From 07a16c7176da798b6240dde648894a465e1c61e7 Mon Sep 17 00:00:00 2001 From: Chandan Upadhyay Date: Thu, 5 Oct 2023 19:30:20 +0530 Subject: [PATCH 1/4] updates --- example.env.txt | 4 +- src/app.js | 187 ++----------------------------- src/config/dbconfig.js | 2 +- src/controller/userController.js | 181 ++++++++++++++++++++++++++++++ src/routes/userRoutes.js | 25 +++++ src/utils/limiter.js | 10 ++ 6 files changed, 231 insertions(+), 178 deletions(-) create mode 100644 src/controller/userController.js create mode 100644 src/routes/userRoutes.js create mode 100644 src/utils/limiter.js diff --git a/example.env.txt b/example.env.txt index 60dc7ce..a69a49f 100644 --- a/example.env.txt +++ b/example.env.txt @@ -1,3 +1,3 @@ -MONGODB_URL = mongodb://localhost:27017/course -SECRET_KEY = YOUR_SECRET_KEY_HERE +MONGODB_URL = "mongodb+srv://kirattechnologies:iRbi4XRDdM7JMMkl@cluster0.e95bnsi.mongodb.net/courses" +SECRET_KEY = "YOUR_SECRET_KEY_HERE" PORT = 3000 \ No newline at end of file diff --git a/src/app.js b/src/app.js index b1ceafd..f7f5e5f 100644 --- a/src/app.js +++ b/src/app.js @@ -7,7 +7,8 @@ const session = require("express-session"); const flash = require("connect-flash"); const morgan = require("morgan"); const bcrypt = require("bcrypt"); // Import bcrypt for password hashing -const rateLimit = require("express-rate-limit"); +const limiter=require("./utils/limiter") + const csrf = require("csurf"); const cookieParser = require("cookie-parser"); const mongoSanitize = require("express-mongo-sanitize"); @@ -26,11 +27,6 @@ const isAuthenticated = require("./middlewares/isAuthenticated"); const app = express(); -const limiter = rateLimit({ - windowMs: 15 * 60 * 1000, // 15 minutes - max: 5, // 5 requests per windowMs - message: "Too many requests from this IP, please try again later.", -}); //Views folder should be accessible from anywhere.. app.set("views", path.join(__dirname, "views")); @@ -44,15 +40,18 @@ const addCSRF = require("./middlewares/addCSRF"); //Regular middleware app.use(cookieParser()); -//app.use(csrf()); -//app.use(addCSRF) + app.use( session({ - secret: process.env.SECRET_KEY, + secret: "secr3tt", //delete resave: false, saveUninitialized: true, }) -); +); + +app.use(csrf()); +app.use(addCSRF) + app.use(flash()); // Initialize Passport and session middleware require("./config/passportConfig"); @@ -62,180 +61,18 @@ app.use(passport.session()); const csrfProtection = csrf({ cookie: true }); app.use(csrfProtection); -app.get("/login", limiter, csrfProtection, (req, res) => { - if (req.isAuthenticated()) { - return res.redirect("/"); - } else { - res.render("login", { - messages: req.flash("error"), - csrfToken: req.csrfToken(), - }); // Pass flash messages to the template - } -}); -app.post("/login", limiter, csrfProtection, (req, res, next) => { - /*console.log(req.body, req.csrfToken()) - if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { - return res.status(403).send("CSRF token validation failed."); - }*/ - passport.authenticate("local", (err, user, info) => { - if (err) { - return next(err); - } - if (!user) { - req.flash("error", "Incorrect username or password."); // Set flash message - return res.redirect("/login"); // Redirect with flash message - } - req.logIn(user, (err) => { - if (err) { - return next(err); - } - return res.redirect("/"); - }); - })(req, res, next); -}); - -app.get("/logout", limiter, (req, res) => { - req.session.destroy(function (err) { - if (err) { - console.error("Error during logout:", err); - } else { - res.redirect("/login"); - } - }); -}); - -app.get("/", isAuthenticated, (req, res) => { - // This route is protected and can only be accessed by authenticated users - res.render("home"); -}); - -app.get("/register", (req, res) => { - if (req.isAuthenticated()) return res.redirect("/"); - console.log(req.csrfToken()); - res.render("register", { - messages: req.flash("error"), - csrfToken: req.csrfToken(), - }); -}); - -app.post("/register", limiter, csrfProtection, async (req, res) => { - /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { - return res.status(403).send("CSRF token validation failed."); - }*/ - const { username, email, password, confirmPassword, fullName } = req.body; - - try { - // Check if the username or email already exists in the database - const existingUser = await User.findOne({ - $or: [{ username: username }, { email: email }], - }); - - if (existingUser) { - req.flash("error", "Username or email already in use."); - return res.redirect("/register"); - } - - // Check if the password and confirmPassword match - if (password !