93 done BACK

eb23ea9e · Pavel Mishakov · c1f6e9ad · eb23ea9e · eb23ea9e · eb23ea9e
Commit eb23ea9e authored Apr 04, 2023 by Pavel Mishakov
11 changed files
--- a/package.json
+++ b/package.json
@@ -5,6 +5,7 @@
  "main": "index.js",
  "scripts": {
    "dev": "ts-node-dev --respawn --trace-warnings --transpile-only src/index.ts",
+    "seed": "ts-node-dev --trace-warnings --transpile-only src/fixtures.ts",
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",

--- a/public/uploads/.gitignore
+++ b/public/uploads/.gitignore
 *
-!.gitignore
\ No newline at end of file
+!.gitignore
+!1.jpg
+!2.jpg
\ No newline at end of file
--- a/public/uploads/1.jpg
+++ b/public/uploads/1.jpg
--- a/public/uploads/2.jpg
+++ b/public/uploads/2.jpg
--- a/src/controllers/products.ts
+++ b/src/controllers/products.ts
@@ -3,6 +3,7 @@ import multer from 'multer'
 import { config } from '../index.config'
 import { auth } from '../middlewares/auth'
 import { productService, ProductService } from '../services/products'
+import { permission } from '../middlewares/permission'

 const storage = multer.diskStorage({
    destination(req, file, callback) {
@@ -23,7 +24,7 @@ export class ProductsController {

    constructor() {
        this.router = express.Router()
-        this.router.get('/', auth, this.getProducts)
+        this.router.get('/', permission('USER'), this.getProducts)
        this.router.get('/:id', auth, this.getProductById)
        this.router.post('/', [auth, upload.single('image')], this.addProduct)
        this.router.delete('/:id', auth, this.deleteProductById)

--- a/src/fixtures.ts
+++ b/src/fixtures.ts
+import mongoose from 'mongoose'
+import { User } from './models/mongo/User'
+import { Product } from './models/mongo/Product'
+import dotenv from 'dotenv'
+dotenv.config()
+
+mongoose.connect(process.env.MONGO_CLIENT_URL || '')
+
+const db = mongoose.connection
+
+db.once('open', async () => {
+    try {
+        await db.dropCollection('users')
+        await db.dropCollection('products')
+    } catch(err) {
+        console.log(err)
+    }
+
+    await User.create({
+        username: 'pashamishakov@gmail.com',
+        password: '123'
+    }, {
+        username: 'test@gmail.com',
+        password: '123'
+    })
+
+    await Product.create({
+        product: 'Apple',
+        description: 'This is an apple',
+        price: 100,
+        image: '1.jpg'
+    }, {
+        product: 'Orange',
+        description: 'This is an orange',
+        price: 200,
+        image: '2.jpg'
+    }, {
+        product: 'Dragon fruit',
+        description: 'This is a dragon fruit',
+        price: 300,
+        image: ''
+    },)
+
+    db.close()
+})
\ No newline at end of file
--- a/src/interfaces/IUser.ts
+++ b/src/interfaces/IUser.ts
@@ -5,5 +5,6 @@ export default interface IUser extends Document {
    username: string
    password: string
    active: boolean
+    role?: string
    checkPassword: (pass: string) => boolean
 }
\ No newline at end of file
--- a/src/interfaces/IUserGetDto.ts
+++ b/src/interfaces/IUserGetDto.ts
@@ -4,4 +4,5 @@ export default interface IUserGetDto {
    _id: string
    username: IUSer['username']
    token: string
+    role: string
 }
\ No newline at end of file
--- a/src/middlewares/permission.ts
+++ b/src/middlewares/permission.ts
+import { NextFunction, Request, Response } from "express";
+import { EStatuses } from "../enums/EStatuses";
+import IResponse from "../interfaces/IResponse";
+import jwt from 'jsonwebtoken'
+import IRequestWithTokenData from "../interfaces/IRequestWithTokenData";
+export const permission = (role: string) => {
+    return (expressReq: Request, res: Response, next: NextFunction) => {
+        const req = expressReq as IRequestWithTokenData
+        if (req.method === 'OPTIONS') {
+            next()
+        }
+        try {
+            const data = jwt.verify(req.get('Authorization') || '', process.env.SECRET_KEY || '')
+            if (data && typeof data == 'object' && data.role === role) {
+                req.dataFromToken = data
+                next()
+            } else {
+                const response: IResponse<undefined> = {
+                    status: EStatuses.NOT_OK,
+                    result: undefined,
+                    message: 'Not authorized'
+                }
+                res.status(200).send(response)
+            }
+        } catch {
+            const response: IResponse<undefined> = {
+                status: EStatuses.NOT_OK,
+                result: undefined,
+                message: 'Not authorized'
+            }
+            res.status(200).send(response)
+        }
+    }
+}
\ No newline at end of file
--- a/src/models/mongo/User.ts
+++ b/src/models/mongo/User.ts
@@ -11,6 +11,11 @@ const UserSchema: Schema = new Schema<IUser>({
    password: {
        type: String,
        required: true
+    },
+    role: {
+        type: String,
+        required: true,
+        default: 'USER'
    }
 })


--- a/src/repository/mongo.ts
+++ b/src/repository/mongo.ts
@@ -261,7 +261,8 @@ export class Mongo implements IDataBase {
       const data = {
         _id: user._id,
         username: user.username, 
-         token: generateJWT({_id: user._id, username: user.username}, '2h')
+         token: generateJWT({_id: user._id, username: user.username, role: user.role || ''}, '2h'),
+         role: user.role || ''
       }
       return {
          status: EStatuses.OK,
@@ -288,11 +289,11 @@ export class Mongo implements IDataBase {
       if (!isMatch) {
          throw new Error('Wrong password')
       }
-       console.log('IS MATHC!!!!!!!! ', isMatch)
       const data = {
         _id: user._id,
         username: user.username, 
-         token: generateJWT({_id: user._id, username: user.username}, '2h')
+         token: generateJWT({_id: user._id, username: user.username, role: user.role || ''}, '2h'),
+         role: user.role || ''
       }
       await user.save()
       return {