Commit 61a8047c authored by Balasuriya D.A.M.'s avatar Balasuriya D.A.M.

Authorization Middleware

parent 5a44a3ca
......@@ -66,7 +66,8 @@ const authUser = asyncHandler(async (req, res) => {
// /api/user?search = minosh - goint to creat search query
//This is how to access the query (search query)
const allUsers = asyncHandler(async (req, res) => {
const keyword = req.query.search ? {
const keyword = req.query.search
? {
//use $or operation
$or: [
//references from MongoDB pages.can get more information from that about $regex
......@@ -78,7 +79,7 @@ const allUsers = asyncHandler(async (req, res) => {
: {};
//query write to database
const users = await (await User.find(keyword)); //.find({ _id: { $ne: req.user._id } });
const users = await User.find(keyword).find({ _id: { $ne: req.user._id } });
// find({_id:{$ne:req.user._id}}) - current id user loged in
res.send(users); //to return
......
//import jwt
const jwt = require("jsonwebtoken");
const User = require("../models/userModel.js");
const asyncHandler = require("express-async-handler");
//asyncHandler to handle all this errors
//use next to move on the other operations
const protect = asyncHandler(async (req, res, next) => {
let token;
if (
req.headers.authorization &&
req.headers.authorization.startsWith("Bearer")
) {
try {
token = req.headers.authorization.split(" ")[1];
//decodes token id
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decoded.id).select("-password");
next();
} catch (error) {
res.status(401);
throw new Error("Not authorized, token failed");
}
}
//if uper bearer condtion is not satisfied this one will use
if (!token) {
res.status(401);
throw new Error("Not authorized, no token");
}
});
module.exports = { protect };
\ No newline at end of file
const express = require("express");
const { registerUser,authUser,allUsers } = require("../controllers/userControllers");
const { registerUser, authUser, allUsers } = require("../controllers/userControllers");
const { protect } = require("../middleware/authMiddleware");
const router = express.Router();
router.route("/").post(registerUser).get(allUsers); //User searching API end point
router.route("/").post(registerUser).get(protect,allUsers); //User searching API end point
router.post("/login", authUser);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment