From f6744158143a84eb3c14eea5f4b489a99a5dd01f Mon Sep 17 00:00:00 2001
From: "j.mei7" <janis.meister87@gmail.com>
Date: Sat, 26 Mar 2022 15:52:33 +0100
Subject: [PATCH] added documentary

---
 index.js         | 227 ++++++++++++++++++++++++-----------------------
 mysql_handler.js | 154 +++++++++++++++-----------------
 2 files changed, 187 insertions(+), 194 deletions(-)

diff --git a/index.js b/index.js
index 7463685..8660968 100644
--- a/index.js
+++ b/index.js
@@ -1,85 +1,77 @@
-const express = require('express')
-const mysql_handler = require("./mysql_handler")
-const bcrypt = require("bcryptjs")
-const cookieParser = require("cookie-parser")
-const jwt = require("jsonwebtoken")
-const bodyParser = require("body-parser")
-const app = express()
+// Import Packages
+const express = require('express');
+const bcrypt = require("bcryptjs");
+const cookieParser = require("cookie-parser");
+const jwt = require("jsonwebtoken");
+const bodyParser = require("body-parser");
 const uuid = require("uuid");
-const port = 3000
 
-const SECRET_KEY = "KEY"
+// Import Modules
+const mysql_handler = require("./mysql_handler");
 
-app.set("view engine", "ejs")
+// Global Variables
+const app = express();
+const port = 3000;
+const SECRET_KEY = "KEY";
+
+// Express App Setup
+app.set("view engine", "ejs");
 app.use(express.json());
 app.use(express.urlencoded({ extended: true}));
 app.use(cookieParser());
-app.use(bodyParser.json())
+app.use(bodyParser.json());
 app.use(express.static(__dirname + "/static"));
 
-/*
-const authcookie = req.cookies.authcookie;
-
-if(!authcookie){
-    return false;
-}
-
-jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
-    if(err){
-        return false;
-    } else if(data.user){
-        return true;
-    }
-})
-*/
-
+// Authentication Handlers
+// Check if user is authenticated and redirect to login if not
 function authenticatedHandler(req, res, next){
-    const authcookie = req.cookies.authcookie;
+    const authcookie = req.cookies.authcookie; // Get authcookie from cookie
 
-    jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
-        if(err){
-            console.log(err)
-            res.redirect("/login")
-        } else if(data.user){
-            req.user = data.user;
-            mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, function(err, result){
+    jwt.verify(authcookie, SECRET_KEY, (err, data) =>{  // Verify authcookie
+        if(err){ // If authcookie is invalid
+            console.log(err);
+            res.redirect("/login");
+        } else if(data.user){ // If authcookie is valid
+            req.user = data.user; // Set user to data.user
+            mysql_handler.con.query(`SELECT * FROM users WHERE id = "${req.user}"`, (err, result) => { // Get user from database
                 if(err) console.log(err);
-                let user = JSON.parse(JSON.stringify(result))[0];
-                req.isAdmin = user.isAdmin
-                req.username = user.username
-                req.firstname = user.firstname
-                req.lastname = user.lastname
-                next();
+                let user = JSON.parse(JSON.stringify(result))[0]; // Parse user from database
+                // Set user to req.user
+                req.isAdmin = user.isAdmin;
+                req.username = user.username;
+                req.firstname = user.firstname;
+                req.lastname = user.lastname;
+                next(); // Continue to next handler
             });
-
-            
         }
-    })
+    });
 }
 
-function notAuthenticatedHandler(req, res, next){
-    const authcookie = req.cookies.authcookie;
+// Check if user is not authenticated and redirect to home if so
+function notAuthenticatedHandler(req, res, next){ 
+    const authcookie = req.cookies.authcookie; // Get authcookie from cookie
 
