diff --git a/client/src/components/RecordMp3.jsx b/client/src/components/RecordMp3.jsx index 9b70753..5ee893e 100644 --- a/client/src/components/RecordMp3.jsx +++ b/client/src/components/RecordMp3.jsx @@ -30,6 +30,7 @@ function RecordMp3() { ) .then((res) => { setUploadedFile(() => { + // Retrieve audio file of user if exists return new File([res.data], 'userAudio.mp3', { type: res.data.type, lastModified: Date.now(), @@ -40,10 +41,12 @@ function RecordMp3() { function togglePlay() { if (audio && !audio.ended) { + // Reset audio and reset if track is playing audio.pause(); audio.currentTime = 0; setAudio(() => null); } else { + // Set audio to file and play const audioFile = new Audio(URL.createObjectURL(uploadedFile)); setAudio(() => audioFile); audioFile.play(); @@ -52,6 +55,7 @@ function RecordMp3() { function record() { if (recording) { + // Stop recording then set uploaded file to mp3 instance setRecording(() => false); recorder .stop() @@ -65,6 +69,7 @@ function RecordMp3() { }); }); } else { + // Start recording setRecording(() => true); recorder.start().catch((e) => { console.error(e); @@ -81,6 +86,7 @@ function RecordMp3() { async function handleSubmit(e) { e.preventDefault(); + // Create form data object and attach file and user token var formData = new FormData(); formData.append('audioFile', uploadedFile, 'userAudio.mp3'); formData.append('token', Cookies.get('token')); diff --git a/server/middleware/basicAuth.js b/server/middleware/basicAuth.js index c1bbe45..adbd43b 100644 --- a/server/middleware/basicAuth.js +++ b/server/middleware/basicAuth.js @@ -5,18 +5,20 @@ async function basicAuth(req, res, next) { const email = req.body.email; const password = req.body.password; + // Make sure that email and password exists with in the form if (!email || !password) { return res.status(400).send('Request lacking information'); } + // Make sure that a user exists with that email const result = await User.findOne({ where: { email: email }, }); - if (!result) { return res.status(400).send('Unauthorized user'); } + // Hash the password and verify that the user hash is identical const hashedPassword = forge.md.sha512 .create() .update(password) diff --git a/server/middleware/checkKnownOrg.js b/server/middleware/checkKnownOrg.js index 8d8e4f7..7d974a7 100644 --- a/server/middleware/checkKnownOrg.js +++ b/server/middleware/checkKnownOrg.js @@ -4,6 +4,7 @@ async function GetOrg(req, res, next) { const user = req.user; const orgID = req.params.orgID || req.query.orgID || req.body.orgID; + // Get all organizations by the provided ID, with a list of members and owner const result = await Organization.findByPk(orgID, { include: [ { @@ -19,10 +20,12 @@ async function GetOrg(req, res, next) { ], }); + // Verify that there is an organization that the specified id. if (!result) { return res.status(500).send('There is no organization with this id.'); } + // Verify that the user who submitted the request exists as an owner or member if (!result.owner && result.member.length == 0) { return res .status(403) diff --git a/server/middleware/checkKnownUser.js b/server/middleware/checkKnownUser.js index 61b8ec6..62fc95f 100644 --- a/server/middleware/checkKnownUser.js +++ b/server/middleware/checkKnownUser.js @@ -4,10 +4,12 @@ async function checkKnownUser(req, res, next) { const user = req.user; const userID = req.params.userID || req.query.userID || req.body.userID; + // Return result immediately if the user is querying themselves if (user.id == userID) { return next(); } + // Find the queried user and the members of their owned organizations and owner/members of their member organizations const result = await User.findByPk(userID, { include: [ { @@ -35,15 +37,18 @@ async function checkKnownUser(req, res, next) { ], }); + // Confirm that a user with that ID exists within the database if (!result) { return res.status(500).send('No user with that ID exists.'); } + // Filter for an organization