From f72b7ad9cbefa948d71d4ce7af5554df133b1838 Mon Sep 17 00:00:00 2001
From: Mathis <avnyr@yidhra.fr>
Date: Tue, 8 Oct 2024 13:25:44 +0200
Subject: [PATCH] Secure machine operations with AdminGuard

Added AdminGuard to POST and DELETE routes in MachinesController to ensure only admins can create or delete machines. Renamed endpoints for clarity and removed redundant code. This enhances security and improves API design.
---
 .../src/app/machines/machines.controller.ts   | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/apps/backend/src/app/machines/machines.controller.ts b/apps/backend/src/app/machines/machines.controller.ts
index 6bd6496..44f7fd7 100644
--- a/apps/backend/src/app/machines/machines.controller.ts
+++ b/apps/backend/src/app/machines/machines.controller.ts
@@ -4,38 +4,39 @@ import {
 	Delete,
 	Get,
 	Param,
+	ParseBoolPipe,
 	ParseIntPipe,
 	Post,
 	Query,
+	UseGuards,
 } from "@nestjs/common";
+import { AdminGuard } from "apps/backend/src/app/auth/auth.guard";
 import { MachinesService } from "apps/backend/src/app/machines/machines.service";
 
 @Controller("machines")
 export class MachinesController {
 	constructor(private readonly machineService: MachinesService) {}
 
-	@Get()
+	@Get("find")
 	async findMany(
 		@Query("limit", new DefaultValuePipe(20), ParseIntPipe) limit: number,
 		@Query("offset", new DefaultValuePipe(0), ParseIntPipe) offset: number,
 		@Query("search", new DefaultValuePipe("")) search: string,
-	) {
-		const query = { limit, offset, search };
-	}
+	) {}
 
+	@UseGuards(AdminGuard)
 	@Post("new")
 	async newMachine() {}
 
+	@UseGuards(AdminGuard)
 	@Delete(":machineId")
-	async deleteGroup(@Param("machineId") machineId: string) {}
+	async deleteMachine(@Param("machineId") machineId: string) {}
 
-	@Get(":groupId")
-	async getForGroup(
+	@Get(":machineId/files")
+	async getFilesForMachine(
 		@Query("limit", new DefaultValuePipe(20), ParseIntPipe) limit: number,
 		@Query("offset", new DefaultValuePipe(0), ParseIntPipe) offset: number,
 		@Query("search", new DefaultValuePipe("")) search: string,
 		@Param("machineId") machineId: string,
-	) {
-		const query = { limit, offset, search };
-	}
+	) {}
 }