diff --git a/controllers/cashTransactionController.js b/controllers/cashTransactionController.js index 3696ba7..aa6891b 100644 --- a/controllers/cashTransactionController.js +++ b/controllers/cashTransactionController.js @@ -1,15 +1,10 @@ var cashTransactionModel = require('../models/cashTransactionModel.js'); -var UserModel = require('../models/userModel'); - module.exports = { list: async function (req, res) { - const password = req.body.pass; + try{ - const userFound = await UserModel.findOne({ pass: password }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } + const transactions = await cashTransactionModel.find() const data = { messages: transactions @@ -25,12 +20,6 @@ module.exports = { create: async function (req, res) { const rawString = req.body.messageBody; - const password = req.body.pass; - - const userFound = await UserModel.findOne({ pass: password }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } const transaction = new cashTransactionModel({ raw: rawString, @@ -82,11 +71,6 @@ module.exports = { }, delete: async function (req, res) { - const password = req.body.pass; - const userFound = await UserModel.findOne({ pass: password }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } cashTransactionModel.deleteMany({}) .then(data =>{ res.status(201).json({message:"OK"}); diff --git a/controllers/gameController.js b/controllers/gameController.js index b646a22..50bb088 100644 --- a/controllers/gameController.js +++ b/controllers/gameController.js @@ -1,4 +1,3 @@ -var UserModel = require('../models/userModel'); var { GameModel } = require('../models/mediaModel'); @@ -21,15 +20,9 @@ module.exports = { create: async function (req, res) { var gameCode = req.body.code; - const passp = req.body.pass; + const userFound = req.user; try { - - const userFound = await UserModel.findOne({ pass: passp }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } - const gameFound = await GameModel.findOne({ code: gameCode }); if (gameFound) { return res.status(409).json({ message: 'Game already exists' }); @@ -93,14 +86,8 @@ module.exports = { remove: async function (req, res) { var id = req.body.code; - const passp = req.body.pass; try { - const userFound = await UserModel.findOne({ pass: passp }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } - const movie = await GameModel.findOneAndDelete({ code: id }); if (!movie) { return res.status(404).json({ message: 'No such game' }); diff --git a/controllers/mediaController.js b/controllers/mediaController.js index c3c7c5b..f6fdc09 100644 --- a/controllers/mediaController.js +++ b/controllers/mediaController.js @@ -1,4 +1,3 @@ -var UserModel = require('../models/userModel'); var { MovieModel, SeriesModel } = require('../models/mediaModel'); /** @@ -31,14 +30,8 @@ module.exports = { */ create: async function (req, res) { const mediaCode = req.body.code; - const passp = req.body.pass; + const userFound = req.user; try { - - const userFound = await UserModel.findOne({ pass: passp }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } - const MediaModel = req.baseUrl.includes('movies') ? MovieModel : SeriesModel; const mediaFound = await MediaModel.findOne({ code: mediaCode }); if (mediaFound) { @@ -72,13 +65,8 @@ module.exports = { */ remove: async function (req, res) { var id = req.body.code; - const passp = req.body.pass; try { - const userFound = await UserModel.findOne({ pass: passp }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } const MediaModel = req.baseUrl.includes('movies') ? MovieModel : SeriesModel; const media = await MediaModel.findOneAndDelete({ code: id }); diff --git a/controllers/userController.js b/controllers/userController.js index 73f0fc3..57d40a3 100644 --- a/controllers/userController.js +++ b/controllers/userController.js @@ -34,12 +34,7 @@ module.exports = { * mediaController.delete() */ remove: async function (req, res) { - const pass = req.body.password; try { - const userFound = await UserModel.findOne({ pass: pass }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } await userFound.remove(); return