diff --git a/middleware/auth.js b/middleware/auth.js index 016483db..e76b4a6f 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -2,25 +2,36 @@ import jwt from "jsonwebtoken"; import util from "#util"; async function authenticateToken(req, res, next) { - const authHeader = req.headers.authorization; - const token = authHeader && authHeader.split(" ")[1]; - if (token == null) return res.sendStatus(401); - try { - const payload = jwt.verify(token, process.env.TOKEN_SECRET); - const decryptedIP = util.decrypt(payload.ip); - if (decryptedIP !== req.ip) { + if (process.env.STATE === "Development") { + return next(); + } + const authHeader = req.headers.authorization || req.headers.Authorization; + // Inside header when we are going to provide the value for key authentication we have + // to start it with 'Bearer acesstoken' + if (authHeader && authHeader.startsWith("Bearer")) { + const token = authHeader.split(" ")[1]; + if (token == null) return res.sendStatus(401); + try { + const payload = jwt.verify(token, process.env.TOKEN_SECRET); + const decryptedIP = util.decrypt(payload.ip); + if (decryptedIP !== req.ip) { + res.status(403); + res.send({ err: "Unauthorized" }); + } + + req.user = payload.data; + next(); + return true; + } catch (error) { res.status(403); res.send({ err: "Unauthorized" }); + return false; } - - req.user = payload.data; - next(); - return true; - } catch (error) { - res.status(403); - res.send({ err: "Unauthorized" }); - return false; + } else { + res.json({ + msg: "Kindly login", + }); } + return null; } - -export default { authenticateToken }; +export default authenticateToken; diff --git a/middleware/authorization.js b/middleware/authorization.js new file mode 100644 index 00000000..75d1581b --- /dev/null +++ b/middleware/authorization.js @@ -0,0 +1,14 @@ +function authorization(access = []) { + return (req, res, next) => { + // remove this in production + if (process.env.STATE === "Development") { + return next(); + } + if (!req.user) return res.json({ msg: "kindly login first" }); + if (!access.includes(req.user.type)) + return res.json({ msg: "Unauthorized request" }); + return next(); + }; +} + +export default authorization; diff --git a/models/user.js b/models/user.js index 38ecbe62..0e1bd333 100644 --- a/models/user.js +++ b/models/user.js @@ -7,7 +7,13 @@ const userSchema = { emailId: { type: String, unique: true, required: true }, password: { type: String, required: true }, uid: { type: String, unique: true, required: true }, - userType: { type: String, required: true }, + userType: { + type: String, + required: true, + enum: ["ADMIN", "FACULTY", "EMPLOYEE", "STUDENT"], + default: "ADMIN", + // for now we are keeping the default usertype as ADMIN + }, }; const User = connector.model("User", userSchema); @@ -18,9 +24,7 @@ async function remove(filter) { } async function create(userData) { - const { - name, password, emailId, uid, userType, - } = userData; + const { name, password, emailId, uid, userType } = userData; const hashedPassword = await hashPassword(password); const user = new User({ name, @@ -39,10 +43,17 @@ async function read(filter, limit = 1) { } async function update(filter, updateObject, options = { multi: true }) { - const updateResult = await User.updateMany(filter, { $set: updateObject }, options); + const updateResult = await User.updateMany( + filter, + { $set: updateObject }, + options, + ); return updateResult.acknowledged; } export default { - create, read, update, remove, + create, + read, + update, + remove, }; diff --git a/routes/accreditation.js b/routes/accreditation.js index c39b85bd..b8613b1e 100644 --- a/routes/accreditation.js +++ b/routes/accreditation.js @@ -1,9 +1,21 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import accreditationController from "#controller/accreditation"; const router = express.Router(); -router.get("/list", accreditationController.showAccreditation); -router.post("/add", accreditationController.addAccreditation); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + accreditationController.showAccreditation, +); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN"]), + accreditationController.addAccreditation, +); router.delete("/delete/:id", accreditationController.deleteAccreditation); router.post("/update/:id", accreditationController.updateAccreditation); diff --git a/routes/activity.js b/routes/activity.js index f5c40a24..1d68d36d 100644 --- a/routes/activity.js +++ b/routes/activity.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import activityController from "#controller/activity"; -const router=express.Router(); -router.post("/add",activityController.addActivity); -router.get("/list",activityController.getActivity); -router.post("/update/:id",activityController.updateActivity); -router.delete("/delete/:id",activityController.deleteActivity); +const router = express.Router(); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + activityController.addActivity, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + activityController.getActivity, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + activityController.updateActivity, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + activityController.deleteActivity, +); -export default router; \ No newline at end of file +export default router; diff --git a/routes/assignment.js b/routes/assignment.js index 3b9c8e91..85b18588 100644 --- a/routes/assignment.js +++ b/routes/assignment.js @@ -1,10 +1,32 @@ import express from "express"; import assingmentController from "#controller/assignment"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; const router = express.Router(); -router.post("/add", assingmentController.addAssignment); -router.get("/list", assingmentController.getAssignment); -router.post("/update/:id", assingmentController.updateAssignment); -router.delete("/delete/:id", assingmentController.deleteAssignment); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + assingmentController.addAssignment, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + assingmentController.getAssignment, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + assingmentController.updateAssignment, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + assingmentController.deleteAssignment, +); export default router; diff --git a/routes/coursework.js b/routes/coursework.js index 5a6aeb1b..5b9109d4 100644 --- a/routes/coursework.js +++ b/routes/coursework.