1 files changed, 34 insertions, 1 deletions
diff --git a/src/auth.js b/src/auth.js
index f907e6c..78e3dea 100644
--- a/src/auth.js
+++ b/src/auth.js
@@ -1,4 +1,5 @@
 const jwt = require("jsonwebtoken");
+const { db } = require("./db");
 const { JWT_KEY } = require("./");
 function authenticateToken(req, res, next) {
@@ -24,4 +25,36 @@ function authenticateToken(req, res, next) {
        }
 }
-module.exports = { authenticateToken };
+function authenticateAdmin(req, res, next) {
+        if (!req.cookies || !req.cookies.auth_token) {
+                return res.redirect("/login");
+        }
+        const token = req.cookies.auth_token;
+        // If no token, deny access
+        if (!token) {
+                return res.redirect(
+                        `/login?redirect=${encodeURIComponent(req.originalUrl)}`,
+                );
+        }
+        try {
+                const user = jwt.verify(token, JWT_KEY);
+                req.user = user;
+                const isAdmin = db
+                        .query("SELECT isAdmin FROM users WHERE id = $id and isAdmin = 1")
+                        .get({
+                                id: req.user.id,
+                        });
+                if (isAdmin) {
+                        next();
+                } else {
+                        res.status(400).send("only admins can invite");
+                }
+        } catch (error) {
+                res.send(`failed to authenticate as admin: ${error}`);
+        }
+}
+module.exports = { authenticateToken, authenticateAdmin };

diff --git a/src/auth.js b/src/auth.js index f907e6c..78e3dea 100644 --- a/src/auth.js +++ b/src/auth.js
@@ -1,4 +1,5 @@
1	const jwt = require("jsonwebtoken");	1	const jwt = require("jsonwebtoken");
		2	const { db } = require("./db");
2	const { JWT_KEY } = require("./");	3	const { JWT_KEY } = require("./");
3		4
4	function authenticateToken(req, res, next) {	5	function authenticateToken(req, res, next) {
@@ -24,4 +25,36 @@ function authenticateToken(req, res, next) {
24	}	25	}
25	}	26	}
26		27
27	module.exports = { authenticateToken };	28	function authenticateAdmin(req, res, next) {
		29	if (!req.cookies \|\| !req.cookies.auth_token) {
		30	return res.redirect("/login");
		31	}
		32
		33	const token = req.cookies.auth_token;
		34
		35	// If no token, deny access
		36	if (!token) {
		37	return res.redirect(
		38	`/login?redirect=${encodeURIComponent(req.originalUrl)}`,
		39	);
		40	}
		41
		42	try {
		43	const user = jwt.verify(token, JWT_KEY);
		44	req.user = user;
		45	const isAdmin = db
		46	.query("SELECT isAdmin FROM users WHERE id = $id and isAdmin = 1")
		47	.get({
		48	id: req.user.id,
		49	});
		50	if (isAdmin) {
		51	next();
		52	} else {
		53	res.status(400).send("only admins can invite");
		54	}
		55	} catch (error) {
		56	res.send(`failed to authenticate as admin: ${error}`);
		57	}
		58	}
		59
		60	module.exports = { authenticateToken, authenticateAdmin };