Admintilgang backend

766046f2 · Amalie Urdshals · dcf4c795 · 766046f2 · 766046f2 · 766046f2
Commit 766046f2 authored 4 years ago by Amalie Urdshals
--- a/server/src/controllers/authController/index.ts
+++ b/server/src/controllers/authController/index.ts
@@ -4,29 +4,31 @@ import express from 'express';
 import IUser from '../../models/user';
 import * as jwt from 'jsonwebtoken';
 import config from '../../config';
+import { isNamedExportBindings } from "typescript";

 const router = express.Router();

 // Post register user `/api/auth/register`
 router.route('/register').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body;
 	try {
        // Check valid request data parameters
 		const user_data: IUser = {
 			"username": username,
 			"email": email,
            "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
        // Check for user duplicates
-        const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+        const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
        const user = await query(duplicate_input,[user_data.username, user_data.password]);
        const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
 		if (retrievedUserObj) {
            return response.status(403).send("There exists an user with the same username or emails given!");
        }
        // If there is no duplicates, create new user
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
 		return response.status(200).json(
 			await query(input,Object.values(user_data))
 		);
@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
 router.route('/login').post(async (request: Request, response: Response) => {
 	const {username, password} = request.body;
 	try {
-		const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+		const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
 		const user = await query(input,[username, password]);
 		// Check if an user object is retrieved
 		const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];

--- a/server/src/controllers/postController/index.ts
+++ b/server/src/controllers/postController/index.ts
@@ -3,6 +3,7 @@ import query from "../../services/db_query";
 import express from "express";
 import IPost from "../../models/post";
 import Category from "../../models/category";
+import authenticateToken from '../../middlewares/auth';

 const router = express.Router();
 const category = new Category();
@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {

 /* ============================= UPDATE ============================= */
 // Edit post with id `/api/post/:id`
-router.route("/:id").put(async (request: Request, response: Response) => {
+router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
  const postId: string = request.params.id as string;
  const {
    title,
@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {

 /* ============================= DELETE ============================= */
 // Remove post with id `/api/post/:id`
-router.route("/:id").delete(async (request: Request, response: Response) => {
+router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
  const postId: string = request.params.id as string;
  try {
    response
@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
  }
 });

-export default router;
+export default router;
\ No newline at end of file
--- a/server/src/controllers/userController/index.ts
+++ b/server/src/controllers/userController/index.ts
@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';

 const router = express.Router();
 /* ============================= CREATE ============================= */
-// Get all users `/api/user/`
+// Create an user `/api/user/`
 router.route('/').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body; // destructuring
 	try {
 		const user: IUser = {
 			"username": username,
 			"email": email,
            "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
 		return response.status(200).json(
 			await query(input,Object.values(user))
 		);
@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
 });

 export default router;
-
--- a/server/src/models/user.ts
+++ b/server/src/models/user.ts
@@ -5,6 +5,7 @@ interface IUser{
    email: string;
    password: string;
    create_time?: Date;
+    isAdmin: number;
 }

 export default IUser;