added isAdmin in user

controllers/auth.js

@@ -29,7 +29,8 @@ module.exports.postSignup = async (req , res , next) => {
                 firstName : firstName ,
                 lastName : lastName ,
                 email : email ,
-                password : hashedPass 
+                password : hashedPass ,
+                isAdmin : false
             }) ;
             user = await user.save() ;
             await Student.deleteOne({user:user._id}) ;

controllers/course.js

@@ -92,7 +92,7 @@ module.exports.getAllCourses = async (req , res , next) => {
     }
 }
 
-module.exports.meetSchedule = async (req , res , next) => {
+module.exports.getMeetSchedule = async (req , res , next) => {
     try
     {
         //we need courseTypeId as input

middleware/isAdmin.js

@@ -0,0 +1,27 @@
+const jwt = require('jsonwebtoken')
+const JWT_secret = "Cantileverlabs"
+const mongoose = require('mongoose')
+const User = mongoose.model("User")
+module.exports = async (req,res,next)=>{
+    const {authorization} = req.headers ;
+    //authorization === Bearer Cantileverlabs
+    if(!authorization){
+        return res.status(401).json({error:"You must be logged in"})
+    }
+    const token = authorization.replace("Bearer ","")
+    jwt.verify(token,JWT_secret,async (err,payload)=>{
+        if(err){
+            return res.status(401).json({error:"You must be logged in"}) ;
+        }
+        const {_id} = payload ;
+        const user = await User.findById(_id) ;
+        if(user.isAdmin)
+        {
+            next() ;
+        }
+        else
+        {
+            return res.status(401).json({error:"Not an admin"}) ;
+        }
+    })
+}

models/User.js

@@ -24,6 +24,9 @@ const userSchema = new Schema({
     student : {
         type : mongoose.Types.ObjectId ,
         ref: 'Student'
+    } ,
+    isAdmin : {
+        type : Boolean 
     }
     //need to add isAdmin 
 }) ;

routes/admin.js

@@ -1,12 +1,15 @@
 const express = require('express') ;
-const adminController = require('../controllers/admin')
+const adminController = require('../controllers/admin') ;
+
+const isAuth = require('../middleware/requirelogin') ;
+const isAdmin = require('../middleware/isAdmin') ;
 
 const router = express.Router() ;
 
-router.post('/addSchedule' , adminController.addSchedule) ;
+router.post('/addSchedule' ,isAuth , isAdmin , adminController.addSchedule) ;
 
-router.post('/editSchedule' , adminController.editSchedule) ;
+router.post('/editSchedule' ,isAuth , isAdmin , adminController.editSchedule) ;
 
-router.post('/deleteSchedule' , adminController.deleteSchedule) ;
+router.post('/deleteSchedule' ,isAuth , isAdmin , adminController.deleteSchedule) ;
 
 module.exports = router ;

routes/course.js

@@ -1,12 +1,17 @@
 const express = require('express') ;
 const courseController = require('../controllers/course') ;
 
+const isAuth = require('../middleware/requirelogin') ;
+const isAdmin = require('../middleware/isAdmin') ;
+
 const router = express.Router() ;
 
-router.post('/addCourse' , courseController.postAddCourse) ;
+router.post('/addCourse' ,isAuth , isAdmin , courseController.postAddCourse) ;
 
 router.get('/getAllCourses' , courseController.getAllCourses) ;
 
-router.post('/meetSchedule' , courseController.meetSchedule) ;
+//NOTE 
+//It is a post request
+router.post('/getMeetSchedule' ,isAuth , courseController.getMeetSchedule) ;
 
 module.exports = router ;