added user roles, updated authentication and added logout option

2026-04-22 08:57:33 -05:00 · 2018-10-13 14:25:47 +02:00 · 2018-10-13 14:25:47 +02:00 · c73bba5a64
commit c73bba5a64
parent 8488a02f68
5 changed files with 50 additions and 20 deletions
--- a/helpers/common.js
+++ b/helpers/common.js
@ -12,11 +12,14 @@ function sendDefault404(res) {

 // use for any api return. it has basic layout used for every return.
 function sendApiReturn(res, data, errors) {
-	res.status(200).json({
-		code: 200,
-		success: true,
-		errors: [] + errors
-	} + data);
+	res.status(200).json(
+		// combine 2 objects
+		Object.assign({
+			code: 200,
+			success: true,
+			errors: [] +  (errors ? errors : [])
+		}, data)
+	);
 }


--- a/models/admin-user.js
+++ b/models/admin-user.js
@ -29,7 +29,8 @@ const adminUserSchema = new mongoose.Schema({
 	},
 	role: {
 		type: String,
-		required: true
+		required: true,
+		default: 'admin' 
 	}
 });

--- a/passport.config.js
+++ b/passport.config.js
@ -21,16 +21,15 @@ module.exports = (app) => {
 			adminUserModel.findByUsername(username).then((user) => {
 				if (!user) {
 					// user doesnt exist
-					return done(null, false);
+					return done(null, false, {message: 'Incorrect user'});
 				}

 				bcrypt.compare(password, user.password, (err, res) => {
 					if (err || !res) {
 						// error comparing hashes
-						return done(null, false);
+						return done(null, false, {message: 'Incorrect password'});
 					}

-					console.log('info correct');
 					// password is correct, return user
 					return done(null, user);

@ -38,7 +37,7 @@ module.exports = (app) => {
 			}).catch((err) => {
 				if (err) {
 					// error finding in database
-					return done(null, false);
+					return done(null, false, {code: 500});
 				}
 			});
 		}
--- a/routes/admin.js
+++ b/routes/admin.js
@ -29,13 +29,16 @@ router.get('/admin', (req, res) => {
 *	return {
 *		code: http code
 *		success: boolean - true if login succesfull
-*		errors: Strings[messages]
+*		username: undefined | string - username if login was successfull
+*		role: undefined | string - role of user if login was successfull
+*		errors: Strings[messages] - not yet :(
 *	}
 */
+// TODO make login somehow display errors in correct format.
 router.post('/admin/api/v1/login', passport.authenticate('adminUserStrategy'), function (req, res) {
-	res.json({
-		message: 'sucessfull I guess',
-		isAuthed: req.isAuthenticated()
+	common.sendApiReturn(res, {
+		username: req.user.username,
+		role: req.user.role ? req.user.role : undefined
 	});
 });

@ -50,15 +53,17 @@ router.post('/admin/api/v1/login', passport.authenticate('adminUserStrategy'), f
 *		password - password of new admin account
 *	}
 *	return {
-*		code: httpcode,
-*		success: boolean,
+*		code: httpcode
+*		success: boolean - true if register was successull
+*		username: undefined | string - username if register was successfull
+*		role: undefined | string - role of user if register was successfull
 *		errors: Strings[messages]
 *	}
 */
 router.post('/admin/api/v1/register', adminUserMiddleware.adminAuthenticationRequired, (req, res) => {
 	if (!req.body) {
 		// no post body
-		common.sendApiGenericError(req, res);
+		common.sendApiGenericError(res);
 		return;
 	}

@ -71,11 +76,12 @@ router.post('/admin/api/v1/register', adminUserMiddleware.adminAuthenticationReq
 	newUser.save().then(() => {
 		// successfull
 		common.sendApiReturn(res, {
-			// TODO return some data
+			username: req.user.username,
 			role: req.user.role ? req.user.role : undefined
 		});
 		return;
 	}).catch((rejection) => {
+		// TODO format exception so it doesnt have a huge list of errors
 		common.sendApiError(res, 500, [rejection]);
 		return;
 	});
@ -88,16 +94,35 @@ router.post('/admin/api/v1/register', adminUserMiddleware.adminAuthenticationReq
 *
 *	return {
 *		code: httpcode
-*		success: boolean - true if admin logged in
+*		success: boolean - true if request was without errors
+*		isAuthed: boolean - true if logged in
+*		role: undefined | string - returns user role
 *		errors: Strings[messages]
 *	}
 */
 router.get('/admin/api/v1/check', adminUserMiddleware.authenticationOptional, (req, res) => {
+	if (!req.user) req.user = {}; 
 	common.sendApiReturn(res, {
 		IsAuthed: req.isAuthenticated(),
 		role: req.user.role ? req.user.role : undefined
 	});
 });

+/* 
+*	/admin/api/v1/logout
+*
+*	logs out admin user
+*
+*	return {
+*		code: httpcode
+*		success: boolean - true if logout is successfull
+*		errors: Strings[messages]
+*	}
+*/
+router.get('/admin/api/v1/logout', adminUserMiddleware.adminAuthenticationRequired, (req, res) => {
+	req.logout();
+	common.sendApiReturn(res, {});
+});
+
 // export the router
 module.exports = router;
--- a/server.js
+++ b/server.js
@ -68,7 +68,9 @@ app.use('/assets', express.static('assets'));
 app.use('/', locations.home);
 app.use('/', locations.posts);
 app.use('/', locations.admin);
-app.use(common.sendDefault404);
+app.use((req, res) => {
+	common.sendDefault404(res);
+});

 // startup
 app.listen(config.http.port, () => {