-    jwt.verify(authcookie, SECRET_KEY, (err, data) =>{
-        if(err){
-            console.log(err)
-            next(); 
-        } else if(data.user){
-            res.redirect("/")
-                      
+    jwt.verify(authcookie, SECRET_KEY, (err, data) =>{ // Verify authcookie
+        if(err){ // If authcookie is invalid
+            console.log(err);
+            next(); // Continue to next handler
+        } else if(data.user){ // If authcookie is valid
+            res.redirect("/");      
         }
-    })
+    });
 }
 
-app.get("/", authenticatedHandler, (req, res) => {
+// Homepage
+app.get("/", authenticatedHandler, (req, res) => { 
     let dict = {
         title: "Hallo",
         isAdmin: req.isAdmin
     }
 
     res.render('index', dict)
-})
+});
 
+// Product Page
 app.get("/product/:productId", (req, res) => {
     let productId = req.params.productId;
     console.log(productId);
@@ -94,8 +86,9 @@ app.get("/product/:productId", (req, res) => {
         }
         res.render('product', dict)
     });
-})
+});
 
+// Search Page
 app.get("/search", (req, res) => {
     var products = [
         {
@@ -136,18 +129,19 @@ app.get("/search", (req, res) => {
         
         res.render('search', dict)
     });
-})
+});
 
-// Order
+// Order Page
 app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
 
-    let error = ""
-    mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){
+    let error = "";
+    mysql_handler.con.query(`SELECT * FROM products WHERE id=${req.params.productId}`, function(err, result){ // Get product from database
         if(err) throw err;       
-        result = JSON.parse(JSON.stringify(result))[0];
 
-        if(req.params.quantity > result.quantity){
-            error = "Nicht genug Produkte vorhanden"
+        result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
+
+        if(req.params.quantity > result.quantity){ // If quantity is higher than available quantity
+            error = "Nicht genug Produkte vorhanden";
         }
 
         let dict = {
@@ -157,18 +151,21 @@ app.get("/order/:productId/:quantity/", authenticatedHandler, (req, res) => {
             quantity: req.params.quantity
         }
 
-        res.render('order', dict)
+        res.render('order', dict);
     });   
-})
+});
 
+// Order Success Page
 app.get("/order_success/:trackingnumber", authenticatedHandler, (req, res) => {
     let dict = {
         title: "Bestellung erfolgreich",
         trackingnumber: req.params.trackingnumber
     }
 
-    res.render('order_success', dict)
-})
+    res.render('order_success', dict);
+});
+
+// Order POST Request
 app.post("/order", authenticatedHandler, (req, res) => {
     let productId = req.body.productId;
     let quantity = req.body.quantity;
@@ -179,51 +176,56 @@ app.post("/order", authenticatedHandler, (req, res) => {
         result = JSON.parse(JSON.stringify(result))[0];
 
         if(quantity > result.quantity){
-            res.redirect(`/order/${productId}/${quantity}/`)
+            res.redirect(`/order/${productId}/${quantity}/`);
         }else{
-            order_trackingnumber = uuid.v4()
-            mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity)    
+            order_trackingnumber = uuid.v4();
+            mysql_handler.createOrder(userId, order_trackingnumber, 0, productId, quantity) ;   
     
-            res.redirect("/order_success/" + order_trackingnumber)
+            res.redirect("/order_success/" + order_trackingnumber);
         }        
     });
-})
+});
 
 
 // Admin
 app.get("/admin/product/delete/:productId", authenticatedHandler, (req, res) => {
     if(req.isAdmin){
-        productId = req.params.productId
+        productId = req.params.productId;
         mysql_handler.con.query(`DELETE FROM products WHERE id=${productId}`, function(err, result){
             if(err) console.log(err);
         });
     }
-})
+});
 
-// AUTH
+// Authentication
+// Logout
 app.get("/logout/", authenticatedHandler, (req, res) => {
-    res.clearCookie("authcookie")
-    res.redirect("/")
-})
+    res.clearCookie("authcookie"); // Clear cookie
+    res.redirect("/");
+});
 
+// Register Page
 app.get("/register/:error?", notAuthenticatedHandler, (req, res) => {
     let dict = {
         title: "Register",
         error: req.params.error
     }
-    res.render('register', dict)    
-})
+    res.render('register', dict); 
+});
 
