Skip to content
Snippets Groups Projects
Commit 766046f2 authored by Amalie Urdshals's avatar Amalie Urdshals
Browse files

Admintilgang backend

parent dcf4c795
No related tags found
No related merge requests found
......@@ -4,29 +4,31 @@ import express from 'express';
import IUser from '../../models/user';
import * as jwt from 'jsonwebtoken';
import config from '../../config';
import { isNamedExportBindings } from "typescript";
const router = express.Router();
// Post register user `/api/auth/register`
router.route('/register').post(async (request: Request, response: Response) => {
const {username, email, password, create_time} = request.body;
const {username, email, password, isAdmin, create_time} = request.body;
try {
// Check valid request data parameters
const user_data: IUser = {
"username": username,
"email": email,
"password": password,
"isAdmin": isAdmin || 0,
};
if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
// Check for user duplicates
const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
const user = await query(duplicate_input,[user_data.username, user_data.password]);
const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
if (retrievedUserObj) {
return response.status(403).send("There exists an user with the same username or emails given!");
}
// If there is no duplicates, create new user
const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
return response.status(200).json(
await query(input,Object.values(user_data))
);
......@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
router.route('/login').post(async (request: Request, response: Response) => {
const {username, password} = request.body;
try {
const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
const user = await query(input,[username, password]);
// Check if an user object is retrieved
const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
......
......@@ -3,6 +3,7 @@ import query from "../../services/db_query";
import express from "express";
import IPost from "../../models/post";
import Category from "../../models/category";
import authenticateToken from '../../middlewares/auth';
const router = express.Router();
const category = new Category();
......@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {
/* ============================= UPDATE ============================= */
// Edit post with id `/api/post/:id`
router.route("/:id").put(async (request: Request, response: Response) => {
router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string;
const {
title,
......@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {
/* ============================= DELETE ============================= */
// Remove post with id `/api/post/:id`
router.route("/:id").delete(async (request: Request, response: Response) => {
router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string;
try {
response
......@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
}
});
export default router;
export default router;
\ No newline at end of file
......@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';
const router = express.Router();
/* ============================= CREATE ============================= */
// Get all users `/api/user/`
// Create an user `/api/user/`
router.route('/').post(async (request: Request, response: Response) => {
const {username, email, password, create_time} = request.body;
const {username, email, password, isAdmin, create_time} = request.body; // destructuring
try {
const user: IUser = {
"username": username,
"email": email,
"password": password,
"isAdmin": isAdmin || 0,
};
if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
return response.status(200).json(
await query(input,Object.values(user))
);
......@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
});
export default router;
......@@ -5,6 +5,7 @@ interface IUser{
email: string;
password: string;
create_time?: Date;
isAdmin: number;
}
export default IUser;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment