feat: complete day 9
This commit is contained in:
Ayobami
+23
-16
@@ -1,29 +1,33 @@
|
||||
var createError = require('http-errors');
|
||||
var express = require('express');
|
||||
var path = require('path');
|
||||
var cookieParser = require('cookie-parser');
|
||||
var logger = require('morgan');
|
||||
var createError = require("http-errors");
|
||||
var express = require("express");
|
||||
var path = require("path");
|
||||
var cookieParser = require("cookie-parser");
|
||||
var logger = require("morgan");
|
||||
|
||||
var indexRouter = require('./routes/index');
|
||||
var usersRouter = require('./routes/users');
|
||||
var indexRouter = require("./routes/index");
|
||||
var usersRouter = require("./routes/users");
|
||||
|
||||
const db = require("./models");
|
||||
var cors = require("cors");
|
||||
const maintenanceMiddleware = require("./middleware/Maintenance");
|
||||
const roleCheckMiddleware = require("./middleware/RoleCheckMiddleware");
|
||||
|
||||
var app = express();
|
||||
app.set("db", db);
|
||||
// view engine setup
|
||||
app.set('views', path.join(__dirname, 'views'));
|
||||
app.set('view engine', 'jade');
|
||||
app.set("views", path.join(__dirname, "views"));
|
||||
app.set("view engine", "jade");
|
||||
app.use(cors());
|
||||
app.use(logger('dev'));
|
||||
app.use(logger("dev"));
|
||||
app.use(express.json());
|
||||
app.use(express.urlencoded({ extended: false }));
|
||||
app.use(cookieParser());
|
||||
app.use(express.static(path.join(__dirname, 'public')));
|
||||
app.use(express.static(path.join(__dirname, "public")));
|
||||
app.use(maintenanceMiddleware);
|
||||
app.use("/api/v1", roleCheckMiddleware);
|
||||
|
||||
app.use('/', indexRouter);
|
||||
app.use('/users', usersRouter);
|
||||
app.use("/", indexRouter);
|
||||
app.use("/users", usersRouter);
|
||||
|
||||
// catch 404 and forward to error handler
|
||||
app.use(function (req, res, next) {
|
||||
@@ -34,11 +38,14 @@ app.use(function (req, res, next) {
|
||||
app.use(function (err, req, res, next) {
|
||||
// set locals, only providing error in development
|
||||
res.locals.message = err.message;
|
||||
res.locals.error = req.app.get('env') === 'development' ? err : {};
|
||||
res.locals.error = req.app.get("env") === "development" ? err : {};
|
||||
|
||||
// render the error page
|
||||
// standardized error response
|
||||
res.status(err.status || 500);
|
||||
res.render('error');
|
||||
res.json({
|
||||
success: false,
|
||||
error: err.message || "Internal Server Error",
|
||||
});
|
||||
});
|
||||
|
||||
module.exports = app;
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
module.exports = {
|
||||
maintenance: false,
|
||||
};
|
||||
@@ -0,0 +1,23 @@
|
||||
const JwtService = require("../services/JwtService");
|
||||
|
||||
module.exports = function (req, res, next) {
|
||||
const token = JwtService.getToken(req);
|
||||
if (!token) {
|
||||
return res.status(401).json({
|
||||
success: false,
|
||||
error: "Access denied. No token provided.",
|
||||
});
|
||||
}
|
||||
const payload = JwtService.verifyAccessToken(token);
|
||||
if (!payload) {
|
||||
return res.status(401).json({
|
||||
success: false,
|
||||
error: "Invalid or expired token.",
|
||||
});
|
||||
}
|
||||
req.tokenPayload = payload;
|
||||
if (payload && payload.user_id) {
|
||||
req.user_id = payload.user_id;
|
||||
}
|
||||
next();
|
||||
};
|
||||
@@ -0,0 +1,11 @@
|
||||
const config = require("../config");
|
||||
|
||||
module.exports = function (req, res, next) {
|
||||
if (config.maintenance) {
|
||||
return res.status(503).json({
|
||||
success: false,
|
||||
error: "Service is under maintenance. Please try again later.",
|
||||
});
|
||||
}
|
||||
next();
|
||||
};
|
||||
@@ -0,0 +1,14 @@
|
||||
module.exports = function (req, res, next) {
|
||||
const match = req.path.match(/^\/api\/v1\/(\w+)\//);
|
||||
if (match) {
|
||||
const portal = match[1];
|
||||
const userRole = req.tokenPayload && req.tokenPayload.role;
|
||||
if (userRole !== portal) {
|
||||
return res.status(403).json({
|
||||
success: false,
|
||||
error: `Access denied. Role '${userRole}' does not match portal '${portal}'.`,
|
||||
});
|
||||
}
|
||||
}
|
||||
next();
|
||||
};
|
||||
+2
-1
@@ -3,7 +3,8 @@
|
||||
"version": "0.0.0",
|
||||
"private": true,
|
||||
"scripts": {
|
||||
"start": "node ./bin/www"
|
||||
"start": "node ./bin/www",
|
||||
"dev": "node --watch ./bin/www"
|
||||
},
|
||||
"dependencies": {
|
||||
"cookie-parser": "~1.4.4",
|
||||
|
||||
@@ -1,9 +1,13 @@
|
||||
var express = require('express');
|
||||
var express = require("express");
|
||||
var router = express.Router();
|
||||
const authMiddleware = require("../middleware/AuthMiddleware");
|
||||
|
||||
/* GET users listing. */
|
||||
router.get('/', function(req, res, next) {
|
||||
res.send('respond with a resource');
|
||||
router.get("/", authMiddleware, function (req, res, next) {
|
||||
res.json({
|
||||
success: true,
|
||||
data: "respond with a resource",
|
||||
});
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
|
||||
Reference in New Issue
Block a user