3/14

Author: Nisreen Oweidat

src/app.js

@@ -1,31 +1,58 @@
+
+/**
+ * This is the main entry point of the application. 
+ * we call all the required libraries and paths,for working with file and directory paths.
+ */
+
 const express = require("express");
 const path = require("path");
-const cookieParser = require("cookie-parser");
-const logger = require("morgan");
+const cookieParser = require("cookie-parser"); 
+const logger = require("morgan"); 
 const swaggerUi = require("swagger-ui-express");
 const YAML = require("yamljs");
 const swaggerDocument = YAML.load("./docs/swagger.yaml");
 
-
+// import home page route
 const indexRouter = require("./routes/index");
+
+ // import all pokemon routes 
 const pokemonRouter = require("./routes/pokemon");
-const authRouter = require("./routes/auth");
 
+// import all auth routes
+const authRouter = require("./routes/auth");
 
+ //create an express app as an object
 const app = express();
 
-app.use(logger("dev"));
-app.use(express.json());
-app.use(express.urlencoded({ extended: false }));
-app.use(cookieParser());
+//used for logging requests to the console  :  GET /pokemon/type/fire 304 4.684 ms - - 
+app.use(logger("dev")); 
+
+// read data from the body as json
+app.use(express.json()); 
+
+// read data from the body as url
+app.use(express.urlencoded({ extended: false })); 
+
+// middeleware that makes it easier to read and manipulate cookies , to remember information about the user
+app.use(cookieParser()); 
+
+// the static() : middleware function in Express. It serves static files and is based on serve-static like css , images,
 app.use(express.static(path.join(__dirname, "public")));
 
-app.use("/", indexRouter); // localhost:3000 -> home page
-app.use("/auth", authRouter); // localhost:3000/auth/ -> auth page for login and register
-app.use("/pokemon", pokemonRouter);// localhost:3000/pokemon/ -> pokemon page for pokemon with hp / id / name/ type / create/ update/ delete
+// home page.
+app.use("/", indexRouter); 
+
+// auth page for login and register.
+app.use("/auth", authRouter); 
+
+// pokemon page for pokemon with hp / id / name/ type / create/ update/ delete.
+app.use("/pokemon", pokemonRouter);
+
 app.use("/api-docs", swaggerUi.serve, swaggerUi.setup(swaggerDocument));
 
-module.exports = app;
+// export the app object to be used in other files.
+module.exports = app; 
+
 app.listen(3000,console.log("Server running on port 3000"));
 
 

src/controllers/pokemon.js

@@ -1,27 +1,44 @@
+/**
+ * This file is for creating all the functions that are related to pokemon.
+ * it will be called in the routes that are related to pokemon.
+ */
 
+
+// import the pokedex db.
 const pokedex = require("../db/pokedex.json");
 
 
 //=======================get/begin=======================//
 
+/**
+ * this function is for getting all the pokemon that have a specific hp from the query params,
+ * from the db file, after filtering the data.
+ */
 exports.getHp = (req, res) => {
+  // get the query params
     const { gte, lte, gt, lt } = req.query;
 
+    // filter the data from the db
   const filteredPokemons = pokedex.filter(p =>
     (!gte || p.base.HP >= gte) &&
     (!lte || p.base.HP <= lte) &&
     (!gt || p.base.HP > gt) &&
     (!lt || p.base.HP < lt)
   );
 
+  //return the filtered data as json, or an error if there is no data.
   res.json(filteredPokemons.length ? filteredPokemons : { message: "No Pokémon found" });
 
 };
 
-
+/**
+ * retrieves Pokemon from the pokedex db based on a specific type.
+ * by checking if the type is an array or not.
+ * we used -toLowerCase()- function because the data that is saved in db is case sensitive.
+ */
 exports.getType = (req ,res) => {
   const queryType = req.params.type.toLowerCase();
-  
+
   const pokemon = pokedex.filter(p => {
     if (Array.isArray(p.type)) {
       return p.type.some(t => t.toLowerCase() === queryType);
@@ -38,7 +55,10 @@ exports.getType = (req ,res) => {
   return;
 }
 
-
+/**
+ * this function is for getting pokemon by name from the db.
+ * also used -toLowerCase()- function because the data that is saved in db is case sensitive.
+ */
 exports.getName = (req ,res) => {
 
   const queryName = req.params.name.toLowerCase();
@@ -49,6 +69,11 @@ exports.getName = (req ,res) => {
     res.json(pokemon);
 };
 
+
+/**
+ * this function is for getting pokemon by id from the db
+ * used -find()- for specific id.
+ */
 exports.getId = (req, res) => {
 
   const id = req.params.id;
@@ -62,35 +87,66 @@ exports.getId = (req, res) => {
 //=======================get/ends=======================//
 
 
-//delete
-
+/**
+ * this function is for deleting pokemon by id from the db
+ * using splice() function to delete spicific pokemon by id,
+ * here it takes the -index- parameter as -start-.
+ */
 exports.deletePokemon = (req, res) => {
+  
+  // get the id from the url params
   const id = req.params.id;
+
+  // delete the pokemon from the db by its id 
   const index = pokedex.findIndex(p => p.id == id);
+
+  // if id not found return error msg as json
   if (index === -1) {
       return res.status(404).json({ error: "Pokemon not found" });
   }
+
+  // else : delete the pokemon from the db.
   pokedex.splice(index, 1);
   res.json({ message: "Pokemon deleted successfully" });
 };
 
