src/routes/auth/router.ts

@@ -1,36 +1,31 @@
 import express, {type Router} from "express";
-import UserGuard from "@validators/UserGuard";
+import JwtGuard from "@validators/JwtGuard";
-import AdminGuard from "@validators/AdminGuard";
 
 
 const router: Router = express.Router();
 
-router.route('/login').post()
+router.route('/login')
-router.route('/register').post()
+router.route('/register')
 
 // PATCH
-router.route('/me')
+router.route('/me').patch(JwtGuard)
-	.patch(UserGuard)
 
 // GET
-router.route('/me')
+router.route('/me').get(JwtGuard)
-	.get(UserGuard)
 
 // DELETE
-router.route('/me')
+router.route('/me').delete(JwtGuard)
-	.delete(UserGuard)
 
 
 // GET
-router.route('/all')
+router.route('/all').get(JwtGuard)
-	.get(AdminGuard)
 
 
 // GET
-router.route('/user/:targetId')
+router.route('/user/:targetId').get(JwtGuard)
-	.get(AdminGuard)
+
-	.patch(AdminGuard)
+// PATCH
-	.delete(AdminGuard)
+router.route('/user/:targetId').patch(JwtGuard)
 
 
 export default router

src/routes/catalog/router.ts

@@ -1,39 +1,37 @@
 import express, {type Router} from "express";
-import AdminGuard from "@validators/AdminGuard";
-import UserGuard from "@validators/UserGuard";
 
 
 const router: Router = express.Router();
 
 //-- MODELS >>
 
-router.route('/model/new').get(AdminGuard)
+router.route('/model/new').get()
 
 router.route('/model/all').get()
 
 router.route('/model/:modelSlug')
-	.get(UserGuard)
+	.get()
-	.patch(AdminGuard)
+	.patch()
-	.delete(AdminGuard)
+	.delete()
 
 
 //-- CATEGORY >>
 
-router.route('/category/new').get(AdminGuard)
+router.route('/category/new').get()
 
 router.route('/category/all').get()
 
 router.route('/category/:categorySlug')
-	.get(UserGuard)
+	.get()
-	.patch(AdminGuard)
+	.patch()
-	.delete(AdminGuard)
+	.delete()
 
 
 //-- BRAND >>
 
-router.route('/brand/new').post(AdminGuard)
+router.route('/brand/new').post()
 router.route('/brand/all').get()
 router.route('/brand/:brandSlug')
-	.get(UserGuard)
+	.get()
-	.patch(AdminGuard)
+	.patch()
-	.delete(AdminGuard)
+	.delete()

src/routes/index.ts

@@ -1,3 +1,3 @@
 export * from './auth/router'
 export * from './catalog/router'
-export * from './rent/router'
+export * from './rent'

src/routes/rent/router.ts

@@ -1,32 +1,29 @@
 import express, {type Router} from "express";
-import AdminGuard from "@validators/AdminGuard";
+import JwtGuard from "@validators/JwtGuard";
-import UserGuard from "@validators/UserGuard";
 
 
 const router: Router = express.Router();
 
 // Get rent affected to the user
-router.route('/affected')
+router.route('/affected').get(JwtGuard)
-	.get(UserGuard)
 
 // Get all vehicle in rent (admin only)
-router.route('/affected/all')
+router.route('/affected/all').get(JwtGuard)
-	.get(AdminGuard)
 
 // Add a new vehicle (admin only)
-router.route('/veh/new')
+router.route('/veh/new').post(JwtGuard)
-	.post(AdminGuard)
 
 // Get all vehicles
-router.route('/veh/all')
+router.route('/veh/all').get()
-	.get()
 
 // Rent a specific vehicle
-router.route('/veh/rent/:vehicleId')
+router.route('/veh/rent/:vehicleId').post(JwtGuard)
-	.post(UserGuard)
 
+// Endpoint to get the data of a vehicle, data change if source is an admin
+router.route('/veh/:vehicleId').get(JwtGuard)
 
-router.route('/veh/:vehicleId')
+// Endpoint to edit the data of a vehicle if source is an admin
-	.get(UserGuard)
+router.route('/veh/:vehicleId').patch(JwtGuard)
-	.patch(AdminGuard)
+
-	.delete(AdminGuard)
+// Endpoint to delete a vehicle if source is an admin
+router.route('/veh/:vehicleId').delete(JwtGuard)

src/validators/AdminGuard.ts

@@ -1,39 +0,0 @@
-import JwtService from "@services/jwt.service";
-import type {NextFunction, Request, Response} from "express";
-import MySqlService from "@services/mysql.service";
-import MysqlService from "@services/mysql.service";
-import {Logger} from "tslog";
-
-const DbHandler = new MySqlService.Handler('AdminGuard')
-const logger = new Logger({name: 'AdminGuard'})
-
-const UNAUTHORIZED = 401;
-const FORBIDDEN = 403;
-const UNAUTH_MESSAGE = 'Missing Authorization Header';
-const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
-const PERMISSON_NOT_VALID = 'You are missing the required permission.'
-
-async function AdminGuard(req: Request, res: Response, next: NextFunction) {
-	const authHeader = req.headers.authorization;
-	if (!authHeader) {
-		logger.warn(`Invalid header (${req.ip})`)
-		return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
-	}
-
-	const bearerToken = authHeader.split(' ')[1];
-
-	if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
-
-	const token = await JwtService.verify(bearerToken);
-
-	if (token) {
-		// @ts-ignore
-		const isSourceAdmin = await MysqlService.User.getAdminStateForId(DbHandler, token.sub)
-		if (isSourceAdmin === true) next();
-		return res.status(FORBIDDEN).json({message: PERMISSON_NOT_VALID});
-
-	}
-		return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
-}
-
-export default AdminGuard

src/validators/UserGuard.ts

@@ -1,40 +0,0 @@
-import JwtService from "@services/jwt.service";
-import type {NextFunction, Request, Response} from "express";
-import MySqlService from "@services/mysql.service";
-import {Logger} from "tslog";
-
-const DbHandler = new MySqlService.Handler('UserGuard')
-const logger = new Logger({name: 'UserGuard'})
-
-const UNAUTHORIZED = 401;
-const FORBIDDEN = 403;
-const UNAUTH_MESSAGE = 'Missing Authorization Header';
-const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
-const USER_NOT_EXIST = 'You dont exist anymore'
-
-async function UserGuard(req: Request, res: Response, next: NextFunction) {
-	const authHeader = req.headers.authorization;
-	if (!authHeader) {
-		return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
-	}
-
-	const bearerToken = authHeader.split(' ')[1];
-
-	if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
-
-	const token = await JwtService.verify(bearerToken);
-
-	if (token) {
-		// @ts-ignore
-		const userId = token.sub;
-    const user= await MySqlService.User.getById(DbHandler, userId);
-    if (user) {
-			logger.info(`An user do a request. (${user?.username})`)
-			next()
-		}
-		return res.status(UNAUTHORIZED).json({message: USER_NOT_EXIST});
-	}
-		return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
-}
-
-export default UserGuard