+// Login Page
 app.get("/login/:error?", notAuthenticatedHandler, (req, res) => {
     let dict = {
         title: "Login",
         error: req.params.error
     }
 
-    res.render('login', dict)    
-})
+    res.render('login', dict);
+});
 
+// Register POST Request
 app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
+    // Get data from POST request
     let username = req.body.username;
     let email = req.body.email;
     let password1 = req.body.password1;
@@ -237,51 +239,52 @@ app.post("/auth/register", notAuthenticatedHandler,(req, res) =>{
     let cityName = req.body.cityName;
     let country = req.body.country;
 
-    error = ""
+    let error = ""; // Error message
 
-    if(password1 != password2){
+    if(password1 != password2){ // If passwords don't match
         error += "Passwörter sind unterschiedlich!";
-    }else if(password1.length < 8){
-        error += "Passwort muss mindestens 8 Zeichen lang sein!"
+    }else if(password1.length < 8){ // If password is too short
+        error += "Passwort muss mindestens 8 Zeichen lang sein!";
     }
-    if(username.length < 3){
+    if(username.length < 3){ // If username is too short
         error += "<br> Der Benutzername muss mindestens 3 Zeichen lang sein!"; 
-    }else if(username.length > 30){
+    }else if(username.length > 30){ // If username is too long
         error += "<br> Der Benutzername darf maximal 30 Zeichen lang sein!";
     }
 
-    if(error != ""){
-        res.redirect(`/register/${error}`)
+    if(error != ""){ // If there is an error
+        res.redirect(`/register/${error}`); // Redirect to register page with error message
     }else{
-        bcrypt.genSalt(10, function(err, salt) {
-            bcrypt.hash(password1, salt, function(err, hash){
+        bcrypt.genSalt(10, function(err, salt) { // Generate salt
+            bcrypt.hash(password1, salt, function(err, hash){ // Hash password
                 mysql_handler.createUser(username, email, hash, firstname, lastname, gender, street, housenumber, postcode, cityName, country);
-                 
-                res.redirect(`/login/`)             
-            })
-        })
+                res.redirect(`/login/`);        
+            });
+        });
     }
-})
+});
 
+// Login POST Request
 app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
+    // Get data from POST request
     let username = req.body.username;
     let password = req.body.password;
 
-    error = ""
+    error = "" // Error message
        
-    mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){
-        if(err){
+    mysql_handler.con.query(`SELECT * FROM users WHERE username = "${username}"`, function(err, result){ // Get user from database
+        if(err){ // If there is an error
             error = "Login-Daten falsch!"
-        }else{
-            if(JSON.parse(JSON.stringify(result))[0]){
-                user = JSON.parse(JSON.stringify(result))[0]
-                dbPassword = user.password;
+        }else{ // If there is no error
+            result = JSON.parse(JSON.stringify(result))[0]; // Parse result from database
+            if(result){ // If there is a user
+                user = result; // Set user
+                dbPassword = user.password; // Get password from database
                 
-
-                bcrypt.compare(password, dbPassword, function(err, matched){
+                bcrypt.compare(password, dbPassword, function(err, matched){ // Compare password
                     if(err) console.log(err);
-                    if(matched){
-                        // login
+                    if(matched){ // If password matches
+                        // Set cookie
                         const token = jwt.sign({user:user.id}, SECRET_KEY)
                         res.cookie('authcookie', token, {maxAge: 90000000, httpOnly: true})
                         res.redirect(`/`)
@@ -289,18 +292,16 @@ app.post("/auth/login", notAuthenticatedHandler, (req, res) =>{
                         error = "Login-Daten falsch!"
                     }
                 })
-    
-                
             }else{
                 error = "Login-Daten falsch!"
             }
         }
-        if(error != ""){
+        if(error != ""){ // If there is an error
             res.redirect(`/login/${error}`)
         }
     });
 })
 
