lesson 6 source code push

HeyMehedi · Jun 1, 2021 · 9726b26 · 9726b26
1 parent c7a3316
commit 9726b26
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 <br />
 <p align="center">
-  <h3 align="center"><a href="https://github.com/learnwithsumit/chat-application/tree/lesson-5">Lesson - 5 - Node.js Chat Application in Express.js, MongoDB & EJS template engine</a></h3>
+  <h3 align="center"><a href="https://github.com/learnwithsumit/chat-application/tree/lesson-6">Lesson - 6 - Node.js Chat Application in Express.js, MongoDB & EJS template engine</a></h3>
 
 A full stack Node.js project described in Bangla. Please check the video tutorial by clicking the image below -
 
@@ -29,9 +29,9 @@ Please follow the below instructions to run this project in your machine:
    git clone https://github.com/learnwithsumit/chat-application.git
    ```
 2. Watch the youtube tutorial on this topic - https://youtu.be/N3vG6Yt-e6k.
-3. Check out to lesson-5 branch with the below command
+3. Check out to lesson-6 branch with the below command
    ```sh
-   git checkout lesson-5
+   git checkout lesson-6
    ```
 4. Run npm install
 5. Then rename the .env.example file to ".env" and change values as per your need

diff --git a/middlewares/common/checkLogin.js b/middlewares/common/checkLogin.js
@@ -1,4 +1,5 @@
 const jwt = require("jsonwebtoken");
+const createError = require("http-errors");
 
 // auth guard to protect routes that need authentication
 const checkLogin = (req, res, next) => {
@@ -52,7 +53,29 @@ const redirectLoggedIn = function (req, res, next) {
   }
 };
 
+// guard to protect routes that need role based authorization
+function requireRole(role) {
+  return function (req, res, next) {
+    if (req.user.role && role.includes(req.user.role)) {
+      next();
+    } else {
+      if (res.locals.html) {
+        next(createError(401, "You are not authorized to access this page!"));
+      } else {
+        res.status(401).json({
+          errors: {
+            common: {
+              msg: "You are not authorized!",
+            },
+          },
+        });
+      }
+    }
+  };
+}
+
 module.exports = {
   checkLogin,
   redirectLoggedIn,
+  requireRole,
 };
diff --git a/router/usersRouter.js b/router/usersRouter.js
@@ -15,24 +15,31 @@ const {
   addUserValidationHandler,
 } = require("../middlewares/users/userValidators");
 
-const { checkLogin } = require("../middlewares/common/checkLogin");
+const { checkLogin, requireRole } = require("../middlewares/common/checkLogin");
 
 const router = express.Router();
 
 // users page
-router.get("/", decorateHtmlResponse("Users"), checkLogin, getUsers);
+router.get(
+  "/",
+  decorateHtmlResponse("Users"),
+  checkLogin,
+  requireRole(["admin"]),
+  getUsers
+);
 
 // add user
 router.post(
   "/",
   checkLogin,
+  requireRole(["admin"]),
   avatarUpload,
   addUserValidators,
   addUserValidationHandler,
   addUser
 );
 
 // remove user
-router.delete("/:id", removeUser);
+router.delete("/:id", checkLogin, requireRole(["admin"]), removeUser);
 
 module.exports = router;