From 84cb62c16da1581986b553302bce975faa8065dc Mon Sep 17 00:00:00 2001 From: kohkaixun Date: Thu, 9 Nov 2023 15:57:48 +0800 Subject: [PATCH 1/2] Rectify admin view --- .../middleware/validateAdmin.js | 25 +++++++++++++++++++ .../routes/user-profile-router.js | 3 ++- frontend/src/pages/AdminView.js | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 backend/user_profile_backend/middleware/validateAdmin.js diff --git a/backend/user_profile_backend/middleware/validateAdmin.js b/backend/user_profile_backend/middleware/validateAdmin.js new file mode 100644 index 00000000..ebac5866 --- /dev/null +++ b/backend/user_profile_backend/middleware/validateAdmin.js @@ -0,0 +1,25 @@ +const axios = require('axios') +const { verifyJsonWebToken } = require('./tokenUtils') +const USER_HOST = process.env.USER_HOST ? process.env.USER_HOST : "http://localhost:4000/api/users" + + +async function validateAdmin (request, response, next) { + const token = request.headers.authorization + console.log(token) + try { + const is_admin = verifyJsonWebToken(token).user_data.is_admin + if (!is_admin) { + return response.status(401).json({ error: 'Unauthorised access. User not admin.' }) + } + } catch (error) { + console.log("error") + console.log(error.message) + return response.status(401).json({ error: 'Unauthorised' }) + } + + next() +} + +module.exports = { + validateAdmin +} \ No newline at end of file diff --git a/backend/user_profile_backend/routes/user-profile-router.js b/backend/user_profile_backend/routes/user-profile-router.js index 9333726e..8e8bb3c2 100644 --- a/backend/user_profile_backend/routes/user-profile-router.js +++ b/backend/user_profile_backend/routes/user-profile-router.js @@ -2,6 +2,7 @@ const express = require('express') const bodyParser = require('body-parser') const { validateUser } = require('../middleware/validateUser') +const { validateAdmin } = require('../middleware/validateAdmin') const getUserById = require('../controller/getUser').getUserById const getUserByName = require('../controller/getUser').getUserByName @@ -32,6 +33,6 @@ router.get('/userByName', [validateUser], getUserByName) router.put('/updateUser', [validateUser], updateUserInfo) router.delete('/deleteUser', [validateUser], deleteUserByUserID) router.get('/checkUserAdmin', [validateUser], checkUSerAdmin) -router.put('/setUserAdmin', [validateUser], setUserAdmin) +router.put('/setUserAdmin', [validateUser, validateAdmin], setUserAdmin) module.exports = router \ No newline at end of file diff --git a/frontend/src/pages/AdminView.js b/frontend/src/pages/AdminView.js index 69b33c84..0a981ad7 100644 --- a/frontend/src/pages/AdminView.js +++ b/frontend/src/pages/AdminView.js @@ -43,7 +43,7 @@ export default function AdminView () { // Make a PUT request to set the user as admin const token = getAuthCookie() - axios.put(`${USER_HOST}/setUserAdmin?username=${username}`, { + axios.put(`${USER_HOST}/setUserAdmin?username=${username}`, {}, { headers: { 'Authorization': token } From 5b1b2e326de36091630059b97eab07725250aef4 Mon Sep 17 00:00:00 2001 From: kohkaixun Date: Fri, 10 Nov 2023 16:31:57 +0800 Subject: [PATCH 2/2] Remove middleware for getCategories --- backend/question-backend/routes/categoryRouter.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/question-backend/routes/categoryRouter.js b/backend/question-backend/routes/categoryRouter.js index 0e0cf4cf..a7342991 100644 --- a/backend/question-backend/routes/categoryRouter.js +++ b/backend/question-backend/routes/categoryRouter.js @@ -10,7 +10,7 @@ import { updateCategory } from "../controller/updateCategory.js"; const router = express.Router(); -router.get("/", [checkLogin], getCategories); +router.get("/", getCategories); router.post("/", [checkLogin, checkAdmin], addCategory); router.put("/:oldName", [checkLogin, checkAdmin], updateCategory); router.delete("/:name", [checkLogin, checkAdmin], deleteCategory);