From e6a851543210e4b46e2fa047cb9e84cc992054b2 Mon Sep 17 00:00:00 2001
From: KevinMidboe <kevin.midboe@gmail.com>
Date: Tue, 6 Mar 2018 19:12:21 +0100
Subject: [PATCH] Now we can check if user is admin. This has to be set
 manually and now only is used for fetching torrents.

---
 seasoned_api/src/database/schemas/setup.sql   |  1 +
 .../src/webserver/middleware/mustBeAdmin.js   | 26 +++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 seasoned_api/src/webserver/middleware/mustBeAdmin.js

diff --git a/seasoned_api/src/database/schemas/setup.sql b/seasoned_api/src/database/schemas/setup.sql
index 9b54acd..83b11d7 100644
--- a/seasoned_api/src/database/schemas/setup.sql
+++ b/seasoned_api/src/database/schemas/setup.sql
@@ -2,6 +2,7 @@ CREATE TABLE IF NOT EXISTS user (
     user_name varchar(127) UNIQUE,
     password varchar(127),
     email varchar(127) UNIQUE,
+    admin boolean DEFAULT 0,
     primary key (user_name)
 );
 
diff --git a/seasoned_api/src/webserver/middleware/mustBeAdmin.js b/seasoned_api/src/webserver/middleware/mustBeAdmin.js
new file mode 100644
index 0000000..9d35d53
--- /dev/null
+++ b/seasoned_api/src/webserver/middleware/mustBeAdmin.js
@@ -0,0 +1,26 @@
+const establishedDatabase = require('src/database/database');
+
+const mustBeAdmin = (req, res, next) => {
+   let database = establishedDatabase;
+
+   if (req.loggedInUser === undefined) {
+      return res.status(401).send({
+         success: false,
+         error: 'You must be logged in.',
+      });
+   } else {
+      database.get(`SELECT admin FROM user WHERE user_name IS ?`, req.loggedInUser.username)
+      .then((isAdmin) => {
+         if (isAdmin.admin == 0) {
+            return res.status(401).send({
+               success: false,
+               error: 'You must be logged in as a admin.'
+            })
+         }
+      })
+   }
+
+   return next();
+};
+
+module.exports = mustBeAdmin;