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import courseworkController from "#controller/coursework"; const router = express.Router(); -router.post("/add", courseworkController.addCoursework); -router.get("/list", courseworkController.getCoursework); -router.post("/update/:id", courseworkController.updateCoursework); -router.delete("/delete/:id", courseworkController.deleteCoursework); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + courseworkController.addCoursework, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + courseworkController.getCoursework, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + courseworkController.updateCoursework, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + courseworkController.deleteCoursework, +); export default router; diff --git a/routes/department.js b/routes/department.js index cc15b44f..fbbb274d 100644 --- a/routes/department.js +++ b/routes/department.js @@ -1,11 +1,33 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import departmentContoller from "#controller/department"; const router = express.Router(); -router.get("/list", departmentContoller.showdepartments); -router.post("/create", departmentContoller.addDepartment); -router.delete("/delete/:id", departmentContoller.removedepartmentbyid); -router.post("/update/:id", departmentContoller.updatedDepartment); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + departmentContoller.showdepartments, +); +router.post( + "/create", + authenticateToken, + authorization(["ADMIN"]), + departmentContoller.addDepartment, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + departmentContoller.removedepartmentbyid, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + departmentContoller.updatedDepartment, +); export default router; diff --git a/routes/faculty.js b/routes/faculty.js index aacc1669..ae58f4dd 100644 --- a/routes/faculty.js +++ b/routes/faculty.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import facultyController from "#controller/faculty"; const router = express.Router(); -router.post("/create", facultyController.addFaculty); -router.get("/list", facultyController.getFaculty); -router.post("/update/:id", facultyController.updateFaculty); -router.delete("/delete/:id", facultyController.deleteFaculty); +router.post( + "/create", + authenticateToken, + authorization(["ADMIN"]), + facultyController.addFaculty, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + facultyController.getFaculty, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + facultyController.updateFaculty, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + facultyController.deleteFaculty, +); export default router; diff --git a/routes/group.js b/routes/group.js index e9f20a51..0a403533 100644 --- a/routes/group.js +++ b/routes/group.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import groupController from "#controller/group"; const router = express.Router(); -router.post("/add", groupController.addGroup); -router.get("/list", groupController.getGroup); -router.post("/update/:id", groupController.updateGroup); -router.delete("/delete/:id", groupController.deleteGroup); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + groupController.addGroup, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + groupController.getGroup, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + groupController.updateGroup, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + groupController.deleteGroup, +); export default router; diff --git a/routes/infrastructure.js b/routes/infrastructure.js index 8048ccb1..0b732460 100644 --- a/routes/infrastructure.js +++ b/routes/infrastructure.js @@ -1,10 +1,33 @@ import express from "express"; + +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import infrastructureController from "#controller/infrastructure"; const router = express.Router(); -router.post("/add", infrastructureController.addInfrastructure); -router.get("/list", infrastructureController.getInfrastructure); -router.post("/update/:id", infrastructureController.updateInfrastructure); -router.delete("/delete/:id", infrastructureController.deleteInfrastructure); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN"]), + infrastructureController.addInfrastructure, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + infrastructureController.getInfrastructure, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + infrastructureController.updateInfrastructure, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + infrastructureController.deleteInfrastructure, +); export default router; diff --git a/routes/module.js b/routes/module.js index fb373668..4bda2c95 100644 --- a/routes/module.js +++ b/routes/module.js @@ -1,11 +1,33 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import moduleController from "#controller/module"; const router = express.Router(); -router.get("/list", moduleController.showModule); -router.post("/add", moduleController.addModule); -router.post("/update/:id",moduleController.updateModule); -router.delete("/delete/:id",moduleController.deleteModule); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + moduleController.showModule, +); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + moduleController.addModule, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + moduleController.updateModule, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + moduleController.deleteModule, +); export default router; diff --git a/routes/organization.js b/routes/organization.js index 10c412fc..79d2e8a9 100644 --- a/routes/organization.js +++ b/routes/organization.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import organizationController from "#controller/organization"; const router = express.Router(); -router.get("/list", organizationController.showOrganization); -router.post("/add", organizationController.addOrganization); -router.delete("/delete/:id", organizationController.deleteOrganization); -router.post("/update/:id", organizationController.updateOrganization); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + organizationController.showOrganization, +); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN"]), + organizationController.addOrganization, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + organizationController.deleteOrganization, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + organizationController.updateOrganization, +); export default router; diff --git a/routes/paper.js b/routes/paper.js index f754ea35..c7ec770a 100644 --- a/routes/paper.js +++ b/routes/paper.js @@ -1,11 +1,33 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import paperController from "#controller/paper"; const router = express.Router(); -router.post("/add", paperController.addPaper); -router.get("/list", paperController.showPaper); -router.post("/update/:id", paperController.updatePaper); -router.delete("/delete/:id", paperController.deletePaper); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + paperController.addPaper, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + paperController.showPaper, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + paperController.updatePaper, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + paperController.deletePaper, +); export default router; diff --git a/routes/performance.js b/routes/performance.js index 66acd231..1f96db33 100644 --- a/routes/performance.js +++ b/routes/performance.js @@ -1,8 +1,15 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import performacontroller from "#controller/performance"; const router = express.Router(); -router.get("/test", performacontroller); +router.get( + "/test", + authenticateToken, + authorization(["ADMIN"]), + performacontroller, +); -export default router; \ No newline at end of file +export default router; diff --git a/routes/practical.js b/routes/practical.js index 6a6ad9d9..af468b51 100644 --- a/routes/practical.js +++ b/routes/practical.js @@ -1,18 +1,40 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import practicalController from "#controller/practical"; const router = express.Router(); // Create a new Practical -router.post("/create", practicalController.addPractical); +router.post( + "/create", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + practicalController.addPractical, +); // List Practical entities with optional filters -router.get("/list", practicalController.getPractical); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + practicalController.getPractical, +); // Update Practical entities based on filters and update data -router.post("/update/:id", practicalController.updatePractical); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + practicalController.updatePractical, +); // Delete Practical entities based on filters -router.delete("/delete/:id", practicalController.deletePractical); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + practicalController.deletePractical, +); export default router; diff --git a/routes/semester.js b/routes/semester.js index 5d23936a..05321882 100644 --- a/routes/semester.js +++ b/routes/semester.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import semesterController from "#controller/semester"; const router = express.Router(); -router.post("/add", semesterController.addSemester); -router.get("/list", semesterController.getSemester); -router.post("/update/:id", semesterController.updateSemester); -router.delete("/delete/:id", semesterController.deleteSemester); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN"]), + semesterController.addSemester, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + semesterController.getSemester, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + semesterController.updateSemester, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + semesterController.deleteSemester, +); export default router; diff --git a/routes/student.js b/routes/student.js index 70fc5f4c..db686df9 100644 --- a/routes/student.js +++ b/routes/student.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import studentController from "#controller/student"; const router = express.Router(); -router.post("/create", studentController.addStudent); -router.get("/list", studentController.getStudent); -router.post("/update/:id", studentController.updateStudent); -router.delete("/delete/:id", studentController.deleteStudent); +router.post( + "/create", + authenticateToken, + authorization(["ADMIN"]), + studentController.addStudent, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + studentController.getStudent, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + studentController.updateStudent, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + studentController.deleteStudent, +); export default router; diff --git a/routes/timetable.js b/routes/timetable.js index 868f66b2..e1f0d8fd 100644 --- a/routes/timetable.js +++ b/routes/timetable.js @@ -1,10 +1,33 @@ import express from "express"; + +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import timetableController from "#controller/timetable"; const router = express.Router(); -router.post("/add", timetableController.addTimetable); -router.get("/list", timetableController.getTimetable); -router.post("/update/:id", timetableController.updateTimetable); -router.delete("/delete/:id", timetableController.deleteTimetable); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN"]), + timetableController.addTimetable, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN"]), + timetableController.getTimetable, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN"]), + timetableController.updateTimetable, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN"]), + timetableController.deleteTimetable, +); export default router; diff --git a/routes/tutorial.js b/routes/tutorial.js index 81634f26..a1bd30fc 100644 --- a/routes/tutorial.js +++ b/routes/tutorial.js @@ -1,10 +1,32 @@ import express from "express"; +import authenticateToken from "#middleware/auth"; +import authorization from "#middleware/authorization"; import tutorialController from "#controller/tutorial"; const router = express.Router(); -router.post("/add", tutorialController.addTutorial); -router.get("/list", tutorialController.showTutorial); -router.post("/update/:id", tutorialController.updateTutorial); -router.delete("/delete/:id", tutorialController.deleteTutorial); +router.post( + "/add", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + tutorialController.addTutorial, +); +router.get( + "/list", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + tutorialController.showTutorial, +); +router.post( + "/update/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + tutorialController.updateTutorial, +); +router.delete( + "/delete/:id", + authenticateToken, + authorization(["ADMIN", "FACULTY"]), + tutorialController.deleteTutorial, +); export default router;