where the user is a member or an owner const filteredResult = result.memberOrg.filter( (org) => org.member.length != 0 || org.owner ); - if (filteredResult.length == 0 && result.ownedOrg) { + // Error if there is not an organization that includes that user and they are not in an owned organization + if (filteredResult.length == 0 && result.ownedOrg.length == 0) { return res.status(403).send('You do not have contact with this user.'); } diff --git a/server/middleware/parseFormData.js b/server/middleware/parseFormData.js index 4371852..85a983b 100644 --- a/server/middleware/parseFormData.js +++ b/server/middleware/parseFormData.js @@ -1,6 +1,7 @@ const formidable = require('formidable'); function parseFormData(req, res, next) { + // Parse multipart form data into formidable object and set static file save location var form = formidable(); form.uploadDir = `${__dirname}/../public/`; diff --git a/server/middleware/tokenAuth.js b/server/middleware/tokenAuth.js index e662023..bb6e787 100644 --- a/server/middleware/tokenAuth.js +++ b/server/middleware/tokenAuth.js @@ -3,14 +3,17 @@ const { Token } = require('../db/models/index'); async function tokenAuth(req, res, next) { const token = req.query.token || req.body.token; + // Verify that a token exists on the request if (!token) { return res.status(403).send('Unauthorized user'); } + // Find token and make sure that it is not expired const result = await Token.findByPk(token); const date = new Date(); + // Destroy token if it is expired or does not exist if ( !result || (token.expires == true && @@ -20,6 +23,7 @@ async function tokenAuth(req, res, next) { return res.status(511).send('Session expired'); } + // Attach user object to request const user = await result.getUser(); req.user = user; diff --git a/server/routes/auth/CreateUser.js b/server/routes/auth/CreateUser.js index 0b76f40..7c499c9 100644 --- a/server/routes/auth/CreateUser.js +++ b/server/routes/auth/CreateUser.js @@ -4,10 +4,12 @@ const { User, Organization } = require('../../db/models/index'); async function CreateUser(req, res, next) { const body = req.body; + // Verify that the object body contains all SQL required fields if (!body.firstName || !body.lastName || !body.email || !body.password) { return res.status(400).send('The request is missing required fields.'); } + // Make sure that no existing user exists with that email const existingUsers = await User.count({ where: { email: req.body.email, @@ -18,6 +20,7 @@ async function CreateUser(req, res, next) { return res.status(500).send('A user with that email already exists.'); } + // Hash password for storage into database const passwordHash = forge.md.sha512 .create() .update(body.password) @@ -26,9 +29,11 @@ async function CreateUser(req, res, next) { if (body.orgID) { try { + // If there is an orgID attached, retrieve the organization and create user as member const org = await Organization.findByPk(body.orgID); if (!org) { + // Create user regularly if organization is not found const result = await User.create({ ...body, password: passwordHash, @@ -52,6 +57,7 @@ async function CreateUser(req, res, next) { } } else { try { + // Create user regularly if their is not orgID const result = await User.create({ ...body, password: passwordHash, diff --git a/server/routes/auth/GetMemberOrgs.js b/server/routes/auth/GetMemberOrgs.js index 7c3dc72..87dba60 100644 --- a/server/routes/auth/GetMemberOrgs.js +++ b/server/routes/auth/GetMemberOrgs.js @@ -1,4 +1,5 @@ async function GetMemberOrgs(req, res, next) { + // Retrieve all of the organizations the user is a part of const user = req.user; const result = await user.getMemberOrg({ diff --git a/server/routes/auth/GetOwnedOrgs.js b/server/routes/auth/GetOwnedOrgs.js index bceba5d..9d2a810 100644 --- a/server/routes/auth/GetOwnedOrgs.js +++ b/server/routes/auth/GetOwnedOrgs.js @@ -1,4 +1,5 @@ async function GetOwnedOrgs(req, res, next) { + // Retrieve all organizations