Merge pull request #39 from GSG-G10/37-auth-admin

create authentication to admin #37

server/database/quieres/checkAdmin.js

@@ -0,0 +1,5 @@
+const connection = require('../config/connection');
+
+const checkAdminQuery = (email) => connection.query('SELECT * FROM admins WHERE email= ($1)', [email]);
+
+module.exports = checkAdminQuery;

server/database/quieres/index.js

@@ -1,12 +1,14 @@
 const userEstatesQuery = require('./userEstatesQuiery');
 const getAllUsersQuery = require('./getAllUsersQuery');
+const checkAdminQuery = require('./checkAdmin');
 const checkEmailQuery = require('./checkEmailQuery');
 const editEstateQuery = require('./editEstatesQuery');
 const deleteEstateQuery = require('./deleteEstateQuery');
 
 module.exports = {
   getAllUsersQuery,
   userEstatesQuery,
+  checkAdminQuery,
   checkEmailQuery,
   editEstateQuery,
   deleteEstateQuery,

server/middleware/index.js

@@ -1,5 +1,7 @@
 const isAuth = require('./isAuth');
+const isAdmin = require('./isAdmin');
 
 module.exports = {
   isAuth,
+  isAdmin,
 };

server/middleware/isAdmin.js

@@ -0,0 +1,22 @@
+const { checkAdminQuery } = require('../database/quieres');
+const { verifyToken } = require('../utils');
+
+const isAdmin = async (req, res, next) => {
+  try {
+    const { token } = req.cookies;
+    if (!token) {
+      return res.status(400).json({ message: 'You are not authorized' });
+    }
+    const decoded = await verifyToken(token);
+    req.email = decoded.email;
+
+    const rows = await checkAdminQuery(req.email);
+    if (!rows.length) {
+      return res.status(400).json({ message: 'You are not authorized' });
+    }
+    return next();
+  } catch (err) {
+    return next(err);
+  }
+};
+module.exports = isAdmin;