-app.listen(port, () =>{
+app.listen(port, () =>{ // Start server
     console.log("Listining to " + port)
 })
\ No newline at end of file
diff --git a/mysql_handler.js b/mysql_handler.js
index c940d8c..1063cd6 100644
--- a/mysql_handler.js
+++ b/mysql_handler.js
@@ -1,5 +1,4 @@
-let mysql = require('mysql')
-let connected = false;
+const mysql = require('mysql')
 
 // TODO check here for errors and do not let the db throw an error in order to give the user feedback 
 
@@ -9,114 +8,107 @@ con.query("SELECT * FROM users", function(err, result){
     } 
     console.log(result);
 });
-
 */
-let con = mysql.createConnection({
+
+let con = mysql.createConnection({ // TODO: change to config file
     host: "localhost",
     user: "onlineshop",
-    password: "TestUser321",
+    password: "TestUser321", // TODO: DO NOT STORE PASSWORDS IN THE CODE
     database: "onlineshop"
 });
 
-con.connect(function(err){
+con.connect(function(err){ // Connect to the database
     if(err) throw err;
     console.log("Connected to MySQL!");
-    connected = true
-    //createUser("dertyp", "address@email.com", "password", "Janis", "Meister", "Herr");
-    //createAddress("street", "1", "postcode", "city", "country", 18)
-    //createSeller("TEST", "test")
-    //createProduct("name", 1.2, "description", 2, 2, 1, 1)
-    //createReview("TESt", "Content", 6, 18, 1)
-    //createOrder(18, "tasddadse");
-    //createOrderProduct(1.5, 5, 1, 1)
 })
 
-function isConnected(){
-    if(connected){
-        return true;
-    }else{
-        console.log("not connected to mysql")
+function isConnected(){ 
+    // Check if database is connected
+    if(con.state === 'disconnected'){
         return false;
     }
+    return true;
 }
 
-function sendQuery(sql){
-    if(isConnected){
-        con.query(sql, function(err, result){
-            if(err){
-                console.log(err);
-                return false;
-            } 
-            return result;
-        });
-    }
-}
-
-// CREATES
-function createOrder(userId, trackingnumber, received, productId, quantity){
-    con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, function(err, result){
+// Create Order database structure
+function createOrder(userId, trackingnumber, received, productId, quantity){ // TODO: add date
+     // create order status
+    con.query(`INSERT INTO order_status(received, trackingnumber) VALUES (${received}, '${trackingnumber}')`, (err, result) => {
         if(err) console.log(err);
 
-        con.query(`INSERT INTO orders(userId, order_statusId)
-        VALUES ((SELECT id FROM users WHERE id='${userId}'), (SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
+        // create order
+        con.query(`INSERT INTO orders(userId, order_statusId) VALUES ((SELECT id FROM users WHERE id='${userId}'),
+         (SELECT id FROM order_status WHERE trackingnumber='${trackingnumber}'))`, function(err, result){
             
+            // create order_product
             con.query(`SELECT orders.id FROM orders LEFT JOIN order_status ON orders.order_statusId=order_status.id WHERE order_status.trackingnumber='${order_trackingnumber}'`, function(err, result){
                 if(err) console.log(err);
-                order = JSON.parse(JSON.stringify(result))[0];
+                order = JSON.parse(JSON.stringify(result))[0]; // parse result to json
+                if(order != undefined){  // if order is not undefined
+                    con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => { // get product
+                        if(err) console.log(err);
 
