From 766046f2ee86c30c6f976cd2eeb1224b9c86dcc7 Mon Sep 17 00:00:00 2001 From: amalieur <amalieur@stud.ntnu.no> Date: Thu, 11 Mar 2021 13:50:39 +0100 Subject: [PATCH] Admintilgang backend --- server/src/controllers/authController/index.ts | 10 ++++++---- server/src/controllers/postController/index.ts | 7 ++++--- server/src/controllers/userController/index.ts | 8 ++++---- server/src/models/user.ts | 1 + 4 files changed, 15 insertions(+), 11 deletions(-) diff --git a/server/src/controllers/authController/index.ts b/server/src/controllers/authController/index.ts index 0171c6e..cbc1157 100644 --- a/server/src/controllers/authController/index.ts +++ b/server/src/controllers/authController/index.ts @@ -4,29 +4,31 @@ import express from 'express'; import IUser from '../../models/user'; import * as jwt from 'jsonwebtoken'; import config from '../../config'; +import { isNamedExportBindings } from "typescript"; const router = express.Router(); // Post register user `/api/auth/register` router.route('/register').post(async (request: Request, response: Response) => { - const {username, email, password, create_time} = request.body; + const {username, email, password, isAdmin, create_time} = request.body; try { // Check valid request data parameters const user_data: IUser = { "username": username, "email": email, "password": password, + "isAdmin": isAdmin || 0, }; if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error"); // Check for user duplicates - const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;" + const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;" const user = await query(duplicate_input,[user_data.username, user_data.password]); const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0]; if (retrievedUserObj) { return response.status(403).send("There exists an user with the same username or emails given!"); } // If there is no duplicates, create new user - const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`) + const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`) return response.status(200).json( await query(input,Object.values(user_data)) ); @@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => { router.route('/login').post(async (request: Request, response: Response) => { const {username, password} = request.body; try { - const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;" + const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;" const user = await query(input,[username, password]); // Check if an user object is retrieved const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0]; diff --git a/server/src/controllers/postController/index.ts b/server/src/controllers/postController/index.ts index 4cd0162..08db044 100644 --- a/server/src/controllers/postController/index.ts +++ b/server/src/controllers/postController/index.ts @@ -3,6 +3,7 @@ import query from "../../services/db_query"; import express from "express"; import IPost from "../../models/post"; import Category from "../../models/category"; +import authenticateToken from '../../middlewares/auth'; const router = express.Router(); const category = new Category(); @@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => { /* ============================= UPDATE ============================= */ // Edit post with id `/api/post/:id` -router.route("/:id").put(async (request: Request, response: Response) => { +router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => { const postId: string = request.params.id as string; const { title, @@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => { /* ============================= DELETE ============================= */ // Remove post with id `/api/post/:id` -router.route("/:id").delete(async (request: Request, response: Response) => { +router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => { const postId: string = request.params.id as string; try { response @@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => { } }); -export default router; +export default router; \ No newline at end of file diff --git a/server/src/controllers/userController/index.ts b/server/src/controllers/userController/index.ts index b0d49b9..a522d20 100644 --- a/server/src/controllers/userController/index.ts +++ b/server/src/controllers/userController/index.ts @@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth'; const router = express.Router(); /* ============================= CREATE ============================= */ -// Get all users `/api/user/` +// Create an user `/api/user/` router.route('/').post(async (request: Request, response: Response) => { - const {username, email, password, create_time} = request.body; + const {username, email, password, isAdmin, create_time} = request.body; // destructuring try { const user: IUser = { "username": username, "email": email, "password": password, + "isAdmin": isAdmin || 0, }; if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error"); - const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`) + const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`); return response.status(200).json( await query(input,Object.values(user)) ); @@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) => }); export default router; - diff --git a/server/src/models/user.ts b/server/src/models/user.ts index 1833069..80fd965 100644 --- a/server/src/models/user.ts +++ b/server/src/models/user.ts @@ -5,6 +5,7 @@ interface IUser{ email: string; password: string; create_time?: Date; + isAdmin: number; } export default IUser; -- GitLab