the user owns const user = req.user; const result = await user.getOwnedOrg({ diff --git a/server/routes/auth/GetUserDetails.js b/server/routes/auth/GetUserDetails.js index cca1788..442e819 100644 --- a/server/routes/auth/GetUserDetails.js +++ b/server/routes/auth/GetUserDetails.js @@ -4,10 +4,12 @@ async function GetUserDetails(req, res, next) { const user = req.user; const userID = req.params.userID; + // Immediately respond if user is querying themselves if (user.id == userID) { return res.send(user); } + // Retrieve user while excluding sensitive information const result = await User.findOne({ where: { id: userID }, attributes: { exclude: ['password', 'createdAt', 'updatedAt'] }, diff --git a/server/routes/auth/Login.js b/server/routes/auth/Login.js index 132cb62..59d4b7c 100644 --- a/server/routes/auth/Login.js +++ b/server/routes/auth/Login.js @@ -4,6 +4,7 @@ async function Login(req, res, next) { const user = req.user; const remember = req.body.remember; + // Create token for user while setting expiry await Token.destroy({ where: { ownerID: user.id } }); const newToken = await user.createToken({ expires: remember, diff --git a/server/routes/auth/RequestReset.js b/server/routes/auth/RequestReset.js index 09ff1d1..45d4a8c 100644 --- a/server/routes/auth/RequestReset.js +++ b/server/routes/auth/RequestReset.js @@ -5,16 +5,19 @@ const { User, ResetRequest } = require('../../db/models/index'); async function RequestReset(req, res, next) { try { + // Make sure that the request contains an email const email = req.query.email; if (!email) { return res.status(400).send('Request missing required fields'); } + // Confirm that a user exists with that email const result = await User.findOne({ where: { email: email } }); if (!result) { return res.status(500).send('Whoops something went wrong'); } + // Create resetRequest instance and send email containing reset information const courier = CourierClient({ authorizationToken: process.env.COURIER_AUTH_TOKEN, }); diff --git a/server/routes/auth/ResetPassword.js b/server/routes/auth/ResetPassword.js index 925eb6d..64f2489 100644 --- a/server/routes/auth/ResetPassword.js +++ b/server/routes/auth/ResetPassword.js @@ -5,18 +5,20 @@ async function ResetPassword(req, res, next) { const reqID = req.params.id; const password = req.body.password; + // Verify that the form contains a new password if (!password) { return res.status(400).send('Form missing required information.'); } + // Confirm that there is a reset request for the user with that ID const result = await ResetRequest.findByPk(reqID); - if (!result) { return res .status(500) .send('A reset request with this ID does not exist'); } + // Hash the submitted password and update model const hashedPassword = forge.md.sha512 .create() .update(password) diff --git a/server/routes/auth/SetAudio.js b/server/routes/auth/SetAudio.js index 073d631..9e5655d 100644 --- a/server/routes/auth/SetAudio.js +++ b/server/routes/auth/SetAudio.js @@ -5,10 +5,12 @@ function SetAudio(req, res, next) { const oldLocation = req.files.audioFile.filepath; + // Set new auto file location to static asset folder const uploadDir = `${__dirname}/../../public/audio`; const fileName = `${user.id}.mp3`; const newLocation = `${uploadDir}/${fileName}`; + // Move file from public to folder fs.rename(oldLocation, newLocation, (err) => { if (err) console.log(err); }); diff --git a/server/routes/auth/UpdateUserDetails.js b/server/routes/auth/UpdateUserDetails.js index 71f1043..0f9e080 100644 --- a/server/routes/auth/UpdateUserDetails.js +++ b/server/routes/auth/UpdateUserDetails.js @@ -4,6 +4,7 @@ const { User } = require('../../db/models/index'); async function UpdateUserDetails(req, res, next) { const { token, ...body } = req.body; + // Verify that the email is not a duplicate, if it exists if (body.email) { const result = await User.findOne({ where: { diff --git a/server/routes/org/AddOrgMember.js b/server/routes/org/AddOrgMember.js