From 4828ef2c7c77fa27542e83bff753bd093a285ea1 Mon Sep 17 00:00:00 2001 From: sudoer777 <78781902+sudoer777@users.noreply.github.com> Date: Wed, 24 Nov 2021 21:40:33 -0700 Subject: [PATCH] Require admin for certain pages --- database/accounts/accounts.js | 8 +++---- routes/manage.js | 40 +++++++++++++++++++++++++---------- 2 files changed, 33 insertions(+), 15 deletions(-) diff --git a/database/accounts/accounts.js b/database/accounts/accounts.js index 6f000c9..6fc0d62 100644 --- a/database/accounts/accounts.js +++ b/database/accounts/accounts.js @@ -45,13 +45,13 @@ passport.deserializeUser((id, cb) => { -async function createUser(email, password) { +async function createUser(email, password, isAdmin) { const salt = bcrypt.genSaltSync(); const hash = bcrypt.hashSync(password, salt); - const query = `INSERT INTO accounts.users(email, password) - VALUES($1, $2)`; - await database.executeQuery(query, [email, hash]); + const query = `INSERT INTO accounts.users(email, password, admin) + VALUES($1, $2, $3)`; + await database.executeQuery(query, [email, hash, isAdmin]); } exports.createUser = createUser; diff --git a/routes/manage.js b/routes/manage.js index 16f8ca4..7fbd517 100644 --- a/routes/manage.js +++ b/routes/manage.js @@ -8,18 +8,36 @@ var divisions = require('../database/scores/divisions'); var genders = require('../database/scores/genders'); var teams = require('../database/scores/teams'); +function userLoggedIn(req, res, next) { + if (req.user) { + next(); + } + else { + res.redirect('/auth/login'); + } +} -router.get('/', function(req, res, next) { +function adminLoggedIn(req, res, next) { + if (req.user && req.user[2]) { + next(); + } + else { + res.send('UNAUTHORIZED'); + } +} + + +router.get('/' ,userLoggedIn, function(req, res, next) { res.render('manage', { title: 'Score Management' }); }); -router.get('/game', function(req, res, next) { +router.get('/game', userLoggedIn, function(req, res, next) { let title = req.query.game ? 'Edit Game' : 'Submit Score' res.render('manage/addgame', { title }); }); -router.post('/game', function(req, res, next) { +router.post('/game', userLoggedIn, function(req, res, next) { const seasonID = req.body['year']; const sportID = req.body['sport']; const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE; @@ -41,11 +59,11 @@ router.post('/game', function(req, res, next) { .then(res.redirect("/manage")); }); -router.get('/season', function(req, res, next) { +router.get('/season', adminLoggedIn, function(req, res, next) { res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear() }); }); -router.post('/season', function(req, res, next) { +router.post('/season', adminLoggedIn, function(req, res, next) { const year = req.body['year']; const seasonID = req.body['season']; @@ -55,11 +73,11 @@ router.post('/season', function(req, res, next) { else seasons.add(year).then(res.redirect("/manage")); }); -router.get('/sport', function(req, res, next) { +router.get('/sport', adminLoggedIn, function(req, res, next) { res.render('manage/addsport', { title: 'Add Sport' }); }); -router.post('/sport', function(req, res, next) { +router.post('/sport', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const id = req.body['sport']; const remove = req.body['remove']; @@ -69,13 +87,13 @@ router.post('/sport', function(req, res, next) { else sports.add(name).then(res.redirect('/manage')); }); -router.get('/division', function(req, res, next) { +router.get('/division', adminLoggedIn, function(req, res, next) { let title = req.query.division ? 'Edit Division' : 'Add Division' res.render('manage/adddivision', { title }); }); -router.post('/division', function(req, res, next) { +router.post('/division', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const sport = req.body['sport']; const genderName = req.body['gender']; @@ -100,13 +118,13 @@ router.post('/division', function(req, res, next) { } }); -router.get('/team', function(req, res, next) { +router.get('/team', adminLoggedIn, function(req, res, next) { let title = req.query.team ? 'Edit Team' : 'Add Team' res.render('manage/addteam', { title }); }); -router.post('/team', function(req, res, next) { +router.post('/team', adminLoggedIn, function(req, res, next) { const name = req.body['name']; const sport = req.body['sport'];