diff --git a/server/src/controllers/authController/index.ts b/server/src/controllers/authController/index.ts
index 0171c6e78e6c3d536268f3380f452cad7f447751..cbc1157304576bc170b13b29590c0235da90f8aa 100644
--- a/server/src/controllers/authController/index.ts
+++ b/server/src/controllers/authController/index.ts
@@ -4,29 +4,31 @@ import express from 'express';
import IUser from '../../models/user';
import * as jwt from 'jsonwebtoken';
import config from '../../config';
+import { isNamedExportBindings } from "typescript";
const router = express.Router();
// Post register user `/api/auth/register`
router.route('/register').post(async (request: Request, response: Response) => {
- const {username, email, password, create_time} = request.body;
+ const {username, email, password, isAdmin, create_time} = request.body;
try {
// Check valid request data parameters
const user_data: IUser = {
"username": username,
"email": email,
"password": password,
+ "isAdmin": isAdmin || 0,
};
if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
// Check for user duplicates
- const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+ const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
const user = await query(duplicate_input,[user_data.username, user_data.password]);
const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
if (retrievedUserObj) {
return response.status(403).send("There exists an user with the same username or emails given!");
}
// If there is no duplicates, create new user
- const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+ const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
return response.status(200).json(
await query(input,Object.values(user_data))
);
@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
router.route('/login').post(async (request: Request, response: Response) => {
const {username, password} = request.body;
try {
- const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+ const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
const user = await query(input,[username, password]);
// Check if an user object is retrieved
const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
diff --git a/server/src/controllers/postController/index.ts b/server/src/controllers/postController/index.ts
index 4cd016268cd7f0f86e314dec0638bc8b14720331..08db044396c767849ff3379fd3cfe554f7b0d8ec 100644
--- a/server/src/controllers/postController/index.ts
+++ b/server/src/controllers/postController/index.ts
@@ -3,6 +3,7 @@ import query from "../../services/db_query";
import express from "express";
import IPost from "../../models/post";
import Category from "../../models/category";
+import authenticateToken from '../../middlewares/auth';
const router = express.Router();
const category = new Category();
@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {
/* ============================= UPDATE ============================= */
// Edit post with id `/api/post/:id`
-router.route("/:id").put(async (request: Request, response: Response) => {
+router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string;
const {
title,
@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {
/* ============================= DELETE ============================= */
// Remove post with id `/api/post/:id`
-router.route("/:id").delete(async (request: Request, response: Response) => {
+router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
const postId: string = request.params.id as string;
try {
response
@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
}
});
-export default router;
+export default router;
\ No newline at end of file
diff --git a/server/src/controllers/userController/index.ts b/server/src/controllers/userController/index.ts
index b0d49b9aeb5de3015d7700119d8fac43654ada7a..a522d2010ca8a48e071438a328077851b22870d2 100644
--- a/server/src/controllers/userController/index.ts
+++ b/server/src/controllers/userController/index.ts
@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';
const router = express.Router();
/* ============================= CREATE ============================= */
-// Get all users `/api/user/`
+// Create an user `/api/user/`
router.route('/').post(async (request: Request, response: Response) => {
- const {username, email, password, create_time} = request.body;
+ const {username, email, password, isAdmin, create_time} = request.body; // destructuring
try {
const user: IUser = {
"username": username,
"email": email,
"password": password,
+ "isAdmin": isAdmin || 0,
};
if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
- const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+ const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
return response.status(200).json(
await query(input,Object.values(user))
);
@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
});
export default router;
-
diff --git a/server/src/models/user.ts b/server/src/models/user.ts
index 1833069dcc78a1462b0d38214fcd633247a4acdc..80fd9651765a635aba14a6ca53bcf90a7392b4e8 100644
--- a/server/src/models/user.ts
+++ b/server/src/models/user.ts
@@ -5,6 +5,7 @@ interface IUser{
email: string;
password: string;
create_time?: Date;
+ isAdmin: number;
}
export default IUser;