lucien/tanuki-s-forum
1
0
Fork 0
generated from lucien/api-template
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add: added an auth middleware to simplify code

Browse source
This commit is contained in:
Lukian 2025-04-03 12:30:17 +02:00
parent c34df6609c
commit e0efe57f5c
9 changed files with 104 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

49
back/api/channels.js
View file

@ -1,6 +1,7 @@
const express = require('express');
const jwt = require('jsonwebtoken');
const { getConnection, getUser, getChannels, getChannel, addChannel, getMessages, addMessage, deleteMessage, getLastMessages } = require('../libs/mysql');
const { checkAuth } = require('../libs/middlewares');
const router = express.Router();
@ -36,53 +37,48 @@ router.get('/:name/messages', async (req, res) => {
res.send(messages);
});
router.use('/:name/messages/send', checkAuth);
router.post('/:name/messages/send', async (req, res) => {
const { token, message } = req.body;
const { message } = req.body;
const name = req.params.name;
const connection = await getConnection();
const user = req.user;
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await getUser(connection, decoded.id);
if (!user[0]) {
connection.end();
return res.status(401).send({ error: 'Invalid token' });
if (!message) {
return res.status(400).send({ error: 'Missing parameters' });
}
const connection = await getConnection();
const channel = await getChannel(connection, name);
if (!channel[0]) {
connection.end();
return res.send('No channel found');
}
await addMessage(connection, channel[0].id, user[0].id, message.replace("\"", "'"));
await addMessage(connection, channel[0].id, user.id, message.replace("\"", "'"));
connection.end();
res.send({ message: 'Message sent' });
});
router.use('/:name/messages', checkAuth);
router.post('/:name/messages/delete', async (req, res) => {
const { token, message_id } = req.body;
const { message_id } = req.body;
const name = req.params.name;
const user = req.user;
if (!message_id || !token) {
return res.status(400).send({ error: 'Missing parameters' });
if (!message_id) {
return res.status(400).send({ error: 'Missing message_id' });
}
const connection = await getConnection();
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await getUser(connection, decoded.id);
if (!user[0]) {
connection.end();
return res.status(401).send({ error: 'Invalid token' });
}
const channel = await getChannel(connection, name);
if (!channel[0]) {
connection.end();
return res.status(400).send({ error: 'No channel found' });
}
if (user[0].id !== channel[0].owner_id && user[0].id !== message_id && user[0].admin !== 1) {
if (user.id !== channel[0].owner_id && user.id !== message_id && user.admin !== 1) {
connection.end();
return res.status(401).send({ error: 'Unauthorized' });
}
@ -92,22 +88,17 @@ router.post('/:name/messages/delete', async (req, res) => {
res.send({ message: 'Message deleted' });
});
router.use('/add', checkAuth);
router.post('/add', async (req, res) => {
const { name, description, token } = req.body;
const { name, description } = req.body;
const user = req.user;
if (!name || !description || !token) {
if (!name || !description) {
return res.status(400).send({ error: 'Missing parameters' });
}
const connection = await getConnection();
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await getUser(connection, decoded.id);
if (!user[0]) {
connection.end();
return res.status(401).send({ error: 'Invalid token' });
}
const channel = await getChannel(connection, name);
if (channel[0]) {
connection.end();
@ -119,7 +110,7 @@ router.post('/add', async (req, res) => {
return res.status(400).send({ error: 'Invalid channel name' });
}
await addChannel(connection, name, description, user[0].id);
await addChannel(connection, name, description, user.id);
connection.end();
res.send({ message: 'Channel added' });
});