index 47f78d2..e33d61d 100644 --- a/server/routes/org/AddOrgMember.js +++ b/server/routes/org/AddOrgMember.js @@ -4,12 +4,13 @@ async function AddOrgMember(req, res, next) { const user = req.user; const orgID = req.params.orgID; + // Verify that an organization exists with the ID provided const result = await Organization.findByPk(orgID); - if (!result) { return res.status(404).send('No organization exists with that id.'); } + // Add the as a member to the found organization await result.addMember(user.id); return res.send('User added to organization.'); diff --git a/server/routes/org/CreateOrg.js b/server/routes/org/CreateOrg.js index f5d9714..13a21fc 100644 --- a/server/routes/org/CreateOrg.js +++ b/server/routes/org/CreateOrg.js @@ -2,10 +2,12 @@ async function CreateOrg(req, res, next) { const user = req.user; const orgName = req.body.orgName; + // Error if the form does not contain an organization name if (!orgName) { return res.status(400).send('Form missing necessary fields'); } + // Verify that no owned organizations have the same name const existing = await user.countOwnedOrg({ where: { name: orgName }, }); diff --git a/server/routes/org/DeleteOrg.js b/server/routes/org/DeleteOrg.js index ffdd112..03c0e56 100644 --- a/server/routes/org/DeleteOrg.js +++ b/server/routes/org/DeleteOrg.js @@ -4,10 +4,12 @@ async function DeleteOrg(req, res, next) { const user = req.user; const orgID = req.query.orgID; + // Error if an organization id was not provided if (!orgID) { return res.status(400).send('Form missing required fields'); } + // Destroy all organizations with that ID await Organization.destroy({ where: { id: orgID, ownerID: user.id }, }); diff --git a/server/routes/org/GetOrg.js b/server/routes/org/GetOrg.js index ac7cad0..07126d1 100644 --- a/server/routes/org/GetOrg.js +++ b/server/routes/org/GetOrg.js @@ -4,6 +4,7 @@ async function GetOrg(req, res, next) { const user = req.user; const orgID = req.params.orgID; + // Retrieve organization, owner, and members const org = await Organization.findByPk(orgID, { attributes: { exclude: ['updatedAt'] }, include: [ @@ -23,6 +24,7 @@ async function GetOrg(req, res, next) { ], }); + // Verify whether user is an owner of the organization const status = org.ownerID == user.id; return res.send({ diff --git a/server/routes/org/RemoveOrgMember.js b/server/routes/org/RemoveOrgMember.js index 84a2d3b..bbe75ac 100644 --- a/server/routes/org/RemoveOrgMember.js +++ b/server/routes/org/RemoveOrgMember.js @@ -5,6 +5,7 @@ async function RemoveOrgMember(req, res, next) { const orgID = req.params.orgID; const doomedUserIDs = req.body.doomedUsers; + // Verify that an organization exists with the id const result = await Organization.findByPk(orgID, { include: { association: 'owner' }, }); @@ -13,6 +14,7 @@ async function RemoveOrgMember(req, res, next) { return res.status(500).send('No organization exists with that id.'); } + // Remove self if doomedUserIDs does not exist, otherwise destroy all users in doomedUserIDs if (!doomedUserIDs) { await result.removeMember(user.id); } else { diff --git a/server/routes/org/UpdateOrgDetails.js b/server/routes/org/UpdateOrgDetails.js index 5c83560..7e8f25f 100644 --- a/server/routes/org/UpdateOrgDetails.js +++ b/server/routes/org/UpdateOrgDetails.js @@ -3,10 +3,12 @@ async function UpdateOrgDetails(req, res, next) { const orgName = req.body.orgName; const orgID = req.body.orgID; + // Verify that an name and id exist on the form if (!orgName || !orgID) { return res.status(400).send('Form missing required information.'); } + // Confirm that an organization exists with that ID const result = await user.getOwnedOrg({ where: { id: orgID } }); if (result.length < 1) { @@ -15,6 +17,7 @@ async function UpdateOrgDetails(req, res, next) { .send('You do not own an organization with that id.'); } + // Update the name fo the organization result[0].update({ name: orgName }); return res.send(result[0]);