me
/
score-tracker
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Require admin for certain pages

main
sudoer777 2021-11-24 21:40:33 -07:00
parent 24197d9bff
commit 4828ef2c7c
2 changed files with 33 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
database/accounts/accounts.js
View File

@ -45,13 +45,13 @@ passport.deserializeUser((id, cb) => {
async function createUser(email, password) {
async function createUser(email, password, isAdmin) {
const salt = bcrypt.genSaltSync();
const hash = bcrypt.hashSync(password, salt);
const query = `INSERT INTO accounts.users(email, password)
VALUES($1, $2)`;
await database.executeQuery(query, [email, hash]);
const query = `INSERT INTO accounts.users(email, password, admin)
VALUES($1, $2, $3)`;
await database.executeQuery(query, [email, hash, isAdmin]);
}
exports.createUser = createUser;

40
routes/manage.js
View File

@ -8,18 +8,36 @@ var divisions = require('../database/scores/divisions');
var genders = require('../database/scores/genders');
var teams = require('../database/scores/teams');
function userLoggedIn(req, res, next) {
if (req.user) {
next();
}
else {
res.redirect('/auth/login');
}
}
router.get('/', function(req, res, next) {
function adminLoggedIn(req, res, next) {
if (req.user && req.user[2]) {
next();
}
else {
res.send('UNAUTHORIZED');
}
}
router.get('/' ,userLoggedIn, function(req, res, next) {
res.render('manage', { title: 'Score Management' });
});
router.get('/game', function(req, res, next) {
router.get('/game', userLoggedIn, function(req, res, next) {
let title = req.query.game ? 'Edit Game' : 'Submit Score'
res.render('manage/addgame', { title });
});
router.post('/game', function(req, res, next) {
router.post('/game', userLoggedIn, function(req, res, next) {
const seasonID = req.body['year'];
const sportID = req.body['sport'];
const gender = (req.body['gender'] == "female") ? genders.FEMALE : genders.MALE;
@ -41,11 +59,11 @@ router.post('/game', function(req, res, next) {
.then(res.redirect("/manage"));
});
router.get('/season', function(req, res, next) {
router.get('/season', adminLoggedIn, function(req, res, next) {
res.render('manage/addseason', { title: 'Add Season', currentYear : (new Date()).getFullYear() });
});
router.post('/season', function(req, res, next) {
router.post('/season', adminLoggedIn, function(req, res, next) {
const year = req.body['year'];
const seasonID = req.body['season'];
@ -55,11 +73,11 @@ router.post('/season', function(req, res, next) {
else seasons.add(year).then(res.redirect("/manage"));
});
router.get('/sport', function(req, res, next) {
router.get('/sport', adminLoggedIn, function(req, res, next) {
res.render('manage/addsport', { title: 'Add Sport' });
});
router.post('/sport', function(req, res, next) {
router.post('/sport', adminLoggedIn, function(req, res, next) {
const name = req.body['name'];
const id = req.body['sport'];
const remove = req.body['remove'];
@ -69,13 +87,13 @@ router.post('/sport', function(req, res, next) {
else sports.add(name).then(res.redirect('/manage'));
});
router.get('/division', function(req, res, next) {
router.get('/division', adminLoggedIn, function(req, res, next) {
let title = req.query.division ? 'Edit Division' : 'Add Division'
res.render('manage/adddivision', { title });
});
router.post('/division', function(req, res, next) {
router.post('/division', adminLoggedIn, function(req, res, next) {
const name = req.body['name'];
const sport = req.body['sport'];
const genderName = req.body['gender'];
@ -100,13 +118,13 @@ router.post('/division', function(req, res, next) {
}
});
router.get('/team', function(req, res, next) {
router.get('/team', adminLoggedIn, function(req, res, next) {
let title = req.query.team ? 'Edit Team' : 'Add Team'
res.render('manage/addteam', { title });
});
router.post('/team', function(req, res, next) {
router.post('/team', adminLoggedIn, function(req, res, next) {
const name = req.body['name'];
const sport = req.body['sport'];