diff --git a/controllers/auth.js b/controllers/auth.js index 400e0c9..645d127 100644 --- a/controllers/auth.js +++ b/controllers/auth.js @@ -29,7 +29,8 @@ module.exports.postSignup = async (req , res , next) => { firstName : firstName , lastName : lastName , email : email , - password : hashedPass + password : hashedPass , + isAdmin : false }) ; user = await user.save() ; await Student.deleteOne({user:user._id}) ; diff --git a/controllers/course.js b/controllers/course.js index ace5b77..ad37075 100644 --- a/controllers/course.js +++ b/controllers/course.js @@ -92,7 +92,7 @@ module.exports.getAllCourses = async (req , res , next) => { } } -module.exports.meetSchedule = async (req , res , next) => { +module.exports.getMeetSchedule = async (req , res , next) => { try { //we need courseTypeId as input diff --git a/middleware/isAdmin.js b/middleware/isAdmin.js new file mode 100644 index 0000000..c3e6d7c --- /dev/null +++ b/middleware/isAdmin.js @@ -0,0 +1,27 @@ +const jwt = require('jsonwebtoken') +const JWT_secret = "Cantileverlabs" +const mongoose = require('mongoose') +const User = mongoose.model("User") +module.exports = async (req,res,next)=>{ + const {authorization} = req.headers ; + //authorization === Bearer Cantileverlabs + if(!authorization){ + return res.status(401).json({error:"You must be logged in"}) + } + const token = authorization.replace("Bearer ","") + jwt.verify(token,JWT_secret,async (err,payload)=>{ + if(err){ + return res.status(401).json({error:"You must be logged in"}) ; + } + const {_id} = payload ; + const user = await User.findById(_id) ; + if(user.isAdmin) + { + next() ; + } + else + { + return res.status(401).json({error:"Not an admin"}) ; + } + }) +} \ No newline at end of file diff --git a/models/User.js b/models/User.js index d95f570..205349f 100644 --- a/models/User.js +++ b/models/User.js @@ -24,6 +24,9 @@ const userSchema = new Schema({ student : { type : mongoose.Types.ObjectId , ref: 'Student' + } , + isAdmin : { + type : Boolean } //need to add isAdmin }) ; diff --git a/routes/admin.js b/routes/admin.js index 4e03cce..d9695fe 100644 --- a/routes/admin.js +++ b/routes/admin.js @@ -1,12 +1,15 @@ const express = require('express') ; -const adminController = require('../controllers/admin') +const adminController = require('../controllers/admin') ; + +const isAuth = require('../middleware/requirelogin') ; +const isAdmin = require('../middleware/isAdmin') ; const router = express.Router() ; -router.post('/addSchedule' , adminController.addSchedule) ; +router.post('/addSchedule' ,isAuth , isAdmin , adminController.addSchedule) ; -router.post('/editSchedule' , adminController.editSchedule) ; +router.post('/editSchedule' ,isAuth , isAdmin , adminController.editSchedule) ; -router.post('/deleteSchedule' , adminController.deleteSchedule) ; +router.post('/deleteSchedule' ,isAuth , isAdmin , adminController.deleteSchedule) ; module.exports = router ; \ No newline at end of file diff --git a/routes/course.js b/routes/course.js index e624c02..0a0dbca 100644 --- a/routes/course.js +++ b/routes/course.js @@ -1,12 +1,17 @@ const express = require('express') ; const courseController = require('../controllers/course') ; +const isAuth = require('../middleware/requirelogin') ; +const isAdmin = require('../middleware/isAdmin') ; + const router = express.Router() ; -router.post('/addCourse' , courseController.postAddCourse) ; +router.post('/addCourse' ,isAuth , isAdmin , courseController.postAddCourse) ; router.get('/getAllCourses' , courseController.getAllCourses) ; -router.post('/meetSchedule' , courseController.meetSchedule) ; +//NOTE +//It is a post request +router.post('/getMeetSchedule' ,isAuth , courseController.getMeetSchedule) ; module.exports = router ; \ No newline at end of file