Compare revisions

9ef7a537 · 9ef7a537 · 9ef7a537 · 9ef7a537
--- a/server/src/controllers/authController/index.ts
+++ b/server/src/controllers/authController/index.ts
@@ -4,29 +4,31 @@ import express from 'express';
 import IUser from '../../models/user';
 import * as jwt from 'jsonwebtoken';
 import config from '../../config';
+import { isNamedExportBindings } from "typescript";
 const router = express.Router();
 // Post register user `/api/auth/register`
 router.route('/register').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body;
 	try {
        // Check valid request data parameters
 		const user_data: IUser = {
 			"username": username,
 			"email": email,
            "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user_data).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
        // Check for user duplicates
-        const duplicate_input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+        const duplicate_input = "SELECT userId, username, email, create_time, isAdmin FROM user WHERE username=? AND password=?;"
        const user = await query(duplicate_input,[user_data.username, user_data.password]);
        const retrievedUserObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];
 		if (retrievedUserObj) {
            return response.status(403).send("There exists an user with the same username or emails given!");
        }
        // If there is no duplicates, create new user
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`)
 		return response.status(200).json(
 			await query(input,Object.values(user_data))
 		);
@@ -39,7 +41,7 @@ router.route('/register').post(async (request: Request, response: Response) => {
 router.route('/login').post(async (request: Request, response: Response) => {
 	const {username, password} = request.body;
 	try {
-		const input = "SELECT userId, username, email, create_time FROM user WHERE username=? AND password=?;"
+		const input = "SELECT userId, username, email, isAdmin, create_time FROM user WHERE username=? AND password=?;"
 		const user = await query(input,[username, password]);
 		// Check if an user object is retrieved
 		const userObj = Object.values(JSON.parse(JSON.stringify(user.data)))[0];

--- a/server/src/controllers/postController/index.ts
+++ b/server/src/controllers/postController/index.ts
@@ -3,6 +3,7 @@ import query from "../../services/db_query";
 import express from "express";
 import IPost from "../../models/post";
 import Category from "../../models/category";
+import authenticateToken from '../../middlewares/auth';
 const router = express.Router();
 const category = new Category();
@@ -41,14 +42,21 @@ router.route("/").post(async (request: Request, response: Response) => {
 });
 /* ============================= READ ============================= */
-// Get all posts `/api/post/?categoryid=`
+// Get all posts `/api/post/?categoryid=:categoryid&userId=:userId`
 router.route("/").get(async (request: Request, response: Response) => {
-  const { categoryid } = request.query as { [key: string]: string };
+  const { categoryid, userId } = request.query as { [key: string]: string };
  try {
    let input = `SELECT p.id, p.title, p.description, p.price, p.timestamp, p.owner, p.categoryid, p.imageUrl 
    FROM post as p`;
-    if (categoryid) input += ` WHERE p.categoryid=${categoryid}`;
+    if (categoryid || userId) input += ` WHERE `;
-    response.status(200).json(await query(input, ""));
+    const params = Object.entries({
+      categoryId: categoryid,
+      owner: userId
+    }).filter((param) => param[1])
+    // Add p.categoryId = ? AND p.userId = ? respectively if it is not undefined
+    input += params.map((param) => `p.${param[0]} = ?`).join(" AND ")
+    console.log(input, params.map((param) => param[1]));
+    response.status(200).json(await query(input, params.map((param) => param[1])));
  } catch (error) {
    response.status(400).send("Bad Request");
  }
@@ -69,7 +77,7 @@ router.route("/:id").get(async (request: Request, response: Response) => {
 /* ============================= UPDATE ============================= */
 // Edit post with id `/api/post/:id`
-router.route("/:id").put(async (request: Request, response: Response) => {
+router.route("/:id").put(authenticateToken, async (request: Request, response: Response) => {
  const postId: string = request.params.id as string;
  const {
    title,
@@ -101,7 +109,7 @@ router.route("/:id").put(async (request: Request, response: Response) => {
 /* ============================= DELETE ============================= */
 // Remove post with id `/api/post/:id`
-router.route("/:id").delete(async (request: Request, response: Response) => {
+router.route("/:id").delete(authenticateToken, async (request: Request, response: Response) => {
  const postId: string = request.params.id as string;
  try {
    response
@@ -112,4 +120,4 @@ router.route("/:id").delete(async (request: Request, response: Response) => {
  }
 });
 export default router;
\ No newline at end of file
--- a/server/src/controllers/userController/index.ts
+++ b/server/src/controllers/userController/index.ts
@@ -6,17 +6,18 @@ import authenticateToken from '../../middlewares/auth';
 const router = express.Router();
 /* ============================= CREATE ============================= */
-// Get all users `/api/user/`
+// Create an user `/api/user/`
 router.route('/').post(async (request: Request, response: Response) => {
-	const {username, email, password, create_time} = request.body;
+	const {username, email, password, isAdmin, create_time} = request.body; // destructuring
 	try {
 		const user: IUser = {
 			"username": username,
 			"email": email,
            "password": password,
+			"isAdmin": isAdmin || 0,
 		};
 		if (Object.values(user).filter(p => p == undefined).length > 0) return response.status(500).send("Error");
-		const input = (`INSERT INTO user(username, email, password) VALUES (?,?,?)`)
+		const input = (`INSERT INTO user(username, email, password, isAdmin) VALUES (?,?,?,?)`);
 		return response.status(200).json(
 			await query(input,Object.values(user))
 		);
@@ -36,7 +37,7 @@ router.route('/').get(async (_: Request, response: Response) => {
 });
 // Get user with id `/api/user/:id`
-router.route('/:userId').get(authenticateToken, async (request: Request, response: Response) => {
+router.route('/:userId').get(async (request: Request, response: Response) => {
 	const userId = request.params.userId;
 	try {
 		const input = `SELECT userId, username, email, create_time FROM user WHERE userId=?;`
@@ -61,7 +62,7 @@ router.route('/:userId').put(async (request: Request, response: Response) => {
 /* ============================= DELETE ============================= */
 // Delete user from id `/api/user/:id`
-router.route('/:userId').delete(async (request: Request, response: Response) => {
+router.route('/:userId').delete(authenticateToken, async (request: Request, response: Response) => {
 	const userId = request.params.userId;
 	try {
 		const input = `DELETE FROM user WHERE (userId=?);`;
@@ -72,4 +73,3 @@ router.route('/:userId').delete(async (request: Request, response: Response) =>
 });
 export default router;
--- a/server/src/models/user.ts
+++ b/server/src/models/user.ts
@@ -5,6 +5,7 @@ interface IUser{
    email: string;
    password: string;
    create_time?: Date;
+    isAdmin: number;
 }
 export default IUser;
No results found