diff --git a/server/app/controllers/auth.controller.js b/server/app/controllers/auth.controller.js index 446f5a6..31838d7 100644 --- a/server/app/controllers/auth.controller.js +++ b/server/app/controllers/auth.controller.js @@ -67,4 +67,30 @@ exports.signin = (req, res) => { .catch(err => { res.status(500).send({ message: err.message }); }); +}; + +// COMMENT THIS OUT ON PROD +exports.createTestAdmin = (req, res) => { + User.findOrCreate({ + where: { + role_id: 1, + username: "testadmin", + email: "test@admin.com", + password: bcrypt.hashSync(TestAdminPassword, 8), + name: test, + phone: 123 - 456 - 7890 + }, + }) + .then(([user, created]) => { + const token = jwt.sign({id: user.id}, config.secret, { + expiresIn: 86400 // 24 hours + }); + + res.status(200).send({ + accessToken: token + }); + }) + .catch(err => { + res.status(500).send({ message: err.message }); + }); }; \ No newline at end of file diff --git a/server/app/middleware/auth.jwt.js b/server/app/middleware/auth.jwt.js index ae07026..8bfbfa7 100644 --- a/server/app/middleware/auth.jwt.js +++ b/server/app/middleware/auth.jwt.js @@ -58,7 +58,33 @@ isVehicleOwner = (req, res, next) => { } res.status(403).send({ - message: "Requires Shop Owner Role!" + message: "Requires Vehicle Owner Role!" + }); + }); +}; + +isShopOwnerOrAdmin = (req, res, next) => { + User.findByPk(req.user_id).then(user => { + if (user.role_id === 3 || user.role_id === 1){ + next(); + return; + } + + res.status(403).send({ + message: "Requires Shop Owner or Admin Role!" + }); + }); +}; + +isVehicleOwnerOrAdmin = (req, res, next) => { + User.findByPk(req.user_id).then(user => { + if (user.role_id === 2 || user.role_id === 1){ + next(); + return; + } + + res.status(403).send({ + message: "Requires Vehicle Owner or Admin Role!" }); }); }; @@ -67,7 +93,9 @@ const authJwt = { verifyToken: verifyToken, isAdmin: isAdmin, isShopOwner: isShopOwner, - isVehicleOwner: isVehicleOwner + isVehicleOwner: isVehicleOwner, + isShopOwnerOrAdmin: isShopOwnerOrAdmin, + isVehicleOwnerOrAdmin: isVehicleOwnerOrAdmin, }; module.exports = authJwt; \ No newline at end of file diff --git a/server/app/routes/auth.route.js b/server/app/routes/auth.route.js index 5eda500..4fcd029 100644 --- a/server/app/routes/auth.route.js +++ b/server/app/routes/auth.route.js @@ -21,4 +21,7 @@ module.exports = function(app) { ); app.post("/api/auth/signin", controller.signin); + + // COMMENT OUT IN PROD + app.get("/api/auth/test/token", controller.createTestAdmin); }; \ No newline at end of file diff --git a/server/app/routes/rating.route.js b/server/app/routes/rating.route.js index 8a9fa18..d12cc15 100644 --- a/server/app/routes/rating.route.js +++ b/server/app/routes/rating.route.js @@ -1,13 +1,14 @@ +const {authJwt} = require("../middleware"); module.exports = app =>{ const rating = require ("../controllers/rating.controller.js"); var router = require("express").Router(); - router.post("/", rating.create); + router.post("/", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], rating.create); router.get("/", rating.findAll); router.get("/:id", rating.findOne); - router.put("/:id", rating.update); - router.delete("/:id", rating.delete); + router.put("/:id", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], rating.update); + router.delete("/:id", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], rating.delete); app.use('/api/ratings', router); } \ No newline at end of file diff --git a/server/app/routes/service.route.js b/server/app/routes/service.route.js index bbfaf9d..ebef1a9 100644 --- a/server/app/routes/service.route.js +++ b/server/app/routes/service.route.js @@ -1,11 +1,12 @@ +const {authJwt} = require("../middleware"); module.exports = app =>{ const services = require ("../controllers/service.controller.js"); var router = require("express").Router(); - router.post("/", services.create); - router.put("/:id", services.update); - router.delete("/:id", services.delete); + router.post("/", [authJwt.verifyToken], services.create); + router.put("/:id", [authJwt.verifyToken], services.update); + router.delete("/:id", [authJwt.verifyToken], services.delete); router.get("/:id", services.findOne); router.get("/", services.findAll); router.get("/shop/:shop_id", services.findAllByShopID); diff --git a/server/app/routes/shop.route.js b/server/app/routes/shop.route.js index 04556c0..922a4e3 100644 --- a/server/app/routes/shop.route.js +++ b/server/app/routes/shop.route.js @@ -1,14 +1,15 @@ +const {authJwt} = require("../middleware"); module.exports = app =>{ const shops = require ("../controllers/shop.controller.js"); var router = require("express").Router(); - router.post("/", shops.create); + router.post("/", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shops.create); router.get("/:sort/:search", shops.findAll); router.get("/user/getBy/:user_id", shops.findAllByUserID); - router.get("/:id", shops.findOne); - router.put("/:id", shops.update); - router.delete("/:id", shops.delete); + router.get("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shops.findOne); + router.put("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shops.update); + router.delete("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shops.delete); app.use('/api/shops', router); } \ No newline at end of file diff --git a/server/app/routes/shopAdmin.route.js b/server/app/routes/shopAdmin.route.js index 29ca8f3..55a47ef 100644 --- a/server/app/routes/shopAdmin.route.js +++ b/server/app/routes/shopAdmin.route.js @@ -1,15 +1,16 @@ +const {authJwt} = require("../middleware"); module.exports = app =>{ const shopAdmins = require ("../controllers/shopAdmin.controller"); var router = require("express").Router(); - router.post("/", shopAdmins.create); + router.post("/", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shopAdmins.create); router.get("/", shopAdmins.findAll); router.get("/shop/:shop_id", shopAdmins.findAllByShopID); router.get("/user/:user_id", shopAdmins.findAllByUserID); - router.get("/:id", shopAdmins.findOne); - router.put("/:id", shopAdmins.update); - router.delete("/:id", shopAdmins.delete); + router.get("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shopAdmins.findOne); + router.put("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shopAdmins.update); + router.delete("/:id", [authJwt.verifyToken, authJwt.isShopOwnerOrAdmin], shopAdmins.delete); app.use('/api/shopadmins', router); } \ No newline at end of file diff --git a/server/app/routes/vehicle.route.js b/server/app/routes/vehicle.route.js index 67ea638..beb25f5 100644 --- a/server/app/routes/vehicle.route.js +++ b/server/app/routes/vehicle.route.js @@ -1,13 +1,14 @@ +const {authJwt} = require("../middleware"); module.exports = app =>{ const vehicles = require ("../controllers/vehicle.controller.js"); var router = require("express").Router(); - router.post("/", vehicles.create); + router.post("/", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], vehicles.create); router.get("/:id", vehicles.findOne); - router.put("/:id", vehicles.update); - router.delete("/:id", vehicles.delete); - router.get("/user/:user_id", vehicles.findAllByUserID); + router.put("/:id", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], vehicles.update); + router.delete("/:id", [authJwt.verifyToken, authJwt.isVehicleOwnerOrAdmin], vehicles.delete); + router.get("/user/:user_id", [authJwt.verifyToken], vehicles.findAllByUserID); app.use('/api/vehicles', router); } \ No newline at end of file