== confirmPassword) { - req.flash("error", "Passwords do not match."); - return res.redirect("/register"); - } - - // Hash the password before saving it - const salt = await bcrypt.genSalt(10); - const hashedPassword = await bcrypt.hash(password, salt); - - // Create a new user document and save it to the database - const newUser = new User({ - username: username, - email: email, - password: hashedPassword, - fullName, - // Additional user profile fields can be added here - }); - - await newUser.save(); - - // Redirect to the login page after successful registration - res.redirect("/login"); - } catch (error) { - console.error("Error during registration:", error); - req.flash("error", "Registration failed. Please try again."); - res.redirect("/register"); - } -}); - -app.get("/profile", isAuthenticated, async (req, res) => { - res.render("profile", { - user: req.user, - messages: req.flash(), - csrfToken: req.csrfToken(), - }); -}); - -app.post( - "/profile", - limiter, - isAuthenticated, - csrfProtection, - async (req, res) => { - /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { - return res.status(403).send("CSRF token validation failed."); - }*/ - const { fullName, avatarUrl, bio, location, website } = req.body; - - try { - // Find the user by their ID (you need to have the user ID stored in the session) - const userId = req.user._id; // Assuming you have a user object in the session - const user = await User.findById(userId); - - if (!user) { - // Handle the case where the user is not found - return res.status(404).send("User not found."); - } - - // Update the user's profile fields - user.fullName = fullName; - user.avatarUrl = avatarUrl; - user.bio = bio; - user.location = location; - user.website = website; - - // Save the updated user profile - await user.save(); - - // Redirect to the user's profile page or any other desired page - return res.redirect("/profile"); - } catch (error) { - console.error("Error updating profile:", error); - // Handle the error, display an error message, or redirect to an error page - return res.status(500).send("Error updating profile."); - } - } -); app.use("/courses", limiter, isAuthenticated, async function (req, res) { const courses = await courseModel.find(); return res.render("course", { courses: courses }); }); -app.post("/search-course", limiter, isAuthenticated, async function (req, res) { - const query = req.body.query; - const regexQuery = { - title: { $regex: query, $options: "i" }, - }; - try { - const searchCourses = await courseModel.findOne(regexQuery); - res.json(searchCourses); - } catch (err) { - console.error(err); - res.json({ message: "An error occurred while searching." }); - } -}); -app.use("/css", express.static("src/css")); +app.use("/css", express.static("src/css")); +const userRoutes=require("./routes/userRoutes") +app.use(userRoutes) // Start the server const PORT = process.env.PORT || 3000; app.listen(PORT, () => { diff --git a/src/config/dbconfig.js b/src/config/dbconfig.js index 6ac912a..237b114 100644 --- a/src/config/dbconfig.js +++ b/src/config/dbconfig.js @@ -1,7 +1,7 @@ const mongoose = require("mongoose"); function dbConfig() { mongoose - .connect(process.env.MONGODB_URL, { + .connect("mongodb+srv://kirattechnologies:iRbi4XRDdM7JMMkl@cluster0.e95bnsi.mongodb.net/courses", { useNewUrlParser: true, useUnifiedTopology: true, }) diff --git a/src/controller/userController.js b/src/controller/userController.js new file mode 100644 index 0000000..baa6c4c --- /dev/null +++ b/src/controller/userController.js @@ -0,0 +1,181 @@ +const passport = require("passport"); +const csrf=require("csurf"); +const addCSRF=require("../middlewares/addCSRF") +const isAuthenticated=require("../middlewares/isAuthenticated") +const User=require("../db/User") +const bcrypt=require("bcrypt") +const courseModel= require("../db/courseDB") +const csrfProtection = csrf({cookie:true}); + + + + + + +exports.loginGet=(req, res) => { + if (req.isAuthenticated()) { + return res.redirect("/"); + } else { + res.render("login", { + messages: req.flash("error"), + csrfToken: req.csrfToken(), + }); // Pass flash messages to the template + } + }; + + exports.loginPost=(req, res, next) => { + /*console.log(req.body, req.csrfToken()) + if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { + return res.status(403).send("CSRF token validation failed."); + }*/ + passport.authenticate("local", (err, user, info) => { + if (err) { + return next(err); + } + if (!user) { + req.flash("error", "Incorrect username or password."); // Set flash message + return