@
+.DS_Store
+node_modules
+coverage
+build
+.DS_Store
+.env
+*.log
+npm-debug.log*
+.mongo-db

api/README.md

@@ -0,0 +1,37 @@
+# ![Node/Express/Mongoose Example App](project-logo.png)
+
+> Example Node (Express+Mongoose) codebase that adheres to the [RealWorld](https://github.com/gothinkster/realworld-example-apps) API spec.
+
+This repo is functionality complete but still in beta while we resolve bugs, etc -- PR's and issues welcome!
+
+# Code Overview
+
+## Dependencies
+
+- [expressjs](https://github.com/expressjs/express) - The server for handling and routing HTTP requests
+- [express-jwt](https://github.com/auth0/express-jwt) - Middleware for validating JWTs for authentication
+- [jsonwebtoken](https://github.com/auth0/node-jsonwebtoken) - For generating JWTs used by authentication
+- [mongoose](https://github.com/Automattic/mongoose) - For modeling and mapping MongoDB data to javascript 
+- [mongoose-unique-validator](https://github.com/blakehaswell/mongoose-unique-validator) - For handling unique validation errors in Mongoose. Mongoose only handles validation at the document level, so a unique index across a collection will throw an excpetion at the driver level. The `mongoose-unique-validator` plugin helps us by formatting the error like a normal mongoose `ValidationError`.
+- [passport](https://github.com/jaredhanson/passport) - For handling user authentication
+- [slug](https://github.com/dodo/node-slug) - For encoding titles into a URL-friendly format
+
+## Application Structure
+
+- `app.js` - The entry point to our application. This file defines our express server and connects it to MongoDB using mongoose. It also requires the routes and models we'll be using in the application.
+- `config/` - This folder contains configuration for passport as well as a central location for configuration/environment variables.
+- `routes/` - This folder contains the route definitions for our API. They contain
+- `models/` - This folder contains the schema definitions for our Mongoose models.
+
+## Error Handling
+
+In `routes/api/index.js`, we define a error-handling middleware for handling Mongoose's `ValidationError`. This middleware will respond with a 422 status code and format the response to have [error messages the clients can understand](https://github.com/gothinkster/realworld/blob/master/API.md#errors-and-status-codes)
+
+## Authentication
+
+Requests are authenticated using the `Authorization` header with a valid JWT. We define two express middlewares in `routes/auth.js` that can be used to authenticate requests. The `required` middleware configures the `express-jwt` middleware using our application's secret and will return a 401 status code if the request cannot be authenticated. The payload of the JWT can then be accessed from `req.payload` in the endpoint. The `optional` middleware configures the `express-jwt` in the same way as `required`, but will *not* return a 401 status code if the request cannot be authenticated.
+
+
+<br />
+
+[![Brought to you by Thinkster](https://raw.githubusercontent.com/gothinkster/realworld/master/media/end.png)](https://thinkster.io)

api/app.js

@@ -0,0 +1,91 @@
+const express = require('express')
+const bodyParser = require('body-parser')
+const session = require('express-session')
+const cors = require('cors')
+const errorhandler = require('errorhandler')
+const mongoose = require('mongoose')
+
+const isProduction = process.env.NODE_ENV === 'production'
+
+// Create global app object
+const app = express()
+
+app.use(cors())
+
+// Normal express config defaults
+app.use(require('morgan')('dev'))
+app.use(bodyParser.urlencoded({extended: false}))
+app.use(bodyParser.json())
+
+app.use(require('method-override')())
+app.use(express.static(`${__dirname}/public`))
+
+app.use(
+  session({
+    secret: 'conduit',
+    cookie: {maxAge: 60000},
+    resave: false,
+    saveUninitialized: false,
+  }),
+)
+
+if (!isProduction) {
+  app.use(errorhandler())
+}
+
+if (isProduction) {
+  mongoose.connect(process.env.MONGODB_URI)
+} else {
+  mongoose.connect('mongodb://localhost/conduit')
+  mongoose.set('debug', true)
+}
+
+require('./models/User')
+require('./models/Article')
+require('./models/Comment')
+require('./config/passport')
+
+app.use(require('./routes'))
+
+/// catch 404 and forward to error handler
+app.use((req, res, next) => {
+  const err = new Error('Not Found')
+  err.status = 404
+  next(err)
+})
+
+/// error handlers
+
+// development error handler
+// will print stacktrace
+if (!isProduction) {
+  app.use((err, req, res) => {
+    console.log(err.stack)
+
+    res.status(err.status || 500)
+
+    res.json({
+      errors: {
+        message: err.message,
+        error: err,
+      },
+    })
+  })
+}
+
+// production error handler
+// no stacktraces leaked to user
+app.use((err, req, res) => {
+  res.status(err.status || 500)
+  res.json({
+    errors: {
+      message: err.message,
+      error: {},
+    },
+  })
+})
+
+// finally, let's start our server...
+const server = app.listen(process.env.PORT || 3000, () => {
+  console.log(`Listening on port ${server.address().port}`)
+})

api/config/index.js

@@ -0,0 +1,3 @@
+module.exports = {
+  secret: process.env.NODE_ENV === 'production' ? process.env.SECRET : 'secret',
+}

api/config/passport.js

@@ -0,0 +1,19 @@
+const passport = require('passport')
+const LocalStrategy = require('passport-local').Strategy
+const mongoose = require('mongoose')
+const User = mongoose.model('User')
+
+passport.use(new LocalStrategy({
+  usernameField: 'user[email]',
+  passwordField: 'user[password]',
+}, (email, password, done) => {
+  User.findOne({email})
+    .then(user => {
+      if (!user || !user.validPassword(password)) {
+        return done(null, false, {errors: {'email or password': 'is invalid'}})
+      }
+
+      return done(null, user)
+    })
+    .catch(done)
+}))

api/models/Article.js

@@ -0,0 +1,57 @@
+const mongoose = require('mongoose')
+const uniqueValidator = require('mongoose-unique-validator')
+const slug = require('slug')
+const User = mongoose.model('User')
+
+const ArticleSchema = new mongoose.Schema(
+  {
+    slug: {type: String, lowercase: true, unique: true},
+    title: String,
+    description: String,
+    body: String,
+    favoritesCount: {type: Number, default: 0},
+    comments: [{type: mongoose.Schema.Types.ObjectId, ref: 'Comment'}],
+    tagList: [{type: String}],
+    author: {type: mongoose.Schema.Types.ObjectId, ref: 'User'},
+  },
+  {timestamps: true},
+)
+
+ArticleSchema.plugin(uniqueValidator, {message: 'is already taken'})
+
+ArticleSchema.pre('validate', function(next) {
+  this.slugify() // eslint-disable-line babel/no-invalid-this
+
+  next()
+})
+
+ArticleSchema.methods.slugify = function() {
+  this.slug = slug(this.title)
+}
+
+ArticleSchema.methods.updateFavoriteCount = function() {
+  const article = this
+
+  return User.count({favorites: {$in: [article._id]}}).then(count => {
+    article.favoritesCount = count
+
+    return article.save()
+  })
+}
+
+ArticleSchema.methods.toJSONFor = function(user) {
+  return {
+    slug: this.slug,
+    title: this.title,
+    description: this.description,
+    body: this.body,
+    createdAt: this.createdAt,
+    updatedAt: this.updatedAt,
+    tagList: this.tagList,
+    favorited: user ? user.isFavorite(this._id) : false,
+    favoritesCount: this.favoritesCount,
+    author: this.author.toProfileJSONFor(user),
+  }
+}
+
+mongoose.model('Article', ArticleSchema)

