feat: complete day 9
This commit is contained in:
Ayobami
+23
-16
@@ -1,29 +1,33 @@
|
|||||||
var createError = require('http-errors');
|
var createError = require("http-errors");
|
||||||
var express = require('express');
|
var express = require("express");
|
||||||
var path = require('path');
|
var path = require("path");
|
||||||
var cookieParser = require('cookie-parser');
|
var cookieParser = require("cookie-parser");
|
||||||
var logger = require('morgan');
|
var logger = require("morgan");
|
||||||
|
|
||||||
var indexRouter = require('./routes/index');
|
var indexRouter = require("./routes/index");
|
||||||
var usersRouter = require('./routes/users');
|
var usersRouter = require("./routes/users");
|
||||||
|
|
||||||
const db = require("./models");
|
const db = require("./models");
|
||||||
var cors = require("cors");
|
var cors = require("cors");
|
||||||
|
const maintenanceMiddleware = require("./middleware/Maintenance");
|
||||||
|
const roleCheckMiddleware = require("./middleware/RoleCheckMiddleware");
|
||||||
|
|
||||||
var app = express();
|
var app = express();
|
||||||
app.set("db", db);
|
app.set("db", db);
|
||||||
// view engine setup
|
// view engine setup
|
||||||
app.set('views', path.join(__dirname, 'views'));
|
app.set("views", path.join(__dirname, "views"));
|
||||||
app.set('view engine', 'jade');
|
app.set("view engine", "jade");
|
||||||
app.use(cors());
|
app.use(cors());
|
||||||
app.use(logger('dev'));
|
app.use(logger("dev"));
|
||||||
app.use(express.json());
|
app.use(express.json());
|
||||||
app.use(express.urlencoded({ extended: false }));
|
app.use(express.urlencoded({ extended: false }));
|
||||||
app.use(cookieParser());
|
app.use(cookieParser());
|
||||||
app.use(express.static(path.join(__dirname, 'public')));
|
app.use(express.static(path.join(__dirname, "public")));
|
||||||
|
app.use(maintenanceMiddleware);
|
||||||
|
app.use("/api/v1", roleCheckMiddleware);
|
||||||
|
|
||||||
app.use('/', indexRouter);
|
app.use("/", indexRouter);
|
||||||
app.use('/users', usersRouter);
|
app.use("/users", usersRouter);
|
||||||
|
|
||||||
// catch 404 and forward to error handler
|
// catch 404 and forward to error handler
|
||||||
app.use(function (req, res, next) {
|
app.use(function (req, res, next) {
|
||||||
@@ -34,11 +38,14 @@ app.use(function (req, res, next) {
|
|||||||
app.use(function (err, req, res, next) {
|
app.use(function (err, req, res, next) {
|
||||||
// set locals, only providing error in development
|
// set locals, only providing error in development
|
||||||
res.locals.message = err.message;
|
res.locals.message = err.message;
|
||||||
res.locals.error = req.app.get('env') === 'development' ? err : {};
|
res.locals.error = req.app.get("env") === "development" ? err : {};
|
||||||
|
|
||||||
// render the error page
|
// standardized error response
|
||||||
res.status(err.status || 500);
|
res.status(err.status || 500);
|
||||||
res.render('error');
|
res.json({
|
||||||
|
success: false,
|
||||||
|
error: err.message || "Internal Server Error",
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
module.exports = app;
|
module.exports = app;
|
||||||
|
|||||||
@@ -0,0 +1,3 @@
|
|||||||
|
module.exports = {
|
||||||
|
maintenance: false,
|
||||||
|
};
|
||||||
@@ -0,0 +1,23 @@
|
|||||||
|
const JwtService = require("../services/JwtService");
|
||||||
|
|
||||||
|
module.exports = function (req, res, next) {
|
||||||
|
const token = JwtService.getToken(req);
|
||||||
|
if (!token) {
|
||||||
|
return res.status(401).json({
|
||||||
|
success: false,
|
||||||
|
error: "Access denied. No token provided.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
const payload = JwtService.verifyAccessToken(token);
|
||||||
|
if (!payload) {
|
||||||
|
return res.status(401).json({
|
||||||
|
success: false,
|
||||||
|
error: "Invalid or expired token.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
req.tokenPayload = payload;
|
||||||
|
if (payload && payload.user_id) {
|
||||||
|
req.user_id = payload.user_id;
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
};
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
const config = require("../config");
|
||||||
|
|
||||||
|
module.exports = function (req, res, next) {
|
||||||
|
if (config.maintenance) {
|
||||||
|
return res.status(503).json({
|
||||||
|
success: false,
|
||||||
|
error: "Service is under maintenance. Please try again later.",
|
||||||
|
});
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
};
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
module.exports = function (req, res, next) {
|
||||||
|
const match = req.path.match(/^\/api\/v1\/(\w+)\//);
|
||||||
|
if (match) {
|
||||||
|
const portal = match[1];
|
||||||
|
const userRole = req.tokenPayload && req.tokenPayload.role;
|
||||||
|
if (userRole !== portal) {
|
||||||
|
return res.status(403).json({
|
||||||
|
success: false,
|
||||||
|
error: `Access denied. Role '${userRole}' does not match portal '${portal}'.`,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
next();
|
||||||
|
};
|
||||||
+2
-1
@@ -3,7 +3,8 @@
|
|||||||
"version": "0.0.0",
|
"version": "0.0.0",
|
||||||
"private": true,
|
"private": true,
|
||||||
"scripts": {
|
"scripts": {
|
||||||
"start": "node ./bin/www"
|
"start": "node ./bin/www",
|
||||||
|
"dev": "node --watch ./bin/www"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"cookie-parser": "~1.4.4",
|
"cookie-parser": "~1.4.4",
|
||||||
|
|||||||
@@ -1,9 +1,13 @@
|
|||||||
var express = require('express');
|
var express = require("express");
|
||||||
var router = express.Router();
|
var router = express.Router();
|
||||||
|
const authMiddleware = require("../middleware/AuthMiddleware");
|
||||||
|
|
||||||
/* GET users listing. */
|
/* GET users listing. */
|
||||||
router.get('/', function(req, res, next) {
|
router.get("/", authMiddleware, function (req, res, next) {
|
||||||
res.send('respond with a resource');
|
res.json({
|
||||||
|
success: true,
|
||||||
|
data: "respond with a resource",
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
|||||||
Reference in New Issue
Block a user