codeuino
diff --git a/‎.env.dev
+8-2 b/‎.env.dev
+8-2
diff --git a/‎app.js
+25-1 b/‎app.js
+25-1
diff --git a/‎app/controllers/activity.js
+32 b/‎app/controllers/activity.js
+32
diff --git a/‎app/controllers/auth.js
+6-2 b/‎app/controllers/auth.js
+6-2
diff --git a/‎app/controllers/comment.js
+6-2 b/‎app/controllers/comment.js
+6-2
diff --git a/‎app/controllers/event.js
+10-1 b/‎app/controllers/event.js
+10-1
diff --git a/‎app/controllers/organization.js
+7 b/‎app/controllers/organization.js
+7
diff --git a/‎app/controllers/post.js
+3 b/‎app/controllers/post.js
+3
diff --git a/‎app/controllers/project.js
+4 b/‎app/controllers/project.js
+4
@@ -1,7 +1,13 @@
 PORT=5000
 NODE_ENV="development"
 JWT_SECRET="thisismysupersecrettokenjustkidding"
-DATABASE_URL"mongodb://mongo:27017/donut-development"
+DATABASE_URL="mongodb://mongo:27017/donut-development"
 SENDGRID_API_KEY='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'
 SOCKET_PORT=8810
-clientbaseurl = "http://localhost:3000/"
+clientbaseurl = "http://localhost:3000"
+SOCKET_PORT=8810
+REDIS_HOST="redis"
+REDIS_PORT=6379
+REDIS_PASSWORD="auth"
+REDIS_DB=0
+REDIS_ACTIVITY_DB=1
@@ -8,7 +8,11 @@ const socket = require('socket.io')
 const multer = require('multer')
 const bodyParser = require('body-parser')
 const cors = require('cors')
+const helmet = require('helmet')
+const hpp = require('hpp')
 var winston = require('./config/winston')
+const rateLimiter = require('./app/middleware/rateLimiter')
+const sanitizer = require('./app/middleware/sanitise')
 const fileConstants = require('./config/fileHandlingConstants')
 
 const indexRouter = require('./app/routes/index')
@@ -23,13 +27,15 @@ const projectRouter = require('./app/routes/project')
 const notificationRouter = require('./app/routes/notification')
 const proposalRouter = require('./app/routes/proposal')
 const analyticsRouter = require('./app/routes/analytics')
+const activityRouter = require('./app/routes/activity')
 
 const app = express()
 const server = require('http').Server(app)
 
 app.use(cors())
 
 app.use(bodyParser.json({ limit: '200mb' }))
+app.use(cookieParser())
 app.use(bodyParser.urlencoded(fileConstants.fileParameters))
 
 const memoryStorage = multer.memoryStorage()
@@ -71,6 +77,23 @@ app.use((req, res, next) => {
   next()
 })
 
+// TO PREVENT DOS ATTACK AND RATE LIMITER
+app.use(rateLimiter.customRateLimiter)
+
+// TO PREVENT XSS ATTACK
+app.use(sanitizer.cleanBody)
+app.use(helmet())
+
+// TO PREVENT CLICK JACKING
+app.use((req, res, next) => {
+  res.append('X-Frame-Options', 'Deny')
+  res.set('Content-Security-Policy', "frame-ancestors 'none';")
+  next()
+})
+
+// TO PREVENT THE QUERY PARAMETER POLLUTION
+app.use(hpp())
+
 app.use('/notification', notificationRouter)
 app.use('/', indexRouter)
 app.use('/auth', authRouter)
@@ -83,6 +106,7 @@ app.use('/comment', commentRouter)
 app.use('/project', projectRouter)
 app.use('/proposal', proposalRouter)
 app.use('/analytics', analyticsRouter)
+app.use('/activity', activityRouter)
 
 // catch 404 and forward to error handler
 app.use(function (req, res, next) {
@@ -102,7 +126,7 @@ app.use(function (err, req, res, next) {
 
   // render the error page
   res.status(err.status || 500)
-  res.render('error')
+  res.render('error', { csrfToken: req.csrfToken() })
 
   // Socket event error handler (On max event)
   req.io.on('error', function (err) {
 
@@ -0,0 +1,32 @@
+const User = require('../models/User')
+const Activity = require('../models/Activity')
+
+const HttpStatus = require('http-status-codes')
+module.exports = {
+
+  getActivity: async (req, res, next) => {
+    // userID whose activity will be fetched by admin
+    const { id } = req.params
+
+    try {
+      // Check if user exists
+      const user = await User.findById(req.user._id)
+      if (!user) {
+        return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'No such user exists!' })
+      }
+
+      // check if not admin
+      if (user.isAdmin !== true) {
+        return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'You don\'t have permission!' })
+      }
+
+      const data = await Activity.findOne({ userId: id })
+      return res.status(HttpStatus.OK).json({ activity: data.activity })
+    } catch (error) {
+      if (process.env.NODE_ENV !== 'production') {
+        console.log(error.name, '-', error.message)
+      }
+      return res.status(HttpStatus.BAD_REQUEST).json({ error: error.message })
+    }
+  }
+}
@@ -1,9 +1,11 @@
 const User = require('../models/User')
 const HttpStatus = require('http-status-codes')
+const activityHelper = require('../utils/activity-helper')
+
 module.exports = {
   authenticateUser: async (req, res, next) => {
-    const email = req.body.email
-    const password = req.body.password
+    const email = escape(req.body.email)
+    const password = escape(req.body.password)
     try {
       const user = await User.findByCredentials(email, password)
       const token = await user.generateAuthToken()
@@ -13,9 +15,11 @@ module.exports = {
     }
   },
   logout: (req, res, next) => {
+    activityHelper.addActivityToDb(req, res)
     res.status(HttpStatus.OK).json({ success: 'ok' })
   },
   logoutAll: (req, res, next) => {
+    activityHelper.addActivityToDb(req, res)
     res.status(HttpStatus.OK).json({ success: 'ok' })
   }
 }
@@ -3,6 +3,8 @@ const HttpStatus = require('http-status-codes')
 const CommentModel = require('../models/Comment')
 const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
+const activityTracker = require('../utils/activity-helper')
+const collectionTypes = require('../utils/collections')
 
 module.exports = {
   // CREATE COMMENT (ISSUE IN CREATE COMMENT )
@@ -14,7 +16,8 @@ module.exports = {
       comment.userId = userId
       comment.postId = id // added postId
       await comment.save()
-      res.status(HttpStatus.CREATED).json({ comment: comment })
+      activityTracker.addToRedis(req, res, next, collectionTypes.COMMENT, comment._id)
+      return res.status(HttpStatus.CREATED).json({ comment: comment })
     } catch (error) {
       HANDLER.handleError(res, error)
     }
@@ -63,7 +66,8 @@ module.exports = {
         comment[update] = req.body[update]
       })
       await comment.save()
-      res.status(HttpStatus.OK).json({ comment: comment })
+      activityTracker.addToRedis(req, res, next, collectionTypes.COMMENT, comment._id)
+      return res.status(HttpStatus.OK).json({ comment: comment })
     } catch (error) {
       HANDLER.handleError(res, error)
     }
 
@@ -5,6 +5,9 @@ const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
 const notificationHelper = require('../utils/notif-helper')
 const settingsHelper = require('../utils/settingHelpers')
+const activityTracker = require('../utils/activity-helper')
+const collectionTypes = require('../utils/collections')
+
 const notification = {
   heading: '',
   content: '',
@@ -22,6 +25,7 @@ module.exports = {
       notification.content = `${event.eventName} is added!`
       notification.tag = 'New!'
       notificationHelper.addToNotificationForAll(req, res, notification, next)
+      activityTracker.addToRedis(req, res, next, collectionTypes.EVENT, event._id)
       res.status(HttpStatus.CREATED).json({ event: event })
     } catch (error) {
       res.status(HttpStatus.BAD_REQUEST).json({ error: error })
@@ -53,6 +57,7 @@ module.exports = {
       notification.content = `${event.eventName} is updated!`
       notification.tag = 'Update'
       notificationHelper.addToNotificationForAll(req, res, notification, next)
+      activityTracker.addToRedis(req, res, next, collectionTypes.EVENT, event._id)
       res.status(HttpStatus.OK).json({ event: event })
     } catch (error) {
       HANDLER.handleError(res, error)
@@ -163,7 +168,11 @@ module.exports = {
         notification.content = `Event ${deleteEvent.eventName} is deleted!`
         notification.tag = 'Deleted'
         notificationHelper.addToNotificationForAll(req, res, notification, next)
-        return res.status(HttpStatus.OK).json({ deleteEvent: deleteEvent, message: 'Deleted the event' })
+        activityTracker.addToRedis(req, res, next, collectionTypes.EVENT, deleteEvent._id)
+        return res.status(HttpStatus.OK).json({
+          deleteEvent: deleteEvent,
+          message: 'Deleted the event'
+        })
       }
       return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'Not permitted!' })
     } catch (error) {
 
