Skip to content
Snippets Groups Projects
Commit 766046f2 authored by Amalie Urdshals's avatar Amalie Urdshals
Browse files

Admintilgang backend

parent dcf4c795
No related branches found
No related tags found
No related merge requests found
...@@ -4,29 +4,31 @@ import express from 'express'; ...@@ -4,29 +4,31 @@ import express from 'express';
import IUser from '../../models/user'; import IUser from '../../models/user';
import * as jwt from 'jsonwebtoken'; import * as jwt from 'jsonwebtoken';
import config from '../../config'; import config from '../../config';
import { isNamedExportBindings } from "typescript";
const router = express.Router(); const router = express.Router();
// Post register user `/api/auth/register` // Post register user `/api/auth/register`
router.route('/register').post(async (request: Request, response: Response) => { router.route('/register').post(async (request: Request, response: Response) => {
const {username, email, password, create_time} = request.body; const {username, email, password, isAdmin, create_time} = request.body;
try { try {
// Check valid request data parameters // Check valid request data parameters
const user_data: IUser = { const user_data: IUser = {
"username": username, "username": username,
"email": email, "email": email,
"password": password, "password": password,
"isAdmin": isAdmin || 0,
}; };
if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error"); if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
// Check for user duplicates // Check for user duplicates
const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;" const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
const user = await query(duplicate_input,[user_data.username, user_data.password]); const user = await query(duplicate_input,[user_data.username, user_data.password]);
const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0]; const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
if (retrievedUserObj) { if (retrievedUserObj) {
return response.status(403).send("There exists an user with the same username or emails given!"); return response.status(403).send("There exists an user with the same username or emails given!");
} }
// If there is no duplicates, create new user // If there is no duplicates, create new user
const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`) const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
return response.status(200).json( return response.status(200).json(
await query(input,Object.values(user_data)) await query(input,Object.values(user_data))
); );
...@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => { ...@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
router.route('/login').post(async (request: Request, response: Response) => { router.route('/login').post(async (request: Request, response: Response) => {
const {username, password} = request.body; const {username, password} = request.body;
try { try {
const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;" const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
const user = await query(input,[username, password]); const user = await query(input,[username, password]);
// Check if an user object is retrieved // Check if an user object is retrieved
const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0]; const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
......
...@@ -3,6 +3,7 @@ import query from "../../services/db_query"; ...@@ -3,6 +3,7 @@ import query from "../../services/db_query";
import express from "express"; import express from "express";
import IPost from "../../models/post"; import IPost from "../../models/post";
import Category from "../../models/category"; import Category from "../../models/category";
import authenticateToken from '../../middlewares/auth';
const router = express.Router(); const router = express.Router();
const category = new Category(); const category = new Category();
...@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => { ...@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {
/* ============================= UPDATE ============================= */ /* ============================= UPDATE ============================= */
// Edit post with id `/api/post/:id` // Edit post with id `/api/post/:id`
router.route("/:id").put(async (request: Request, response: Response) => { router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string; const postId: string = request.params.id as string;
const { const {
title, title,
...@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => { ...@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {
/* ============================= DELETE ============================= */ /* ============================= DELETE ============================= */
// Remove post with id `/api/post/:id` // Remove post with id `/api/post/:id`
router.route("/:id").delete(async (request: Request, response: Response) => { router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string; const postId: string = request.params.id as string;
try { try {
response response
...@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => { ...@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
} }
}); });
export default router; export default router;
\ No newline at end of file
...@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth'; ...@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';
const router = express.Router(); const router = express.Router();
/* ============================= CREATE ============================= */ /* ============================= CREATE ============================= */
// Get all users `/api/user/` // Create an user `/api/user/`
router.route('/').post(async (request: Request, response: Response) => { router.route('/').post(async (request: Request, response: Response) => {
const {username, email, password, create_time} = request.body; const {username, email, password, isAdmin, create_time} = request.body; // destructuring
try { try {
const user: IUser = { const user: IUser = {
"username": username, "username": username,
"email": email, "email": email,
"password": password, "password": password,
"isAdmin": isAdmin || 0,
}; };
if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error"); if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`) const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
return response.status(200).json( return response.status(200).json(
await query(input,Object.values(user)) await query(input,Object.values(user))
); );
...@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) => ...@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
}); });
export default router; export default router;
...@@ -5,6 +5,7 @@ interface IUser{ ...@@ -5,6 +5,7 @@ interface IUser{
email: string; email: string;
password: string; password: string;
create_time?: Date; create_time?: Date;
isAdmin: number;
} }
export default IUser; export default IUser;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment