NodeJS App with waiting for the admin to accept - node.js

I'm trying to create a Full Stack App with the following requirements:
Have users that post photos
Have an admin that gets those photos and accepts/rejects the photo to be published
So, the user should be able to upload a photo, and, if the admin accepts, the photo should be rendered to the user screen. Otherwise, the user should get some kind of alert saying that the uploaded photo was rejected.
Do you guys know some kind of project where it was done so it can guide me? Or any advice on how to do it?

start with a register/login system first where the users will be given different roles ( admin and user). Then create an admin panel for the admin followed by a profile page for the user. Use a database to send the profile pictures to and display the data in the admin panel, where the admin has got the option to either reject or accept the data. if its accepted display the profile pic otherwise delete the data entry and send a message to the user who has uploaded the profile pic.

Related

User management via google login and custom sign-in. How to avoid conflicts when emails are the same?

I'm working on my first MERN fullstack project (an e-commerce demo). I have almost finished the authentication part, but I am having doubts about how to manage the users who have the same registration email both through custom sign-in and google login on the MongoDB database.
While doing various researches, I noticed that one of the methods used is the following:
1- If the email of the user who logs in via google login is already saved in the database as the same user had already registered via traditional sign-up, a new user will not be created in the database, but with both methods of signing -in we will point to the same user already saved with that email.
2- If there are no users saved in the database with that email (as the user logged in for the first time with google login and did not first register traditionally), once the user logged in with google login, it will be saved to the database for the first time.
However, this method presents problems with regard to the second type of users mentioned above.
In fact, if we merge the accounts with the same email on the database, if the user logs in for the first time with google, no password will be saved on the database. Therefore, if the same user decides in the future to log in in the traditional way, he will not be able to do so because he will not be able to fill in the password field.
How to solve this problem?
Usually sites with the "first Google login immediately creates an account" have 2 solutions to this problem:
As part of the "immediately create an account", they directly ask the user to choose a password.
Alternatively, their "Change password" section allows creating a password should there be none yet. Therefore the account is indeed passworld-less at the beginning, but the user can opt to add a password.
For the 2nd solution, there's the small problem that if the user loses access to their Google account and didn't set a password, they're locked out. Rare case which might not be worth looking out for. And perhaps your Customer Service can still help them out.

React PrivateRoute's content is visible to other logged in users

I've created a React App which has the flow as following:
User Logs In Dashboard is opened
A list of books appear (written by the user)
User clicks on manage books
A new window opens which has information of that book. (Private Route)
Now the question is, the Private Route is only accessible if the user is logged in, and this works fine.
But when I try to copy the URL of the Private Route and open it in a new window, by logging in with a second account, the user sees the content of first user.
So my question is, how to restrict access of content to the specific user only?
Please help! A simple logic will help me.
I don't know for sure your app structure and I will assume that :
user2 tries to reach url /bookstore/bookOfUser1
user2 is not logged in, so he is then redirected to url /login with a mechanism storing the url that the user wants to access
user2 logs in, is redirecte to /bookstore/bookOfUser1 and an api call is made to get the book details with a book id (bookOfUser1)
During the step 3, when fetching the data, your backend should check if the user2 has the access rights to read the book details bookOfUser1. If so, your backend should send the details, if not, it should send an error handled by your frontend. Your frontend would then redirect to a fallback url.

How to prevent user change profile id in URL? Vue 3 Nodejs

I have a problem with vue 3 backend and nodejs mongodb. For example i have a user and admin role, admin role can access all menu in dashboard, but user only can edit their profile.
When i login as user and access edit profile menu, for example the url is localhost/profile/121 (121 is my user id), i will get my user data by id. But, user can edit the url id with another id, for example localhost/profile/122, and its not good.
How to prevent that user can only view or update their profile only? When at login page, i store the accesstoken, refreshtoken, id, and role in localStorage. And i see that localStorage can edited.
What is the best way for login in vue 3, nodejs with role model? And is that any way for prevent that user can only edit their data?
Thanks before.
Make sure that you have the id in the access token or the session.
Now every time a url is entered, see if the id is the same of the user, if yes, proceed. But, in case, it does not belong to the user, you can either redirect the user to the valid page or show unauthorized message.

Using Facebook graph api, can and should I cache profile picture?

I am using log in with facebook in my web app. Because of this I will always have the userid of the current user at facebook. I want to use the profile picture in my app, I can do this easily by:
<img src="http://graph.facebook.com/<%- accountId %>/picture?width=200&height=200">
This seems fine if I just display the picture at the current users dashboard, but what if I want other users to see each others pictures? Is it a good idea to always link each users images as above? It will in this case be a bounch of requests to facebook for each view of my app. Or should I download each users profile pic when they register and display it from my database? Am I allowed to do that? In this case, how do I save the picture into my mongoDB database via waterline (sails.js)?

Orchard: Creating a user from the register screen NOT dashboard

Hey Guys…So im using Orchard CMS 1.6 and instead of creating a user/role from the dashboard, I would like the user to register from the home page.
This is done by leaving the ‘username’ and ‘password’ field blank on the home page and clicking ‘Sign In’. They are then navigated to a ‘Log On’ page which displays a ‘Register link’.
This allows the user to enter 4 fields to create an account. ‘Username, Email, Password, and confirm password’. I would like to add additional fields to this form but am having no luck.
I’ve tried to install the profile, Users personal Info, and extended Reg modules.
These add additional fields to creating a user, when the user is created from the dashboard. (Users/ Add new user)…but not to the register screen.
Does anyone have any idea how to add fields to the register screen(access from the home page)?
Thanks for any replies…
tl;dr:
Check out: Extended Registration
Details:
You can accomplish this with combination of the Profile module and the Extended Registration module. By default, the Registration page (Found in Orchard.Users) is hard-coded to display only the four fields you mentioned. Extended Registration takes the Profile part from the Profile module and also displays it on the Registration page.
Build out your registration field to however you want by extending the User content type, though it sounds like you have done this since you have access to these fields via New User in the Admin dashboard.
Note: Extended Registration requires the Profile module.

Resources