 
-// create 
 
+
+
+/**
+ * this function is for creating new pokemon in the db
+ */
 exports.createPokemon = (req, res) => {
+
+  // get the new pokemon data from the request body
   const newPokemon = req.body;
+
+  // from the authenticateUser middleware, it let us know the user that created this pokemon.
+  const user = req.user; 
+  res.json(user);
+
+  // add the new pokemon to the db
   pokedex.push(newPokemon);
   res.status(201).json(newPokemon); 
+ 
 }
 
 //update
 
+
+/**
+ * this function is for updating pokemon by id from the db
+ */
 exports.updatePokemon = (req, res) => {
+
   const id = req.params.id;
   const index = pokedex.findIndex(p => p.id == id);
   if (index === -1) {
       return res.status(404).json({ error: "Pokemon not found" });
   }
+
+  // takes old pokemon data from the db and updates it with the new data from the request body
   pokedex[index] = { ...pokedex[index], ...req.body };
   res.json(pokedex[index]);
 };    

src/middleware/authMiddleware.js

@@ -1,20 +1,51 @@
 
+/**
+ * This middleware will check if the user is authenticated or not.
+ * if it is authenticated then it will put the user data in req.user
+ * and it will call the next middleware.
+ * if it is not authenticated then it will return error.
+ * 
+ * How the midddleware comunicates with the controller: 
+ * 1- when the request comes to the middleware, the client sent the token in the header,
+ * 2- this auth middleware will check the token and virify it.
+ * 3- if the token is valid then we will call the next() to go to he controller.
+ * 4- then the controller do its job.
+ */
 
+
+//create and check the token.
 const jwt = require("jsonwebtoken");
 
-const SECRET_KEY = "nisreen`s token"; 
+require("dotenv").config();
+const SECRET_KEY = process.env.SECRET_KEY;
 
 
+// export authenticateUser middleware to the controllers
 exports.authenticateUser = (req, res, next) => {
-    const token = req.header("Authorization"); // Get the token from the request header 
+
+    // Get the token from the request header.
+    const token = req.header("Authorization"); 
 
     if (!token) {
         return res.status(403).json({ error: "Access denied" });
     }
 
     try {
-        const decoded = jwt.verify(token.replace("Bearer ", ""), SECRET_KEY); // splite the token from Bearer
-        req.user = decoded; 
+        // split the token and get the payload
+        const decoded = jwt.verify(req.header("Authorization").split(" ")[1], SECRET_KEY);
+       
+       
+        /**
+         * req.user = decoded; ::
+         * 
+         * after we get the decoded payload from the token
+         * we put it in req.user to know the user if it was authenticated or not,
+         * this allows this middleware to sent the user data to the controllers.
+         * (the user that we wanted to make sure he is authenticated).
+         */
+        req.user = decoded;
+      
+        // move to the next controller to do the job we called this middleware for;
         next();
     } catch (err) {
         res.status(401).json({ error: "Invalid token" });

src/routes/auth.js

@@ -1,41 +1,84 @@
-
+/**
+ * in this file we create all the auth routes that are related to login and signup.
+ * and generate token for authenticated users, after they verify for example their email
+ *  after log in for the first time. 
+ */
 
 const express = require("express");
-const jwt = require("jsonwebtoken"); // for generating token
-const bcrypt = require("bcryptjs"); // for encrypting password
 
+// for generating token
+const jwt = require("jsonwebtoken");
+
+// for encrypting password
+const bcrypt = require("bcryptjs"); 
+
+//create seperated paths from app.js
 const router = express.Router();
 
-const users = [];
+// get the secret key from .env
+require("dotenv").config();
 
-const SECRET_KEY = "nisreen`s token";
+// store users data insteade of database.
+const users = []; 
 
-router.post("/signup", async (req, res) => { // create new user
-    const { username, password } = req.body;
+// for security uses we save the secret key in env file.
+const SECRET_KEY = process.env.SECRET_KEY;
 
 
+/**
+ * This function is for creating new user,
+ * it accept username and password from req.body and save it in users array if they are not exist,
+ * ,it encrypt password and return success message if it works, else return error message as json,
+ * dose not create token ,because the main idea of the signup is to create new user. not to login into the system,
+ * so there is no need to create token, until the user login manually later.
+ * because the user should virefy for example its email after creating account before login.
+ */
+router.post("/signup", async (req, res) => {
+    const { username, password } = req.body;
+
+    //look for existing username.
     const existingUser = users.find(user => user.username === username);
     if (existingUser) {
         return res.status(400).json({ error: "Username already exists" });
     }
 
     const hashedPassword = await bcrypt.hash(password, 10);
+
+    //save username, password in users array
     users.push({ username, password: hashedPassword });
 
     res.status(201).json({ message: "User registered successfully" });
 });
 
+//***************************************/
 
-router.post("/login", async (req, res) => { // normal login 
+
+/**
+ * This function is for login user, 
+ * it check if user exists and password is correct,
+ * if it is correct then create token and return it to user.
+ * dose not save token, because it`s signed with secret key,
+ * we decode it-(token) later in middleware ,using the secret key.
+ */
+
+
+router.post("/login", async (req, res) => { 
+
+    //destructuring username and password from req.body
     const { username, password } = req.body;
+
+    //look for existing username in users array in line 15.
     const user = users.find(user => user.username === username);
 
     if (!user || !(await bcrypt.compare(password, user.password))) {
+        // if user not found or password is incorrect
         return res.status(401).json({ error: "username or password is incorrect" });
     }
 
-
+    // if user found and password is correct then create token and sign it whith the secret key.
     const token = jwt.sign({ username }, SECRET_KEY, { expiresIn: "1h" });
+
+    // return token to user as json.
     res.json({ token });
 });