@@ -10,6 +10,9 @@ const Event = require('../models/Event')
 const permission = require('../utils/permission')
 const TAGS = require('../utils/notificationTags')
 const Organisation = require('../models/Organisation')
+const activityTracker = require('../utils/activity-helper')
+const collectionTypes = require('../utils/collections')
+
 const notification = {
   heading: '',
   content: '',
@@ -29,6 +32,7 @@ module.exports = {
       notification.content = `${orgData.name} is created!`
       notification.tag = TAGS.NEW
       notificationHelper.addToNotificationForAll(req, res, notification, next)
+      activityTracker.addToRedis(req, res, next, collectionTypes.ORG, org._id)
       return res.status(HttpStatus.CREATED).json({ orgData })
     } catch (error) {
       HANDLER.handleError(res, error)
@@ -71,6 +75,7 @@ module.exports = {
         helper.mapToDb(req, org)
       }
       await org.save()
+      activityTracker.addToRedis(req, res, next, collectionTypes.ORG, org._id)
       return res.status(HttpStatus.OK).json({ organization: org })
     } catch (error) {
       HANDLER.handleError(res, error)
@@ -127,6 +132,7 @@ module.exports = {
       notification.content = `${org.name} is deleted!`
       notification.tag = TAGS.DELETE
       notificationHelper.addToNotificationForAll(req, res, notification, next)
+      activityTracker.addToRedis(req, res, next, collectionTypes.ORG, org._id)
       return res.status(HttpStatus.OK).json({ organization: org })
     } catch (error) {
       HANDLER.handleError(res, error)
@@ -228,6 +234,7 @@ module.exports = {
           .status(HttpStatus.BAD_REQUEST)
           .json({ msg: 'Invalid update' })
       }
+      activityTracker.addToRedis(req, res, next, collectionTypes.ORG, organization._id)
       // else not admin
       return res
         .status(HttpStatus.BAD_REQUEST)
 
@@ -6,6 +6,8 @@ const imgUploadHelper = require('../utils/uploader')
 const permission = require('../utils/permission')
 const helper = require('../utils/paginate')
 const settingsHelper = require('../utils/settingHelpers')
+const activityTracker = require('../utils/activity-helper')
+const collectionTypes = require('../utils/collections')
 
 module.exports = {
   // CREATE POST
@@ -19,6 +21,7 @@ module.exports = {
     try {
       await post.save()
       // req.io.emit('new post created', { data: post.content })
+      activityTracker.addToRedis(req, res, next, collectionTypes.POST, post._id)
       return res.status(HttpStatus.CREATED).json({ post })
     } catch (error) {
       HANDLER.handleError(res, error)
 
@@ -4,13 +4,16 @@ const HttpStatus = require('http-status-codes')
 const helper = require('../utils/paginate')
 const permission = require('../utils/permission')
 const settingsHelper = require('../utils/settingHelpers')
+const activityTracker = require('../utils/activity-helper')
+const collectionTypes = require('../utils/collections')
 
 module.exports = {
   createProject: async (req, res, next) => {
     try {
       const project = await new Project(req.body)
       project.createdBy = req.user._id
       await project.save()
+      activityTracker.addToRedis(req, res, next, collectionTypes.PROJECT, project._id)
       return res.status(HttpStatus.CREATED).json({ project })
     } catch (error) {
       HANDLER.handleError(res, error)
@@ -98,6 +101,7 @@ module.exports = {
         await Project.findByIdAndRemove(id)
         return res.status(HttpStatus.OK).json({ msg: 'Project deleted!' })
       }
+      activityTracker.addToRedis(req, res, next, collectionTypes.PROJECT, project._id)
       return res.status(HttpStatus.BAD_REQUEST).json({ msg: 'Not permitted!' })
     } catch (error) {
       HANDLER.handleError(res, error)