From bba3495e44a0f96ebcf5c6708670137045e62fc4 Mon Sep 17 00:00:00 2001 From: Vladsislav Korbut Date: Fri, 20 Apr 2018 11:51:57 +0300 Subject: [PATCH] Fix user id in new database instances. Add roles middleware --- app/auth.js | 2 +- app/controllers/tag/tag.controller.js | 5 ++++- app/routes/answer.js | 4 ++-- app/routes/helpers.js | 12 ++++++++++++ app/routes/index.js | 11 +++++++---- app/routes/question.js | 4 ++-- app/routes/tag.js | 14 +++++++++----- app/routes/user.js | 2 ++ package.json | 2 +- 9 files changed, 40 insertions(+), 16 deletions(-) create mode 100644 app/routes/helpers.js diff --git a/app/auth.js b/app/auth.js index 2daf8d3..e052c76 100644 --- a/app/auth.js +++ b/app/auth.js @@ -14,7 +14,7 @@ const createToken = ({ id, isAdmin }) => { id, isAdmin }, process.env.JWT_SECRET, { - expiresIn: 60, + expiresIn: 30 * 60, }, (err, token) => { if (!err) { diff --git a/app/controllers/tag/tag.controller.js b/app/controllers/tag/tag.controller.js index 7785566..def2aec 100644 --- a/app/controllers/tag/tag.controller.js +++ b/app/controllers/tag/tag.controller.js @@ -1,5 +1,8 @@ const { Tag } = require('../../models'); +const { removeById } = require('../common'); exports.getAll = () => Tag.all(); -exports.create = (name) => Tag.create({name}); +exports.create = name => Tag.create({ name }); + +exports.remove = id => removeById(Tag, id); diff --git a/app/routes/answer.js b/app/routes/answer.js index 3fb96b2..e6c1613 100644 --- a/app/routes/answer.js +++ b/app/routes/answer.js @@ -2,8 +2,8 @@ const Answer = require('../controllers/answer/answer.controller'); exports.create = async ctx => { const { id } = ctx.params; - const { text, userId } = ctx.request.body; - const question = await Answer.create(text, id, userId); + const { text } = ctx.request.body; + const question = await Answer.create(text, id, ctx.state.user.id); if (question) { ctx.body = question; } else { diff --git a/app/routes/helpers.js b/app/routes/helpers.js new file mode 100644 index 0000000..7e1beb2 --- /dev/null +++ b/app/routes/helpers.js @@ -0,0 +1,12 @@ +exports.checkAdminOrOwner = model => async (ctx, next) => { + if (ctx.state.user.isAdmin) { + next(); + return; + } + const instance = await model.findById(ctx.params.id); + if (instance.userId !== ctx.state.user.id) { + ctx.status = 403; + return + } + next(); +}; diff --git a/app/routes/index.js b/app/routes/index.js index e6f5c9d..7aa718f 100644 --- a/app/routes/index.js +++ b/app/routes/index.js @@ -4,6 +4,9 @@ const question = require('./question'); const answer = require('./answer'); const tag = require('./tag'); +const { Question, Answer } = require('../models'); +const { checkAdminOrOwner } = require('./helpers'); + const router = new Router(); router.get('/', ctx => { @@ -18,10 +21,10 @@ router.get('/users', user.getAll); router.post('/questions', question.create); router.get('/questions', question.getAll); router.get('/questions/:id', question.getById); -router.patch('/questions/:id', question.update); +router.patch('/questions/:id', checkAdminOrOwner(Question), question.update); router.post('/questions/:id/upvote', question.upvote); router.post('/questions/:id/downvote', question.downvote); -router.delete('/questions/:id', question.remove); +router.delete('/questions/:id', checkAdminOrOwner(Question), question.remove); router.post('/questions/:id/answers', answer.create); router.get('/questions/:id/answers', answer.getAllByQuestionId); @@ -30,8 +33,8 @@ router.post('/questions/:id/add-tag', question.addTag); router.post('/questions/:id/remove-tag', question.removeTag); router.get('/answers/:id', answer.getById); -router.patch('/answers/:id', answer.update); -router.delete('/answers/:id', answer.remove); +router.patch('/answers/:id', checkAdminOrOwner(Answer), answer.update); +router.delete('/answers/:id', checkAdminOrOwner(Answer), answer.remove); router.post('/answers/:id/upvote', answer.upvote); router.post('/answers/:id/doenvote', answer.downvote); diff --git a/app/routes/question.js b/app/routes/question.js index 499a02a..2fc846a 100644 --- a/app/routes/question.js +++ b/app/routes/question.js @@ -1,8 +1,8 @@ const Question = require('../controllers/question/question.controller'); exports.create = async ctx => { - const { title, description, userId } = ctx.request.body; - const question = await Question.create(title, description, userId); + const { title, description } = ctx.request.body; + const question = await Question.create(title, description, ctx.state.user.id); if (question) { ctx.body = question; } else { diff --git a/app/routes/tag.js b/app/routes/tag.js index ffaca80..4e8098a 100644 --- a/app/routes/tag.js +++ b/app/routes/tag.js @@ -10,11 +10,15 @@ exports.getAll = async ctx => { } exports.create = async ctx => { - const { name } = ctx.request.body; - const tag = await Tag.create(name); - if (tag) { - ctx.body = tag; + if (ctx.state.user.isAdmin) { + const { name } = ctx.request.body; + const tag = await Tag.create(name); + if (tag) { + ctx.body = tag; + } else { + ctx.status = 400; + } } else { - ctx.status = 400; + ctx.status = 403; } }; diff --git a/app/routes/user.js b/app/routes/user.js index 5f0c480..386e441 100644 --- a/app/routes/user.js +++ b/app/routes/user.js @@ -5,7 +5,9 @@ exports.register = async ctx => { const { login, password } = ctx.request.body; const user = await User.create(login, password); if (user) { + const token = await createToken(user); ctx.body = { + token, message: `User ${user.login} has been created.`, }; } else { diff --git a/package.json b/package.json index 2b4c13d..542a7f6 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,6 @@ "dependencies": { "bcrypt": "^1.0.3", "dotenv": "^5.0.1", - "eslint-config-prettier": "^2.9.0", "jsonwebtoken": "^8.2.1", "koa": "^2.5.0", "koa-bodyparser": "^4.2.0", @@ -37,6 +36,7 @@ "devDependencies": { "eslint": "^4.19.1", "eslint-config-airbnb-base": "^12.1.0", + "eslint-config-prettier": "^2.9.0", "eslint-plugin-import": "^2.10.0" } }