res.status(204).json({ message: 'User deleted' }); } catch (err) { @@ -48,13 +43,7 @@ module.exports = { }, get: async function (req, res) { - const pass = req.body.password; try { - const userFound = await UserModel.findOne({ pass: pass }); - if (!userFound) { - return res.status(404).json({ message: 'Wrong password' }); - } - const usersFound = await UserModel.find(); return res.status(200).json(usersFound); diff --git a/middleware/checkAuthenticated.js b/middleware/checkAuthenticated.js new file mode 100644 index 0000000..e86c905 --- /dev/null +++ b/middleware/checkAuthenticated.js @@ -0,0 +1,19 @@ + +var UserModel = require('../models/userModel'); + +async function checkAuthenticated(req, res, next) { + try{ + const password = req.body.pass; + const userFound = await UserModel.findOne({ pass: password }); + if (!userFound) { + return res.status(404).json({ message: 'Wrong password' }); + } + req.user = userFound; + return next(); + }catch (err) { + console.log(err); + return res.status(500).json({ message: 'Error when getting transactions.' }); + } +} + +module.exports = checkAuthenticated; \ No newline at end of file diff --git a/routes/api/apiRouter.js b/routes/api/apiRouter.js index 52b2c26..f13f7b2 100644 --- a/routes/api/apiRouter.js +++ b/routes/api/apiRouter.js @@ -1,5 +1,6 @@ var express = require('express'); var router = express.Router(); +const checkAuthenticated = require('../../middleware/checkAuthenticated.js'); var photosRouter = require('./photoRouter'); var mediaRouter = require('./mediaRouter'); @@ -10,7 +11,7 @@ router.use('/photos', photosRouter); router.use('/games', gameRouter); router.use('/movies', mediaRouter); router.use('/series', mediaRouter); -router.use('/cash', cashTransactionRouter); +router.use('/cash', checkAuthenticated, cashTransactionRouter); router.get('/', function (req, res, next) { res.status(200).json({message: 'API is working'}); diff --git a/routes/api/gameRouter.js b/routes/api/gameRouter.js index 39b06e4..c8b72d4 100644 --- a/routes/api/gameRouter.js +++ b/routes/api/gameRouter.js @@ -1,11 +1,12 @@ var express = require('express'); var router = express.Router(); var gameController = require('../../controllers/gameController.js'); +var checkAuthenticated = require('../../middleware/checkAuthenticated.js'); router.get('/', gameController.list); -router.post('/', gameController.create); +router.post('/',checkAuthenticated, gameController.create); -router.delete('/', gameController.remove); +router.delete('/',checkAuthenticated, gameController.remove); module.exports = router; \ No newline at end of file diff --git a/routes/api/mediaRouter.js b/routes/api/mediaRouter.js index 6217e36..3f15bc1 100644 --- a/routes/api/mediaRouter.js +++ b/routes/api/mediaRouter.js @@ -1,11 +1,12 @@ var express = require('express'); var router = express.Router(); var mediaController = require('../../controllers/mediaController.js'); +var checkAuthenticated = require('../../middleware/checkAuthenticated.js'); router.get('/', mediaController.list); -router.post('/', mediaController.create); +router.post('/', checkAuthenticated, mediaController.create); -router.delete('/', mediaController.remove); +router.delete('/', checkAuthenticated, mediaController.remove); module.exports = router; \ No newline at end of file diff --git a/routes/user.js b/routes/user.js index 7ac0619..e9c3b95 100644 --- a/routes/user.js +++ b/routes/user.js @@ -1,6 +1,7 @@ var express = require('express'); var router = express.Router(); var userController = require('../controllers/userController.js'); +const checkAuthenticated = require('../middleware/checkAuthenticated.js'); /* GET home page. */ router.get('/', function (req, res, next) { @@ -9,8 +10,8 @@ router.get('/', function (req, res, next) { router.post('/', userController.create); -router.delete('/', userController.remove); +router.delete('/', checkAuthenticated, userController.remove); -router.put('/', userController.get); +router.put('/', checkAuthenticated, userController.get); module.exports = router; \ No newline at end of file