feat: ✨ AdminGuard

#10

src/routes/auth/router.ts

@@ -1,31 +1,36 @@
 import express, {type Router} from "express";
-import JwtGuard from "@validators/JwtGuard";
+import UserGuard from "@validators/UserGuard";
+import AdminGuard from "@validators/AdminGuard";
 
 
 const router: Router = express.Router();
 
-router.route('/login')
+router.route('/login').post()
-router.route('/register')
+router.route('/register').post()
 
 // PATCH
-router.route('/me').patch(JwtGuard)
+router.route('/me')
+	.patch(UserGuard)
 
 // GET
-router.route('/me').get(JwtGuard)
+router.route('/me')
+	.get(UserGuard)
 
 // DELETE
-router.route('/me').delete(JwtGuard)
+router.route('/me')
+	.delete(UserGuard)
 
 
 // GET
-router.route('/all').get(JwtGuard)
+router.route('/all')
+	.get(AdminGuard)
 
 
 // GET
-router.route('/user/:targetId').get(JwtGuard)
+router.route('/user/:targetId')
-
+	.get(AdminGuard)
-// PATCH
+	.patch(AdminGuard)
-router.route('/user/:targetId').patch(JwtGuard)
+	.delete(AdminGuard)
 
 
 export default router

src/routes/catalog/router.ts

@@ -1,37 +1,39 @@
 import express, {type Router} from "express";
+import AdminGuard from "@validators/AdminGuard";
+import UserGuard from "@validators/UserGuard";
 
 
 const router: Router = express.Router();
 
 //-- MODELS >>
 
-router.route('/model/new').get()
+router.route('/model/new').get(AdminGuard)
 
 router.route('/model/all').get()
 
 router.route('/model/:modelSlug')
-	.get()
+	.get(UserGuard)
-	.patch()
+	.patch(AdminGuard)
-	.delete()
+	.delete(AdminGuard)
 
 
 //-- CATEGORY >>
 
-router.route('/category/new').get()
+router.route('/category/new').get(AdminGuard)
 
 router.route('/category/all').get()
 
 router.route('/category/:categorySlug')
-	.get()
+	.get(UserGuard)
-	.patch()
+	.patch(AdminGuard)
-	.delete()
+	.delete(AdminGuard)
 
 
 //-- BRAND >>
 
-router.route('/brand/new').post()
+router.route('/brand/new').post(AdminGuard)
 router.route('/brand/all').get()
 router.route('/brand/:brandSlug')
-	.get()
+	.get(UserGuard)
-	.patch()
+	.patch(AdminGuard)
-	.delete()
+	.delete(AdminGuard)

src/routes/index.ts

@@ -1,3 +1,3 @@
 export * from './auth/router'
 export * from './catalog/router'
-export * from './rent'
+export * from './rent/router'

src/routes/rent/router.ts

@@ -1,29 +1,32 @@
 import express, {type Router} from "express";
-import JwtGuard from "@validators/JwtGuard";
+import AdminGuard from "@validators/AdminGuard";
+import UserGuard from "@validators/UserGuard";
 
 
 const router: Router = express.Router();
 
 // Get rent affected to the user
-router.route('/affected').get(JwtGuard)
+router.route('/affected')
+	.get(UserGuard)
 
 // Get all vehicle in rent (admin only)
-router.route('/affected/all').get(JwtGuard)
+router.route('/affected/all')
+	.get(AdminGuard)
 
 // Add a new vehicle (admin only)
-router.route('/veh/new').post(JwtGuard)
+router.route('/veh/new')
+	.post(AdminGuard)
 
 // Get all vehicles
-router.route('/veh/all').get()
+router.route('/veh/all')
+	.get()
 
 // Rent a specific vehicle
-router.route('/veh/rent/:vehicleId').post(JwtGuard)
+router.route('/veh/rent/:vehicleId')
+	.post(UserGuard)
 
-// Endpoint to get the data of a vehicle, data change if source is an admin
-router.route('/veh/:vehicleId').get(JwtGuard)
 
-// Endpoint to edit the data of a vehicle if source is an admin
+router.route('/veh/:vehicleId')
-router.route('/veh/:vehicleId').patch(JwtGuard)
+	.get(UserGuard)
-
+	.patch(AdminGuard)
-// Endpoint to delete a vehicle if source is an admin
+	.delete(AdminGuard)
-router.route('/veh/:vehicleId').delete(JwtGuard)

src/validators/AdminGuard.ts

@@ -0,0 +1,39 @@
+import JwtService from "@services/jwt.service";
+import type {NextFunction, Request, Response} from "express";
+import MySqlService from "@services/mysql.service";
+import MysqlService from "@services/mysql.service";
+import {Logger} from "tslog";
+
+const DbHandler = new MySqlService.Handler('AdminGuard')
+const logger = new Logger({name: 'AdminGuard'})
+
+const UNAUTHORIZED = 401;
+const FORBIDDEN = 403;
+const UNAUTH_MESSAGE = 'Missing Authorization Header';
+const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
+const PERMISSON_NOT_VALID = 'You are missing the required permission.'
+
+async function AdminGuard(req: Request, res: Response, next: NextFunction) {
+	const authHeader = req.headers.authorization;
+	if (!authHeader) {
+		logger.warn(`Invalid header (${req.ip})`)
+		return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
+	}
+
+	const bearerToken = authHeader.split(' ')[1];
+
+	if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
+
+	const token = await JwtService.verify(bearerToken);
+
+	if (token) {
+		// @ts-ignore
+		const isSourceAdmin = await MysqlService.User.getAdminStateForId(DbHandler, token.sub)
+		if (isSourceAdmin === true) next();
+		return res.status(FORBIDDEN).json({message: PERMISSON_NOT_VALID});
+
+	}
+		return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
+}
+
+export default AdminGuard

src/validators/UserGuard.ts

@@ -0,0 +1,40 @@
+import JwtService from "@services/jwt.service";
+import type {NextFunction, Request, Response} from "express";
+import MySqlService from "@services/mysql.service";
+import {Logger} from "tslog";
+
+const DbHandler = new MySqlService.Handler('UserGuard')
+const logger = new Logger({name: 'UserGuard'})
+
+const UNAUTHORIZED = 401;
+const FORBIDDEN = 403;
+const UNAUTH_MESSAGE = 'Missing Authorization Header';
+const INVALID_TOKEN_MESSAGE = 'Invalid or expired token.';
+const USER_NOT_EXIST = 'You dont exist anymore'
+
+async function UserGuard(req: Request, res: Response, next: NextFunction) {
+	const authHeader = req.headers.authorization;
+	if (!authHeader) {
+		return res.status(UNAUTHORIZED).json({message: UNAUTH_MESSAGE});
+	}
+
+	const bearerToken = authHeader.split(' ')[1];
+
+	if (!bearerToken) return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
+
+	const token = await JwtService.verify(bearerToken);
+
+	if (token) {
+		// @ts-ignore
+		const userId = token.sub;
+    const user= await MySqlService.User.getById(DbHandler, userId);
+    if (user) {
+			logger.info(`An user do a request. (${user?.username})`)
+			next()
+		}
+		return res.status(UNAUTHORIZED).json({message: USER_NOT_EXIST});
+	}
+		return res.status(FORBIDDEN).json({message: INVALID_TOKEN_MESSAGE});
+}
+
+export default UserGuard