res.redirect("/login"); // Redirect with flash message + } + req.logIn(user, (err) => { + if (err) { + return next(err); + } + return res.redirect("/"); + }); + })(req, res, next); + }; + + exports.logout=(req, res) => { + req.session.destroy(function (err) { + if (err) { + console.error("Error during logout:", err); + } else { + res.redirect("/login"); + } + }); + }; + +exports.landingPage= (req, res) => { + // This route is protected and can only be accessed by authenticated users + res.render("home"); + }; + + exports.registerGet= (req, res) => { + if (req.isAuthenticated()) return res.redirect("/"); + console.log(req.csrfToken()); + res.render("register", { + messages: req.flash("error"), + csrfToken: req.csrfToken(), + }); + }; + + + + + exports.registerPost=async (req, res) => { + /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { + return res.status(403).send("CSRF token validation failed."); + }*/ + const { username, email, password, confirmPassword, fullName } = req.body; + + try { + // Check if the username or email already exists in the database + const existingUser = await User.findOne({ + $or: [{ username: username }, { email: email }], + }); + + if (existingUser) { + req.flash("error", "Username or email already in use."); + return res.redirect("/register"); + } + + // Check if the password and confirmPassword match + if (password !== confirmPassword) { + req.flash("error", "Passwords do not match."); + return res.redirect("/register"); + } + + // Hash the password before saving it + const salt = await bcrypt.genSalt(10); + const hashedPassword = await bcrypt.hash(password, salt); + + // Create a new user document and save it to the database + const newUser = new User({ + username: username, + email: email, + password: hashedPassword, + fullName, + // Additional user profile fields can be added here + }); + + await newUser.save(); + + // Redirect to the login page after successful registration + res.redirect("/login"); + } catch (error) { + console.error("Error during registration:", error); + req.flash("error", "Registration failed. Please try again."); + res.redirect("/register"); + } + }; + + +exports.profileGet=async (req, res) => { + res.render("profile", { + user: req.user, + messages: req.flash(), + csrfToken: req.csrfToken(), + }); + }; + + + + exports.profilePost= async (req, res) => { + /*if (!req.body._csrf || req.body._csrf !== req.csrfToken()) { + return res.status(403).send("CSRF token validation failed."); + }*/ + const { fullName, avatarUrl, bio, location, website } = req.body; + + try { + // Find the user by their ID (you need to have the user ID stored in the session) + const userId = req.user._id; // Assuming you have a user object in the session + const user = await User.findById(userId); + + if (!user) { + // Handle the case where the user is not found + return res.status(404).send("User not found."); + } + + // Update the user's profile fields + user.fullName = fullName; + user.avatarUrl = avatarUrl; + user.bio = bio; + user.location = location; + user.website = website; + + // Save the updated user profile + await user.save(); + + // Redirect to the user's profile page or any other desired page + return res.redirect("/profile"); + } catch (error) { + console.error("Error updating profile:", error); + // Handle the error, display an error message, or redirect to an error page + return res.status(500).send("Error updating profile."); + } + }; + + + exports.searchCourse=async function (req, res) { + const query = req.body.query; + const regexQuery = { + title: { $regex: query, $options: "i" }, + }; + try { + const searchCourses = await courseModel.findOne(regexQuery); + res.json(searchCourses); + } catch (err) { + console.error(err); + res.json({ message: "An error occurred while searching." }); + } + }; \ No newline at end of file diff --git a/src/routes/userRoutes.js b/src/routes/userRoutes.js new file mode 100644 index 0000000..b534c3f --- /dev/null +++ b/src/routes/userRoutes.js @@ -0,0 +1,25 @@ +const express=require("express"); +const csrf=require("csurf") + +const csrfProtection=csrf({cookie:true}) +const {loginGet, loginPost, logout, landingPage, registerGet, registerPost, profileGet, profilePost, searchCourse}=require("../controller/userController") +// const { loginGet, loginPost, logout, landingPage, registerGet, registerPost, profileGet, profilePost, searchCourse } = require("../controller/userRoutesController"); +const limiter=require("../utils/limiter") +const isAuthenticated = require("../middlewares/isAuthenticated"); + +const