csc309-team58/sports-matcher/server/middleware/authority.js

import MongoStore from "connect-mongo";
import session from "express-session";
import { mongooseDbName, mongoURI } from "../database/mongoose.js";
import userModel from "../schemas/userModel.js";
import { checkDatabaseConnection } from "./database.js";
const sessionConf = {
    secret: process.env.SESSION_SECRET || "super duper secret string.",
    cookie: {
        expires: process.env.SESSION_TIMEOUT || 300000,
        httpOnly: true,
    },
    saveUninitialized: false,
    resave: false,
};
if (process.env.NODE_ENV === "production") {
    sessionConf.cookie.secure = true;
    sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });
}
export const userSession = session(sessionConf);

export async function requireAuthenticated(req, res, next) {
    if (!checkDatabaseConnection()) {
        req.status(500).send("Internal server error.");
        return;
    }
    if (req.session.userId) {
        req.user = await userModel.findById(req.session.userId);
        next();
    } else {
        res.status(401).send("Not authorized.");
        return;
    }
}


export async function requireAdmin(req, res, next) {
    if (!checkDatabaseConnection()) {
        req.status(500).send("Internal server error.");
        return;
    }
    if (req.session.userId) {
        req.user = await userModel.findById(req.session.userId);
        if (req.user.accessLevel < 3) {
            res.status(401).send("Not authorized");
            return;
        }
        next();
    } else {
        res.status(401).send("Not authorized.");
        return;
    }
}
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`import MongoStore from "connect-mongo";`
			`import session from "express-session";`
			`import { mongooseDbName, mongoURI } from "../database/mongoose.js";`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`import userModel from "../schemas/userModel.js";`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`import { checkDatabaseConnection } from "./database.js";`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`const sessionConf = {`
			`secret: process.env.SESSION_SECRET \|\| "super duper secret string.",`
			`cookie: {`
			`expires: process.env.SESSION_TIMEOUT \|\| 300000,`
			`httpOnly: true,`
			`},`
			`saveUninitialized: false,`
			`resave: false,`
			`};`
			`if (process.env.NODE_ENV === "production") {`
			`sessionConf.cookie.secure = true;`
			`sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });`
			`}`
			`export const userSession = session(sessionConf);`

Multiple changes, basic rental CRUD backend implemented. All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function. 2022-04-05 16:50:35 +00:00			`export async function requireAuthenticated(req, res, next) {`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00			`if (!checkDatabaseConnection()) {`
			`req.status(500).send("Internal server error.");`
			`return;`
			`}`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`if (req.session.userId) {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`req.user = await userModel.findById(req.session.userId);`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`next();`
			`} else {`
Added U and D endpoints. 2022-04-05 03:50:26 +00:00			`res.status(401).send("Not authorized.");`
Rewrite phase 1. Started improved client code structure. Implemented session based authentication serverside. Implemented user, match, and sport database models serverside. Implemented Controllers for variety of C and R operations of CRUD. 2022-04-05 01:15:43 +00:00			`return;`
			`}`
			`}`
Added suspension mechanism. 2022-04-07 22:56:04 +00:00

			`export async function requireAdmin(req, res, next) {`
			`if (!checkDatabaseConnection()) {`
			`req.status(500).send("Internal server error.");`
			`return;`
			`}`
			`if (req.session.userId) {`
			`req.user = await userModel.findById(req.session.userId);`
			`if (req.user.accessLevel < 3) {`
			`res.status(401).send("Not authorized");`
			`return;`
			`}`
			`next();`
			`} else {`
			`res.status(401).send("Not authorized.");`
			`return;`
			`}`
			`}`