frontend api refactoring, req.user handling on backend
This commit is contained in:
Mikayla Dobson
@@ -5,7 +5,7 @@ import { IUser } from "../schemas";
|
||||
dotenv.config();
|
||||
|
||||
export function restrictAccess(req: Request, res: Response, next: NextFunction) {
|
||||
if (req.session.user == undefined) {
|
||||
if (req.user == undefined) {
|
||||
res.send("content restricted");
|
||||
} else {
|
||||
next();
|
||||
|
||||
@@ -23,6 +23,13 @@ export default class CollectionCtl {
|
||||
return new ControllerResponse(code, data);
|
||||
}
|
||||
|
||||
async getAllAuthored(id: number | string) {
|
||||
const result = await CollectionInstance.getAllAuthored(id);
|
||||
const code = (result !== null) ? StatusCode.OK : StatusCode.NotFound;
|
||||
const data = result || "No collections found";
|
||||
return new ControllerResponse(code, data);
|
||||
}
|
||||
|
||||
async getUserDefault(id: number | string) {
|
||||
const result = await CollectionInstance.getUserDefault(id);
|
||||
const code = (result !== null) ? StatusCode.OK : StatusCode.NotFound;
|
||||
|
||||
@@ -18,6 +18,22 @@ export class Collection {
|
||||
}
|
||||
}
|
||||
|
||||
async getAllAuthored(id: number | string) {
|
||||
console.log(id, typeof id);
|
||||
try {
|
||||
const statement = `
|
||||
SELECT * FROM recipin.collection
|
||||
WHERE ownerid = $1;
|
||||
`
|
||||
const result = await pool.query(statement, [id]);
|
||||
console.log(result.rows);
|
||||
if (result.rows.length) return result.rows;
|
||||
return null;
|
||||
} catch (e: any) {
|
||||
throw new Error(e);
|
||||
}
|
||||
}
|
||||
|
||||
async getUserDefault(id: number | string) {
|
||||
try {
|
||||
const statement = `
|
||||
@@ -46,7 +62,6 @@ export class Collection {
|
||||
}
|
||||
|
||||
async post(data: ICollection) {
|
||||
console.log('new default collection');
|
||||
const { name, active, ismaincollection, ownerid } = data;
|
||||
try {
|
||||
const statement = `
|
||||
|
||||
@@ -16,11 +16,6 @@ const router = Router();
|
||||
export const authRoute = (app: Express) => {
|
||||
app.use('/auth', router);
|
||||
|
||||
router.use((req, res, next) => {
|
||||
console.log(req.session);
|
||||
next();
|
||||
})
|
||||
|
||||
router.get('/', restrictAccess, (req, res, next) => {
|
||||
if (req.session.user) {
|
||||
const user = req.session.user;
|
||||
@@ -44,8 +39,6 @@ export const authRoute = (app: Express) => {
|
||||
router.post('/login', async (req, res, next) => {
|
||||
try {
|
||||
const data: IUserAuth = req.body;
|
||||
console.log(data);
|
||||
|
||||
const response: ControllerResponse<any> = await AuthInstance.login(data);
|
||||
|
||||
if (response.ok) {
|
||||
@@ -70,8 +63,6 @@ export const authRoute = (app: Express) => {
|
||||
return next(err);
|
||||
})
|
||||
|
||||
console.log(req.session);
|
||||
|
||||
res.cookie('token', token, { httpOnly: true });
|
||||
res.json({ token });
|
||||
} else {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { Express, Router } from "express";
|
||||
import { checkIsAdmin, restrictAccess } from "../auth/middlewares";
|
||||
import CollectionCtl from "../controllers/CollectionCtl";
|
||||
import { IUser } from "../schemas";
|
||||
const CollectionInstance = new CollectionCtl();
|
||||
|
||||
const router = Router();
|
||||
@@ -8,12 +9,6 @@ const router = Router();
|
||||
export const collectionRoute = (app: Express) => {
|
||||
app.use('/app/collection', router);
|
||||
|
||||
router.use((req, res, next) => {
|
||||
console.log('what gives');
|
||||
console.log(req.body);
|
||||
next();
|
||||
})
|
||||
|
||||
router.get('/:id', async (req, res, next) => {
|
||||
const { id } = req.params;
|
||||
try {
|
||||
@@ -24,11 +19,32 @@ export const collectionRoute = (app: Express) => {
|
||||
}
|
||||
})
|
||||
|
||||
// implement is admin on this route
|
||||
router.get('/', checkIsAdmin, async (req, res, next) => {
|
||||
router.get('&authored=true', restrictAccess, async (req, res, next) => {
|
||||
const user = req.user as IUser;
|
||||
console.log(user.id);
|
||||
try {
|
||||
const { code, data } = await CollectionInstance.getAll();
|
||||
const { code, data } = await CollectionInstance.getAllAuthored(user.id as number);
|
||||
res.status(code).send(data);
|
||||
} catch (e) {
|
||||
next(e);
|
||||
}
|
||||
})
|
||||
|
||||
// implement is admin on this route
|
||||
router.get('/', restrictAccess, async (req, res, next) => {
|
||||
const user = req.user as IUser;
|
||||
const { authored } = req.query;
|
||||
|
||||
try {
|
||||
if (authored || authored == "true") {
|
||||
const { code, data } = await CollectionInstance.getAllAuthored(user.id as number);
|
||||
res.status(code).send(data);
|
||||
} else {
|
||||
if (user.isadmin) {
|
||||
const { code, data } = await CollectionInstance.getAll();
|
||||
res.status(code).send(data);
|
||||
}
|
||||
}
|
||||
} catch(e) {
|
||||
next(e);
|
||||
}
|
||||
@@ -36,7 +52,6 @@ export const collectionRoute = (app: Express) => {
|
||||
|
||||
router.post('/', async (req, res, next) => {
|
||||
const data = req.body;
|
||||
console.log(req.body ?? "sanity check");
|
||||
|
||||
try {
|
||||
const result = await CollectionInstance.post(data);
|
||||
|
||||
@@ -21,9 +21,7 @@ export const routes = async (app: Express) => {
|
||||
// middleware to check for auth on cookies on each request in protected routes
|
||||
app.use('/app', async (req, res, next) => {
|
||||
// pull jwt from request headers
|
||||
console.log(req.headers);
|
||||
const token = req.headers['authorization']?.split(" ")[1];
|
||||
console.log(token);
|
||||
|
||||
if (!token) {
|
||||
res.status(403).send("Unauthorized, did not receive token");
|
||||
@@ -32,8 +30,8 @@ export const routes = async (app: Express) => {
|
||||
if (err) {
|
||||
res.status(403).send(err);
|
||||
} else {
|
||||
console.log(data);
|
||||
req.user = data;
|
||||
// @ts-ignore
|
||||
req.user = data.user;
|
||||
next();
|
||||
}
|
||||
})
|
||||
|
||||
Reference in New Issue
Block a user