router=express.Router(); + + + +router.route("/login").get(limiter,csrfProtection,loginGet) +router.route("/login").post(csrfProtection,limiter,loginPost) +router.route("/logout").get(limiter,logout) +router.route("/").get(isAuthenticated,landingPage) +router.route("/register").get(registerGet) +router.route("/register").post(limiter,csrfProtection,registerPost) +router.route("/profile").get(isAuthenticated,profileGet) +router.route("/profile").post(limiter,isAuthenticated,csrfProtection,profilePost) +router.route("/search-course").post(limiter,isAuthenticated,searchCourse) + + +module.exports=router; \ No newline at end of file diff --git a/src/utils/limiter.js b/src/utils/limiter.js new file mode 100644 index 0000000..6a636f3 --- /dev/null +++ b/src/utils/limiter.js @@ -0,0 +1,10 @@ +const rateLimit = require("express-rate-limit"); + + +const limiter = rateLimit({ + windowMs: 15 * 60 * 1000, // 15 minutes + max: 5, // 5 requests per windowMs + message: "Too many requests from this IP, please try again later.", + }); + +module.exports=limiter \ No newline at end of file From cf7c4cc197069a71a72da96513d0971697e830c8 Mon Sep 17 00:00:00 2001 From: Chandan Upadhyay Date: Fri, 6 Oct 2023 01:43:10 +0530 Subject: [PATCH 2/4] recent --- package-lock.json | 54 ++++++++++++++++++++++++++++++++------ package.json | 1 + src/app.js | 19 +++++++++----- src/config/dbconfig.js | 5 +++- src/middlewares/addCSRF.js | 5 +++- src/routes/userRoutes.js | 2 +- 6 files changed, 69 insertions(+), 17 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1aced15..dae56f9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,6 +10,7 @@ "license": "ISC", "dependencies": { "bcrypt": "^5.1.1", + "body-parser": "^1.20.2", "connect-flash": "^0.1.1", "cookie-parser": "^1.4.6", "csurf": "^1.11.0", @@ -227,12 +228,12 @@ } }, "node_modules/body-parser": { - "version": "1.20.1", - "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", - "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "version": "1.20.2", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz", + "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==", "dependencies": { "bytes": "3.1.2", - "content-type": "~1.0.4", + "content-type": "~1.0.5", "debug": "2.6.9", "depd": "2.0.0", "destroy": "1.2.0", @@ -240,7 +241,7 @@ "iconv-lite": "0.4.24", "on-finished": "2.4.1", "qs": "6.11.0", - "raw-body": "2.5.1", + "raw-body": "2.5.2", "type-is": "~1.6.18", "unpipe": "1.0.0" }, @@ -700,6 +701,43 @@ "node": ">= 0.6" } }, + "node_modules/express/node_modules/body-parser": { + "version": "1.20.1", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz", + "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==", + "dependencies": { + "bytes": "3.1.2", + "content-type": "~1.0.4", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "on-finished": "2.4.1", + "qs": "6.11.0", + "raw-body": "2.5.1", + "type-is": "~1.6.18", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/express/node_modules/raw-body": { + "version": "2.5.1", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", + "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "dependencies": { + "bytes": "3.1.2", + "http-errors": "2.0.0", + "iconv-lite": "0.4.24", + "unpipe": "1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, "node_modules/filelist": { "version": "1.0.4", "resolved": "https://registry.npmjs.org/filelist/-/filelist-1.0.4.tgz", @@ -1761,9 +1799,9 @@ } }, "node_modules/raw-body": { - "version": "2.5.1", - "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz", - "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==", + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz", + "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==", "dependencies": { "bytes": "3.1.2", "http-errors": "2.0.0", diff --git a/package.json b/package.json index cedbe16..155dcfb 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,7 @@ { "dependencies": { "bcrypt": "^5.1.1", + "body-parser": "^1.20.2", "connect-flash": "^0.1.1", "cookie-parser": "^1.4.6", "csurf": "^1.11.0", diff --git a/src/app.js b/src/app.js index f7f5e5f..7364722 100644 --- a/src/app.js +++ b/src/app.js @@ -1,15 +1,15 @@ const express = require("express"); -const mongoose = require("mongoose"); + const fs = require("fs"); const passport = require("passport"); const LocalStrategy = require("passport-local").Strategy; const session = require("express-session"); const flash = require("connect-flash"); const morgan = require("morgan"); -const bcrypt = require("bcrypt"); // Import bcrypt for password hashing +const bodyparser = require('body-parser') const limiter=require("./utils/limiter") +const