Skip to content
This repository was archived by the owner on Sep 20, 2025. It is now read-only.

Commit 73cc60c

Browse files
kkamarakkamara
committed
Add adminAuthenticate() middleware
1 parent 7559516 commit 73cc60c

File tree

2 files changed

+53
-2
lines changed

2 files changed

+53
-2
lines changed

src/middlewares/v1/adminAuthenticate.js

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
"use strict";
2+
const { status, } = require("http-status");
3+
const moment = require("moment-timezone");
4+
const { message401, } = require("../../utils/httpResponses");
5+
const db = require("../../models/v1/index");
6+
7+
module.exports = async (req, res, next) => {
8+
if (!req.headers.authorization) {
9+
res.status(status.UNAUTHORIZED);
10+
return res.json({
11+
message: message401,
12+
});
13+
}
14+
const authTokenResult = await db.sequelize
15+
.models
16+
.userToken
17+
.authenticate(
18+
req.headerString("authorization"),
19+
);
20+
if (false === authTokenResult) {
21+
res.status(status.UNAUTHORIZED);
22+
return res.json({
23+
message: message401,
24+
});
25+
}
26+
const tokenIsExpired = moment(authTokenResult.expiredAt)
27+
.unix() < moment().utc().unix();
28+
if (true === tokenIsExpired) {
29+
res.status(status.UNAUTHORIZED);
30+
return res.json({
31+
message: message401,
32+
});
33+
}
34+
const extractedToken = req.headerString("authorization")
35+
.split(" ")[1];
36+
req.session.userId = authTokenResult.userId;
37+
req.session.extractedToken = extractedToken;
38+
const user = await db.sequelize
39+
.models
40+
.user
41+
.getUserByAuthToken(
42+
req.session.extractedToken,
43+
);
44+
if (false === user || "admin" !== user.role) {
45+
res.status(status.UNAUTHORIZED);
46+
return res.json({
47+
message: message401,
48+
});
49+
}
50+
return next();
51+
};

src/routes/api/v1/web/stats/admin/products/products.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
const express = require("express");
22
const { status, } = require("http-status");
3-
const authenticate = require("../../../../../../../middlewares/v1/authenticate");
3+
const adminAuthenticate = require("../../../../../../../middlewares/v1/adminAuthenticate");
44
const db = require("../../../../../../../models/v1/index");
55
const { message500 } = require("../../../../../../../utils/httpResponses");
66

77
const router = express.Router();
88

9-
router.get("/", authenticate, async (req, res) => {
9+
router.get("/", adminAuthenticate, async (req, res) => {
1010
const result = await db.sequelize.models.product.getAdminProductCountStat();
1111
if (false === result) {
1212
res.status(status.UNAUTHORIZED);

0 commit comments

Comments
 (0)