From 766046f2ee86c30c6f976cd2eeb1224b9c86dcc7 Mon Sep 17 00:00:00 2001
From: amalieur <amalieur@stud.ntnu.no>
Date: Thu, 11 Mar 2021 13:50:39 +0100
Subject: [PATCH] Admintilgang backend

---
 server/src/controllers/authController/index.ts | 10 ++++++----
 server/src/controllers/postController/index.ts |  7 ++++---
 server/src/controllers/userController/index.ts |  8 ++++----
 server/src/models/user.ts                      |  1 +
 4 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/server/src/controllers/authController/index.ts b/server/src/controllers/authController/index.ts
index 0171c6e..cbc1157 100644
--- a/server/src/controllers/authController/index.ts
+++ b/server/src/controllers/authController/index.ts
@@ -4,29 +4,31 @@ import express from 'express';
 import IUser from '../../models/user';
 import * as jwt from 'jsonwebtoken';
 import config from '../../config';
+import { isNamedExportBindings } from "typescript";
 
 const router = express.Router();
 
 // Post register user `/api/auth/register`
 router.route('/register').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body;
 	try {
         // Check valid request data parameters
 		const user_data: IUser = {
 			"username": username,
 			"email": email,
             "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
         // Check for user duplicates
-        const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+        const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
         const user = await query(duplicate_input,[user_data.username, user_data.password]);
         const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
 		if (retrievedUserObj) {
             return response.status(403).send("There exists an user with the same username or emails given!");
         }
         // If there is no duplicates, create new user
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
 		return response.status(200).json(
 			await query(input,Object.values(user_data))
 		);
@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
 router.route('/login').post(async (request: Request, response: Response) => {
 	const {username, password} = request.body;
 	try {
-		const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+		const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
 		const user = await query(input,[username, password]);
 		// Check if an user object is retrieved
 		const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
diff --git a/server/src/controllers/postController/index.ts b/server/src/controllers/postController/index.ts
index 4cd0162..08db044 100644
--- a/server/src/controllers/postController/index.ts
+++ b/server/src/controllers/postController/index.ts
@@ -3,6 +3,7 @@ import query from "../../services/db_query";
 import express from "express";
 import IPost from "../../models/post";
 import Category from "../../models/category";
+import authenticateToken from '../../middlewares/auth';
 
 const router = express.Router();
 const category = new Category();
@@ -69,7 +70,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {
 
 /* ============================= UPDATE ============================= */
 // Edit post with id `/api/post/:id`
-router.route("/:id").put(async (request: Request, response: Response) => {
+router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
   const postId: string = request.params.id as string;
   const {
     title,
@@ -101,7 +102,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {
 
 /* ============================= DELETE ============================= */
 // Remove post with id `/api/post/:id`
-router.route("/:id").delete(async (request: Request, response: Response) => {
+router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
   const postId: string = request.params.id as string;
   try {
     response
@@ -112,4 +113,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
   }
 });
 
-export default router;
+export default router;
\ No newline at end of file
diff --git a/server/src/controllers/userController/index.ts b/server/src/controllers/userController/index.ts
index b0d49b9..a522d20 100644
--- a/server/src/controllers/userController/index.ts
+++ b/server/src/controllers/userController/index.ts
@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';
 
 const router = express.Router();
 /* ============================= CREATE ============================= */
-// Get all users `/api/user/`
+// Create an user `/api/user/`
 router.route('/').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body; // destructuring
 	try {
 		const user: IUser = {
 			"username": username,
 			"email": email,
             "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
 		return response.status(200).json(
 			await query(input,Object.values(user))
 		);
@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
 });
 
 export default router;
-
diff --git a/server/src/models/user.ts b/server/src/models/user.ts
index 1833069..80fd965 100644
--- a/server/src/models/user.ts
+++ b/server/src/models/user.ts
@@ -5,6 +5,7 @@ interface IUser{
     email: string;
     password: string;
     create_time?: Date;
+    isAdmin: number;
 }
 
 export default IUser;
-- 
GitLab