From 0d36c5cf947b0fbf75108580c74875004e93cb44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Malak?= Date: Thu, 11 Nov 2021 16:43:00 +0100 Subject: [PATCH] Backend: auth for bookmarks and categories --- controllers/bookmarks/getAllBookmarks.js | 4 ++++ controllers/bookmarks/getSingleBookmark.js | 4 +++- controllers/categories/getAllCategories.js | 7 +++++++ controllers/categories/getSingleCategory.js | 5 ++++- routes/bookmark.js | 15 ++++++++++----- routes/category.js | 16 +++++++++++----- 6 files changed, 39 insertions(+), 12 deletions(-) diff --git a/controllers/bookmarks/getAllBookmarks.js b/controllers/bookmarks/getAllBookmarks.js index c4d8dde..aece14b 100644 --- a/controllers/bookmarks/getAllBookmarks.js +++ b/controllers/bookmarks/getAllBookmarks.js @@ -6,8 +6,12 @@ const { Sequelize } = require('sequelize'); // @route GET /api/bookmarks // @access Public const getAllBookmarks = asyncWrapper(async (req, res, next) => { + // bookmarks visibility + const where = req.isAuthenticated ? {} : { isPublic: true }; + const bookmarks = await Bookmark.findAll({ order: [[Sequelize.fn('lower', Sequelize.col('name')), 'ASC']], + where, }); res.status(200).json({ diff --git a/controllers/bookmarks/getSingleBookmark.js b/controllers/bookmarks/getSingleBookmark.js index 18c0cbf..71b9614 100644 --- a/controllers/bookmarks/getSingleBookmark.js +++ b/controllers/bookmarks/getSingleBookmark.js @@ -6,8 +6,10 @@ const Bookmark = require('../../models/Bookmark'); // @route GET /api/bookmarks/:id // @access Public const getSingleBookmark = asyncWrapper(async (req, res, next) => { + const visibility = req.isAuthenticated ? {} : { isPublic: true }; + const bookmark = await Bookmark.findOne({ - where: { id: req.params.id }, + where: { id: req.params.id, ...visibility }, }); if (!bookmark) { diff --git a/controllers/categories/getAllCategories.js b/controllers/categories/getAllCategories.js index 597bfcc..935ee44 100644 --- a/controllers/categories/getAllCategories.js +++ b/controllers/categories/getAllCategories.js @@ -12,15 +12,20 @@ const getAllCategories = asyncWrapper(async (req, res, next) => { let categories; + // categories visibility + const where = req.isAuthenticated ? {} : { isPublic: true }; + if (orderType == 'name') { categories = await Category.findAll({ include: [ { model: Bookmark, as: 'bookmarks', + where, }, ], order: [[Sequelize.fn('lower', Sequelize.col('Category.name')), 'ASC']], + where, }); } else { categories = await Category.findAll({ @@ -28,9 +33,11 @@ const getAllCategories = asyncWrapper(async (req, res, next) => { { model: Bookmark, as: 'bookmarks', + where, }, ], order: [[orderType, 'ASC']], + where, }); } diff --git a/controllers/categories/getSingleCategory.js b/controllers/categories/getSingleCategory.js index 084362b..8eb5fb2 100644 --- a/controllers/categories/getSingleCategory.js +++ b/controllers/categories/getSingleCategory.js @@ -7,12 +7,15 @@ const Bookmark = require('../../models/Bookmark'); // @route GET /api/categories/:id // @access Public const getSingleCategory = asyncWrapper(async (req, res, next) => { + const visibility = req.isAuthenticated ? {} : { isPublic: true }; + const category = await Category.findOne({ - where: { id: req.params.id }, + where: { id: req.params.id, ...visibility }, include: [ { model: Bookmark, as: 'bookmarks', + where: visibility, }, ], }); diff --git a/routes/bookmark.js b/routes/bookmark.js index f7e541b..ea1a344 100644 --- a/routes/bookmark.js +++ b/routes/bookmark.js @@ -1,6 +1,8 @@ const express = require('express'); const router = express.Router(); -const upload = require('../middleware/multer'); + +// middleware +const { upload, auth, requireAuth } = require('../middleware'); const { createBookmark, @@ -10,12 +12,15 @@ const { deleteBookmark, } = require('../controllers/bookmarks'); -router.route('/').post(upload, createBookmark).get(getAllBookmarks); +router + .route('/') + .post(auth, requireAuth, upload, createBookmark) + .get(auth, getAllBookmarks); router .route('/:id') - .get(getSingleBookmark) - .put(upload, updateBookmark) - .delete(deleteBookmark); + .get(auth, getSingleBookmark) + .put(auth, requireAuth, upload, updateBookmark) + .delete(auth, requireAuth, deleteBookmark); module.exports = router; diff --git a/routes/category.js b/routes/category.js index b7527c8..0b2e428 100644 --- a/routes/category.js +++ b/routes/category.js @@ -1,6 +1,9 @@ const express = require('express'); const router = express.Router(); +// middleware +const { auth, requireAuth } = require('../middleware'); + const { createCategory, getAllCategories, @@ -10,14 +13,17 @@ const { reorderCategories, } = require('../controllers/categories'); -router.route('/').post(createCategory).get(getAllCategories); +router + .route('/') + .post(auth, requireAuth, createCategory) + .get(auth, getAllCategories); router .route('/:id') - .get(getSingleCategory) - .put(updateCategory) - .delete(deleteCategory); + .get(auth, getSingleCategory) + .put(auth, requireAuth, updateCategory) + .delete(auth, requireAuth, deleteCategory); -router.route('/0/reorder').put(reorderCategories); +router.route('/0/reorder').put(auth, requireAuth, reorderCategories); module.exports = router;