feature/27 (#47)

src/database/models/roles.js

@@ -0,0 +1,4 @@
+module.exports = {
+    Admin : 'Admin',
+    User: 'User'
+}

src/database/models/user.js

@@ -13,6 +13,9 @@ const userSchema = new mongoose.Schema({
         type: String,
         required: true
     },
+    role: {
+        type: String
+    },
     tokens: [{
         token: {
             type: String,
@@ -26,6 +29,7 @@ userSchema.statics.joiValidate = async function(obj) {
         name: Joi.string().min(2).required(),
         password: Joi.string().min(8).regex(/[a-zA-Z0-9]{3,30}/).required(),
         email: Joi.string().email().required(),
+        role: Joi.string()
     })
 
     const validation = schema.validate(obj);

src/endpoints/user.js

@@ -8,7 +8,7 @@ const getUsers = async (req, res, next) => {
         return res.status(200).send(allUsers)
     } catch (e) {
         // TODO: Jel i ovde treba next(e)?
-        return res.status(500).send('Internal server error!')
+        next(e)
     }
 }
 

src/middleware/auth.js

@@ -1,4 +1,6 @@
 const jwt = require('jsonwebtoken')
+const User = require('../database/models/user')
+const Role = require('../database/models/roles')
 
 const auth = async (req, res, next) => {
     try {
@@ -12,4 +14,27 @@ const auth = async (req, res, next) => {
     next()
 }
 
-module.exports = auth
+const authRole = async (req, res, next) => {
+    try {
+        const token = req.header('Authorization').replace('Bearer ', '')
+        if(!token) {
+            return res.status(404).send('Invalid token!')
+        }
+
+        const findUser = await User.findOne({ 'tokens.token': token })
+        if(!findUser) {
+            return res.status(401).send('No user has the token provided!')
+        }
+        if(findUser['role'] === Role.Admin) {
+            console.log('User is admin!')
+            next()
+        }
+        else {
+            return res.status(403).send('Access forbidden!')
+        }
+    } catch(e) {
+        next(e)
+    }
+}
+
+module.exports = { auth, authRole }

src/routes/user.js

@@ -1,6 +1,7 @@
 const express = require('express')
 const endpoints = require('../endpoints/user')
 const router = new express.Router()
+const auth = require('../middleware/auth')
 
 /**
  * @openapi
@@ -16,7 +17,7 @@ const router = new express.Router()
  *       500:
  *         description: Internal server error.
  */
-router.get('/users', endpoints.getUsers)
+router.get('/users', auth.authRole, endpoints.getUsers)
 
 /**
  * @openapi