addCSRF = require("./middlewares/addCSRF"); -const csrf = require("csurf"); const cookieParser = require("cookie-parser"); const mongoSanitize = require("express-mongo-sanitize"); const dotenv = require("dotenv"); @@ -31,19 +31,23 @@ const app = express(); //Views folder should be accessible from anywhere.. app.set("views", path.join(__dirname, "views")); app.set("view engine", "ejs"); -app.use(express.urlencoded({ extended: true })); + +app.use(bodyparser.urlencoded({extended:true})); +// app.use(app.use(bodyparser.urlencoded({ extended: true })); +app.use(bodyparser.json()); app.use(morgan("dev")); app.use(mongoSanitize()); -const addCSRF = require("./middlewares/addCSRF"); + //Regular middleware app.use(cookieParser()); +const csrf = require("csurf"); app.use( session({ - secret: "secr3tt", //delete + secret: process.env.SECRET_KEY, resave: false, saveUninitialized: true, }) @@ -71,8 +75,11 @@ app.use("/courses", limiter, isAuthenticated, async function (req, res) { app.use("/css", express.static("src/css")); + +// user routes const userRoutes=require("./routes/userRoutes") app.use(userRoutes) + // Start the server const PORT = process.env.PORT || 3000; app.listen(PORT, () => { diff --git a/src/config/dbconfig.js b/src/config/dbconfig.js index 237b114..ebe078f 100644 --- a/src/config/dbconfig.js +++ b/src/config/dbconfig.js @@ -1,7 +1,7 @@ const mongoose = require("mongoose"); function dbConfig() { mongoose - .connect("mongodb+srv://kirattechnologies:iRbi4XRDdM7JMMkl@cluster0.e95bnsi.mongodb.net/courses", { + .connect(process.env.MONGODB_URL, { useNewUrlParser: true, useUnifiedTopology: true, }) @@ -15,3 +15,6 @@ function dbConfig() { }); } module.exports = dbConfig; + + +//Everything diff --git a/src/middlewares/addCSRF.js b/src/middlewares/addCSRF.js index c24c881..b4e6b0d 100644 --- a/src/middlewares/addCSRF.js +++ b/src/middlewares/addCSRF.js @@ -1,6 +1,9 @@ function addCSRF(req, res, next) { - res.locals.csrfToken = req.csrfToken(); + var token = req.csrfToken(); + res.cookie('XSRF-TOKEN', token); + res.locals.csrfToken = token; next(); + } module.exports = addCSRF; \ No newline at end of file diff --git a/src/routes/userRoutes.js b/src/routes/userRoutes.js index b534c3f..585db6f 100644 --- a/src/routes/userRoutes.js +++ b/src/routes/userRoutes.js @@ -1,6 +1,6 @@ const express=require("express"); const csrf=require("csurf") - +const addCSRF = require("../middlewares/addCSRF"); const csrfProtection=csrf({cookie:true}) const {loginGet, loginPost, logout, landingPage, registerGet, registerPost, profileGet, profilePost, searchCourse}=require("../controller/userController") // const { loginGet, loginPost, logout, landingPage, registerGet, registerPost, profileGet, profilePost, searchCourse } = require("../controller/userRoutesController"); From 550282ac7940a6a9986f5a42ed871dc2d22986b0 Mon Sep 17 00:00:00 2001 From: Chandan Upadhyay Date: Fri, 6 Oct 2023 01:53:42 +0530 Subject: [PATCH 3/4] recent --- example.env.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/example.env.txt b/example.env.txt index a69a49f..0f5f071 100644 --- a/example.env.txt +++ b/example.env.txt @@ -1,3 +1,3 @@ -MONGODB_URL = "mongodb+srv://kirattechnologies:iRbi4XRDdM7JMMkl@cluster0.e95bnsi.mongodb.net/courses" -SECRET_KEY = "YOUR_SECRET_KEY_HERE" +MONGODB_URL = mongodb://localhost:27017/course +SECRET_KEY = YOUR_SECRET_KEY_HERE PORT = 3000 \ No newline at end of file From 1ea2bbf0594ababf2f974accddd581d4a02dcab4 Mon Sep 17 00:00:00 2001 From: Chandan Upadhyay Date: Sat, 7 Oct 2023 22:26:14 +0530 Subject: [PATCH 4/4] limiter added --- src/routes/userRoutes.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/routes/userRoutes.js b/src/routes/userRoutes.js index 585db6f..d8acfc8 100644 --- a/src/routes/userRoutes.js +++ b/src/routes/userRoutes.js @@ -14,10 +14,10 @@ const router=express.Router(); router.route("/login").get(limiter,csrfProtection,loginGet) router.route("/login").post(csrfProtection,limiter,loginPost) router.route("/logout").get(limiter,logout) -router.route("/").get(isAuthenticated,landingPage) -router.route("/register").get(registerGet) +router.route("/").get(limiter,isAuthenticated,landingPage) +router.route("/register").get(limiter,registerGet) router.route("/register").post(limiter,csrfProtection,registerPost) -router.route("/profile").get(isAuthenticated,profileGet) +router.route("/profile").get(limiter,isAuthenticated,profileGet) router.route("/profile").post(limiter,isAuthenticated,csrfProtection,profilePost) router.route("/search-course").post(limiter,isAuthenticated,searchCourse)