-                con.query(`SELECT * FROM products WHERE id=${productId}`, (err, result) => {
-                    if(err) console.log(err);
-                    product = JSON.parse(JSON.stringify(result))[0];
-                    
-                    con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => {
-                        con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
-                        VALUES ('${product.price}','${quantity}',
-                        (SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
-                            if(err) console.log(err);
-                        })
-                    })
-                })
-            })
-
-        })
-
-    })    
+                        product = JSON.parse(JSON.stringify(result))[0]; // parse result to json
+                        
+                        // update old product quantity
+                        con.query(`UPDATE products SET quantity=quantity-${quantity} WHERE id=${productId}`, (err, result) => { 
+                            // create order_product
+                            con.query(`INSERT INTO order_products(price, quantity, productId, orderId)
+                            VALUES ('${product.price}','${quantity}',
+                            (SELECT id FROM products WHERE id='${product.id}'), (SELECT id FROM orders WHERE id='${order.id}'))`, (err, result) => {
+                                if(err) console.log(err);
+                            });
+                        });
+                    });
+                }
+            });
+        });
+    });    
 }
 
-function createReview(title, content, rating, userID, productId){
-    sendQuery(`INSERT INTO reviews(title, content, rating, userID, productId)
+// Create Review
+function createReview(title, content, rating, userID, productId){ // TODO: add date
+    con.query(`INSERT INTO reviews(title, content, rating, userID, productId)
     VALUES ('${title}','${content}','${rating}',
-    (SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`);
-    
+    (SELECT id FROM users WHERE id='${userID}'), (SELECT id FROM products WHERE id='${productId}'))`, (err, result) => {
+        if(err) console.log(err);
+    });    
 }
 
+// Create Product
 function createProduct(name, price, description, quantity, delivery_time, sellerId, categoryId){
-    sendQuery(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
-     VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
-    (SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`);
+    con.query(`INSERT INTO products(name, price, description, quantity, delivery_time, sellerId, categoryId)
+    VALUES ('${name}',${price},'${description}','${quantity}','${delivery_time}',
+   (SELECT id FROM sellers WHERE id='${sellerId}'), (SELECT id FROM categories WHERE id='${categoryId}'))`, (err, result) => {
+        if(err) console.log(err);
+    });
 }
 
-function createCategory(name){
-    sendQuery(`INSERT INTO categories(name) VALUES ('${name}')`); 
-}
-
-function createSeller(name, description){
-    sendQuery(`INSERT INTO sellers(name, description) VALUES ('${name}', '${description}')`); 
-}
-
-function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){  
-    con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, function(err, result){
+// Create User database structure
+function createUser(username, email, password, firstname, lastname, gender, street, housenumber, postcode, cityName, country){ // TODO: Better error handling if something goes wrong in progress
+    // Create User
+    con.query(`INSERT INTO users(username, email, password) VALUES ('${username}','${email}','${password}')`, (err, result) =>{
         if(err){
             console.log(err);
         }else if(result){
-            sendQuery(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
-            (SELECT id FROM users WHERE username='${username}' AND email='${email}'))`);
-            console.log(`User created: ${username}!`)
-    
-            sendQuery(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`);
-    
-            sendQuery(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
-            (SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`);
+            // Create User Info
+            con.query(`INSERT INTO userinfos(firstname, lastname, gender, userId) VALUES ('${firstname}','${lastname}','${gender}',
+            (SELECT id FROM users WHERE username='${username}' AND email='${email}'))`, (err, result) => {
+                if(err) console.log(err);
+            });
+            
+            // Create City
+            con.query(`INSERT INTO cities(name, postcode) VALUES ('${cityName}', '${postcode}')`, (err, result) => {
+                if(err) console.log(err);
+            });
+            
+            // Create Address
+            con.query(`INSERT INTO addresses(street, housenumber, country, userId, cityId) VALUES ('${street}','${housenumber}','${country}',
+            (SELECT id FROM users WHERE username='${username}'), (SELECT id FROM cities WHERE name='${cityName}' AND postcode='${postcode}'))`, (err, result) => { 
+                if(err) console.log(err);
+            });
+            
+            console.log(`User created: ${username}!`);
         }
     });
 }
@@ -124,6 +116,6 @@ function createUser(username, email, password, firstname, lastname, gender, stre
 
 
 module.exports = {
-    sendQuery, createOrder, createReview,
-    createProduct, createCategory, createSeller, createUser, con
+    createOrder, createReview, isConnected,
+    createProduct, createUser, con
 }