From 57eca253445239980f32704f94d92e4fac2c486b Mon Sep 17 00:00:00 2001 From: mohammedsalah7 Date: Fri, 29 Oct 2021 22:05:22 +0300 Subject: [PATCH 1/3] create authentication to admin #37 --- server/database/quieres/checkAdmin.js | 5 +++++ server/database/quieres/index.js | 2 ++ server/middleware/index.js | 2 ++ server/middleware/isAdmin.js | 19 +++++++++++++++++++ 4 files changed, 28 insertions(+) create mode 100644 server/database/quieres/checkAdmin.js create mode 100644 server/middleware/isAdmin.js diff --git a/server/database/quieres/checkAdmin.js b/server/database/quieres/checkAdmin.js new file mode 100644 index 0000000..34fa4ec --- /dev/null +++ b/server/database/quieres/checkAdmin.js @@ -0,0 +1,5 @@ +const connection = require('../config'); + +const checkAdminQuery = (email) => connection.query('SELECT * FROM admins WHERE email= ($1)', [email]); + +module.exports = checkAdminQuery; diff --git a/server/database/quieres/index.js b/server/database/quieres/index.js index 386595b..cf56ae6 100644 --- a/server/database/quieres/index.js +++ b/server/database/quieres/index.js @@ -1,8 +1,10 @@ const userEstatesQuery = require('./userEstatesQuiery'); const getAllUsersQuery = require('./getAllUsersQuery'); +const checkAdminQuery = require('./checkAdmin'); module.exports = { getAllUsersQuery, userEstatesQuery, + checkAdminQuery, }; diff --git a/server/middleware/index.js b/server/middleware/index.js index 4c1cf4e..bb28dd7 100644 --- a/server/middleware/index.js +++ b/server/middleware/index.js @@ -1,5 +1,7 @@ const isAuth = require('./isAuth'); +const isAdmin = require('./isAdmin'); module.exports = { isAuth, + isAdmin, }; diff --git a/server/middleware/isAdmin.js b/server/middleware/isAdmin.js new file mode 100644 index 0000000..134c8dc --- /dev/null +++ b/server/middleware/isAdmin.js @@ -0,0 +1,19 @@ +const { checkAdminQuery } = require('../database/quieres'); + +const isAdmin = async (req, res, next) => { + try { + const { email } = req.cookies; + if (!email) { + throw new Error({ message: 'You are not authorized' }); + } + const rows = await checkAdminQuery(email); + if (!rows.length) { + throw new Error({ message: 'You are not authorized' }); + } else { + return res.json({ message: 'You are Admin' }); + } + } catch (err) { + return next(err); + } +}; +module.exports = isAdmin; From 255de2d6392e89207be751acaae35d53575cdbd5 Mon Sep 17 00:00:00 2001 From: mohammedsalah7 Date: Sat, 30 Oct 2021 18:16:52 +0200 Subject: [PATCH 2/3] edit Suggested changes #37 --- server/middleware/isAdmin.js | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/server/middleware/isAdmin.js b/server/middleware/isAdmin.js index 134c8dc..ec0a06a 100644 --- a/server/middleware/isAdmin.js +++ b/server/middleware/isAdmin.js @@ -1,17 +1,20 @@ const { checkAdminQuery } = require('../database/quieres'); +const { verifyToken } = require('../utils'); const isAdmin = async (req, res, next) => { try { - const { email } = req.cookies; - if (!email) { - throw new Error({ message: 'You are not authorized' }); + const { token } = req.cookies; + if (!token) { + return res.status(400).json({ message: 'You are not authorized' }); } - const rows = await checkAdminQuery(email); + const decoded = await verifyToken(token); + + const rows = await checkAdminQuery(decoded.email); if (!rows.length) { - throw new Error({ message: 'You are not authorized' }); - } else { - return res.json({ message: 'You are Admin' }); + return res.status(400).json({ message: 'You are not authorized' }); } + res.status(201).json({ message: 'You are Admin' }); + return next(); } catch (err) { return next(err); } From c54d834cde8f072c6b073d9aa0b9fce0d3869fce Mon Sep 17 00:00:00 2001 From: mohammedsalah7 Date: Sun, 31 Oct 2021 10:30:53 +0200 Subject: [PATCH 3/3] edit Suggested changes #37 --- server/middleware/isAdmin.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/middleware/isAdmin.js b/server/middleware/isAdmin.js index ec0a06a..fa6b1ca 100644 --- a/server/middleware/isAdmin.js +++ b/server/middleware/isAdmin.js @@ -8,12 +8,12 @@ const isAdmin = async (req, res, next) => { return res.status(400).json({ message: 'You are not authorized' }); } const decoded = await verifyToken(token); + req.email = decoded.email; - const rows = await checkAdminQuery(decoded.email); + const rows = await checkAdminQuery(req.email); if (!rows.length) { return res.status(400).json({ message: 'You are not authorized' }); } - res.status(201).json({ message: 'You are Admin' }); return next(); } catch (err) { return next(err);