Now we can check if user is admin. This has to be set manually and now only is used for fetching torrents.
This commit is contained in:
@@ -2,6 +2,7 @@ CREATE TABLE IF NOT EXISTS user (
|
|||||||
user_name varchar(127) UNIQUE,
|
user_name varchar(127) UNIQUE,
|
||||||
password varchar(127),
|
password varchar(127),
|
||||||
email varchar(127) UNIQUE,
|
email varchar(127) UNIQUE,
|
||||||
|
admin boolean DEFAULT 0,
|
||||||
primary key (user_name)
|
primary key (user_name)
|
||||||
);
|
);
|
||||||
|
|
||||||
|
|||||||
26
seasoned_api/src/webserver/middleware/mustBeAdmin.js
Normal file
26
seasoned_api/src/webserver/middleware/mustBeAdmin.js
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
const establishedDatabase = require('src/database/database');
|
||||||
|
|
||||||
|
const mustBeAdmin = (req, res, next) => {
|
||||||
|
let database = establishedDatabase;
|
||||||
|
|
||||||
|
if (req.loggedInUser === undefined) {
|
||||||
|
return res.status(401).send({
|
||||||
|
success: false,
|
||||||
|
error: 'You must be logged in.',
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
database.get(`SELECT admin FROM user WHERE user_name IS ?`, req.loggedInUser.username)
|
||||||
|
.then((isAdmin) => {
|
||||||
|
if (isAdmin.admin == 0) {
|
||||||
|
return res.status(401).send({
|
||||||
|
success: false,
|
||||||
|
error: 'You must be logged in as a admin.'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
return next();
|
||||||
|
};
|
||||||
|
|
||||||
|
module.exports = mustBeAdmin;
|
||||||
Reference in New Issue
Block a user