middleware check authenticate

2023-10-04 20:16:47 +02:00 · 2023-10-04 20:16:47 +02:00 · ea623cedc8
commit ea623cedc8
parent e3279d4792
9 changed files with 34 additions and 63 deletions
--- a/controllers/cashTransactionController.js
+++ b/controllers/cashTransactionController.js
@ -1,15 +1,10 @@
 var cashTransactionModel = require('../models/cashTransactionModel.js');
-var UserModel = require('../models/userModel');
-
 module.exports = {

  list: async function (req, res) {
-    const password = req.body.pass;
+    
    try{
-      const userFound = await UserModel.findOne({ pass: password });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
+    
      const transactions = await cashTransactionModel.find()
      const data = {
        messages: transactions
@ -25,12 +20,6 @@ module.exports = {

  create: async function (req, res) {
    const rawString = req.body.messageBody;
-    const password = req.body.pass;
-
-    const userFound = await UserModel.findOne({ pass: password });
-    if (!userFound) {
-      return res.status(404).json({ message: 'Wrong password' });
-    }

    const transaction = new cashTransactionModel({
      raw: rawString,
@ -82,11 +71,6 @@ module.exports = {
  },

  delete: async function (req, res) {
-    const password = req.body.pass;
-    const userFound = await UserModel.findOne({ pass: password });
-    if (!userFound) {
-      return res.status(404).json({ message: 'Wrong password' });
-    }
    cashTransactionModel.deleteMany({})
    .then(data =>{
      res.status(201).json({message:"OK"});
--- a/controllers/gameController.js
+++ b/controllers/gameController.js
@ -1,4 +1,3 @@
-var UserModel = require('../models/userModel');
 var { GameModel } = require('../models/mediaModel');


@ -21,15 +20,9 @@ module.exports = {

  create: async function (req, res) {
    var gameCode = req.body.code;
-    const passp = req.body.pass;
+    const userFound = req.user;

    try {
-
-      const userFound = await UserModel.findOne({ pass: passp });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
-
      const gameFound = await GameModel.findOne({ code: gameCode });
      if (gameFound) {
        return res.status(409).json({ message: 'Game already exists' });
@ -93,14 +86,8 @@ module.exports = {

  remove: async function (req, res) {
    var id = req.body.code;
-    const passp = req.body.pass;

    try {
-      const userFound = await UserModel.findOne({ pass: passp });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
-
      const movie = await GameModel.findOneAndDelete({ code: id });
      if (!movie) {
        return res.status(404).json({ message: 'No such game' });
--- a/controllers/mediaController.js
+++ b/controllers/mediaController.js
@ -1,4 +1,3 @@
-var UserModel = require('../models/userModel');
 var { MovieModel, SeriesModel } = require('../models/mediaModel');

 /**
@ -31,14 +30,8 @@ module.exports = {
   */
  create: async function (req, res) {
    const mediaCode = req.body.code;
-    const passp = req.body.pass;
+    const userFound = req.user;
    try {
-
-      const userFound = await UserModel.findOne({ pass: passp });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
-
      const MediaModel = req.baseUrl.includes('movies') ? MovieModel : SeriesModel;
      const mediaFound = await MediaModel.findOne({ code: mediaCode });
      if (mediaFound) {
@ -72,13 +65,8 @@ module.exports = {
   */
  remove: async function (req, res) {
    var id = req.body.code;
-    const passp = req.body.pass;

    try {
-      const userFound = await UserModel.findOne({ pass: passp });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }

      const MediaModel = req.baseUrl.includes('movies') ? MovieModel : SeriesModel;
      const media = await MediaModel.findOneAndDelete({ code: id });
--- a/controllers/userController.js
+++ b/controllers/userController.js
@ -34,12 +34,7 @@ module.exports = {
   * mediaController.delete()
   */
  remove: async function (req, res) {
-    const pass = req.body.password;
    try {
-      const userFound = await UserModel.findOne({ pass: pass });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
      await userFound.remove();
      return res.status(204).json({ message: 'User deleted' });
    } catch (err) {
@ -48,13 +43,7 @@ module.exports = {
  },

  get: async function (req, res) {
-    const pass = req.body.password;
    try {
-      const userFound = await UserModel.findOne({ pass: pass });
-      if (!userFound) {
-        return res.status(404).json({ message: 'Wrong password' });
-      }
-
      const usersFound = await UserModel.find();

      return res.status(200).json(usersFound);
--- a/middleware/checkAuthenticated.js
+++ b/middleware/checkAuthenticated.js
@ -0,0 +1,19 @@
+
+var UserModel = require('../models/userModel');
+
+async function checkAuthenticated(req, res, next) {
+  try{
+    const password = req.body.pass;
+    const userFound = await UserModel.findOne({ pass: password });
+    if (!userFound) {
+      return res.status(404).json({ message: 'Wrong password' });
+    }
+    req.user = userFound;
+    return next();
+  }catch (err) {
+    console.log(err);
+    return res.status(500).json({ message: 'Error when getting transactions.' });
+  }
+}
+
+module.exports = checkAuthenticated;
--- a/routes/api/apiRouter.js
+++ b/routes/api/apiRouter.js
@ -1,5 +1,6 @@
 var express = require('express');
 var router = express.Router();
+const checkAuthenticated = require('../../middleware/checkAuthenticated.js');

 var photosRouter = require('./photoRouter');
 var mediaRouter = require('./mediaRouter');
@ -10,7 +11,7 @@ router.use('/photos', photosRouter);
 router.use('/games', gameRouter);
 router.use('/movies', mediaRouter);
 router.use('/series', mediaRouter);
-router.use('/cash', cashTransactionRouter);
+router.use('/cash', checkAuthenticated, cashTransactionRouter);

 router.get('/', function (req, res, next) {
  res.status(200).json({message: 'API is working'});
--- a/routes/api/gameRouter.js
+++ b/routes/api/gameRouter.js
@ -1,11 +1,12 @@
 var express = require('express');
 var router = express.Router();
 var gameController = require('../../controllers/gameController.js');
+var checkAuthenticated = require('../../middleware/checkAuthenticated.js');

 router.get('/', gameController.list);

-router.post('/', gameController.create);
+router.post('/',checkAuthenticated, gameController.create);

-router.delete('/', gameController.remove);
+router.delete('/',checkAuthenticated, gameController.remove);

 module.exports = router;
--- a/routes/api/mediaRouter.js
+++ b/routes/api/mediaRouter.js
@ -1,11 +1,12 @@
 var express = require('express');
 var router = express.Router();
 var mediaController = require('../../controllers/mediaController.js');
+var checkAuthenticated = require('../../middleware/checkAuthenticated.js');

 router.get('/', mediaController.list);

-router.post('/', mediaController.create);
+router.post('/', checkAuthenticated, mediaController.create);

-router.delete('/', mediaController.remove);
+router.delete('/', checkAuthenticated, mediaController.remove);

 module.exports = router;
--- a/routes/user.js
+++ b/routes/user.js
@ -1,6 +1,7 @@
 var express = require('express');
 var router = express.Router();
 var userController = require('../controllers/userController.js');
+const checkAuthenticated = require('../middleware/checkAuthenticated.js');

 /* GET home page. */
 router.get('/', function (req, res, next) {
@ -9,8 +10,8 @@ router.get('/', function (req, res, next) {

 router.post('/', userController.create);

-router.delete('/', userController.remove);
+router.delete('/', checkAuthenticated, userController.remove);

-router.put('/', userController.get);
+router.put('/', checkAuthenticated, userController.get);

 module.exports = router;