api/models/Comment.js

@@ -0,0 +1,22 @@
+const mongoose = require('mongoose')
+
+const CommentSchema = new mongoose.Schema(
+  {
+    body: String,
+    author: {type: mongoose.Schema.Types.ObjectId, ref: 'User'},
+    article: {type: mongoose.Schema.Types.ObjectId, ref: 'Article'},
+  },
+  {timestamps: true},
+)
+
+// Requires population of author
+CommentSchema.methods.toJSONFor = function(user) {
+  return {
+    id: this._id,
+    body: this.body,
+    createdAt: this.createdAt,
+    author: this.author.toProfileJSONFor(user),
+  }
+}
+
+mongoose.model('Comment', CommentSchema)

api/models/User.js

@@ -0,0 +1,123 @@
+const crypto = require('crypto')
+const mongoose = require('mongoose')
+const uniqueValidator = require('mongoose-unique-validator')
+const jwt = require('jsonwebtoken')
+const secret = require('../config').secret
+
+const UserSchema = new mongoose.Schema(
+  {
+    username: {
+      type: String,
+      lowercase: true,
+      unique: true,
+      required: [true, "can't be blank"],
+      match: [/^[a-zA-Z0-9]+$/, 'is invalid'],
+      index: true,
+    },
+    email: {
+      type: String,
+      lowercase: true,
+      unique: true,
+      required: [true, "can't be blank"],
+      match: [/\S+@\S+\.\S+/, 'is invalid'],
+      index: true,
+    },
+    bio: String,
+    image: String,
+    favorites: [{type: mongoose.Schema.Types.ObjectId, ref: 'Article'}],
+    following: [{type: mongoose.Schema.Types.ObjectId, ref: 'User'}],
+    hash: String,
+    salt: String,
+  },
+  {timestamps: true},
+)
+
+UserSchema.plugin(uniqueValidator, {message: 'is already taken.'})
+
+UserSchema.methods.validPassword = function(password) {
+  const hash = crypto
+    .pbkdf2Sync(password, this.salt, 10000, 512, 'sha512')
+    .toString('hex')
+  return this.hash === hash
+}
+
+UserSchema.methods.setPassword = function(password) {
+  this.salt = crypto.randomBytes(16).toString('hex')
+  this.hash = crypto
+    .pbkdf2Sync(password, this.salt, 10000, 512, 'sha512')
+    .toString('hex')
+}
+
+UserSchema.methods.generateJWT = function() {
+  const today = new Date()
+  const exp = new Date(today)
+  exp.setDate(today.getDate() + 60)
+
+  return jwt.sign(
+    {
+      id: this._id,
+      username: this.username,
+      exp: parseInt(exp.getTime() / 1000, 10),
+    },
+    secret,
+  )
+}
+
+UserSchema.methods.toAuthJSON = function() {
+  return {
+    username: this.username,
+    email: this.email,
+    token: this.generateJWT(),
+  }
+}
+
+UserSchema.methods.toProfileJSONFor = function(user) {
+  return {
+    username: this.username,
+    bio: this.bio,
+    image: (
+      this.image || 'https://static.productionready.io/images/smiley-cyrus.jpg'
+    ),
+    following: user ? user.isFollowing(this._id) : false,
+  }
+}
+
+UserSchema.methods.favorite = function(id) {
+  if (this.favorites.indexOf(id) === -1) {
+    this.favorites.push(id)
+  }
+
+  return this.save()
+}
+
+UserSchema.methods.unfavorite = function(id) {
+  this.favorites.remove(id)
+  return this.save()
+}
+
+UserSchema.methods.isFavorite = function(id) {
+  return this.favorites.some(favoriteId => {
+    return favoriteId.toString() === id.toString()
+  })
+}
+
+UserSchema.methods.follow = function(id) {
+  if (this.favorites.indexOf(id) === -1) {
+    this.following.push(id)
+  }
+
+  return this.save()
+}
+
+UserSchema.methods.unfollow = function(id) {
+  this.following.remove(id)
+  return this.save()
+}
+
+UserSchema.methods.isFollowing = function(id) {
+  return this.following.some(followId => {
+    return followId.toString() === id.toString()
+  })
+}
+
+mongoose.model('User', UserSchema)