index.js

const express = require("express")
const session = require("express-session")
const flash = require("connect-flash")
const cookie_parser = require("cookie-parser")
const UserRepository = require("./database/UserRepository")
const TeamRepository = require("./database/TeamRepository")
const ChallengeRepository = require("./database/ChallengeRepository")
const {generateCSRF,setCSRFLocals,verifyCSRF} = require("./middlewares/csrf.middleware")
const { show_admin_panel, add_challenge, delete_challenge, edit_challenge, update_challenge, requireAdmin } = require("./middlewares/admin.middleware")
const {login,signup} = require("./middlewares/auth.middleware")
const rateLimit = require("./middlewares/rateLimit.middleware")


require("dotenv").config()
app = express()
app.use(express.urlencoded({extended:true}))
app.use(express.json())
app.use(cookie_parser())
app.use(session({
    secret : process.env.SESSION_SECRET ||"session_secret",
    saveUninitialized : false,
    cookie : {
        httponly:  true,
        sameSite : "lax",
        securet : true
    },
    resave : false
}))
app.use(flash())
app.set("view engine","ejs")
app.set("views","templates")
UserRepository.initialize();
TeamRepository.initialize();
ChallengeRepository.initialize();


app.get("/",(req,res)=>{
    res.render("index.ejs",
    {
        error : req.flash("error"),
        success : req.flash("success"),
        user : req.session.username,
        role : req.session.role
    })
})

app.get("/login",generateCSRF,setCSRFLocals,(req,res)=>{
    res.render("login.ejs",{
        csrf : res.locals.csrfToken,
        error : req.flash("error"),
        success : req.flash("success")
    })
})

app.post("/login",verifyCSRF,rateLimit,login)

app.get("/signup",generateCSRF,setCSRFLocals,(req,res)=>{
    res.render("register.ejs",{
        csrf : res.locals.csrfToken,
        error : req.flash("error"),
        success : req.flash("success")
    })
})

app.post("/signup",verifyCSRF,rateLimit,signup)

app.get("/profile",(req,res)=>{
    if (!req.session.username){
        req.flash("error","You must be logged in to view your profile")
        return res.redirect("/login")
    }
    res.render("profile.ejs",{
        user : req.session.username,
        team : req.session.team_name,
        score : req.session.score,
        role : req.session.role
    })
})


app.get("/logout",generateCSRF,setCSRFLocals,(req,res)=>{
    res.render("logout.ejs",{
        csrf : res.locals.csrfToken,
        user : req.session.username
    })
})



app.post("/logout",verifyCSRF,(req,res)=>{
    req.flash("success",`Logged out successfully from ${req.session.username}`)
    req.session.destroy();
    res.redirect("/")
})



app.get("/delete_account",generateCSRF,setCSRFLocals,(req,res)=>{
    if (!req.session.username){
        req.flash("error","You must be logged in to delete your account")
        return res.redirect("/login")
    }
    res.render("delete_account.ejs",{
        csrf : res.locals.csrfToken,
        user : req.session.username
    })
})

app.post("/delete_account",verifyCSRF,(req,res)=>{
    if (!req.session.username){
        req.flash("error","You must be logged in to delete your account")
        return res.redirect("/login")
    }
    UserRepository.deleteUser(req.session.username)
    req.flash("success",`Account ${req.session.username} deleted successfully`)
    req.session.destroy();
    res.redirect("/")
})

app.get("/admin_panel",requireAdmin,generateCSRF,setCSRFLocals,show_admin_panel)




app.post('/admin/add-challenge', requireAdmin, verifyCSRF, add_challenge);

app.post('/admin/delete-challenge', requireAdmin, verifyCSRF, delete_challenge);
    

app.get('/admin/edit-challenge/:id', requireAdmin, generateCSRF, edit_challenge);


app.post('/admin/update-challenge', requireAdmin, verifyCSRF, update_challenge);
     





app.listen(3000,()=>{
    console.log("Server is running on port 3000")
}
)