Add a middleware function to restrict access

- Add ```isAdmin``` or ```isUser``` as a middleware function in requests to block access. I couldn't do it because I don't really know what to restrict. :P - Improve signup strategy so that users and admins can't have same username.
OSDLabs · Feb 19, 2017 · ad4da56 · ad4da56
1 parent 570cd61
commit ad4da56
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 2 deletions.
diff --git a/passport_config.js b/passport_config.js
@@ -50,7 +50,18 @@ module.exports = function(app, passport){
             return cb(null, false, {message:"User already registered"});
           }
           else{
-            app.db.users.insert({username: username, password:password});
+            // Must not be the same as admins
+            app.db.admins.findOne({username: username}, function(err, user) {
+              if (err) {
+                return cb(err);
+              }
+              if (user) {
+                return cb(null, false, {message:"User already registered"});
+              }
+              else{
+                app.db.users.insert({username: username, password:password});
+              }
+            });
           }
         });
       }else

diff --git a/routes/index.js b/routes/index.js
@@ -364,7 +364,7 @@ function rescanItem(req) {
   app.db.songs.find({ _id: { $in: items }}, function(err, songs) {
     if (!err && songs)
 
-        // add the location to the list of songs to scan
+      // add the location to the list of songs to scan
       for (var i = 0; i < songs.length; i++) {
         songLocArr.push(songs[i].location);
       }
@@ -655,3 +655,31 @@ function getYoutubeSongs(req) {
     });
   });
 }
+
+function isUser(req, res, next) {
+  if (req.isAuthenticated()) {
+    app.db.users.findOne({username: req.user.username}, function (err, user) {
+      if (!user) {
+        res.redirect('/login');
+      } else {
+        return next();
+      }
+    });
+  }else {
+    res.redirect('/login?notAuth');
+  }
+}
+
+function isAdmin(req, res, next) {
+  if (req.isAuthenticated()) {
+    app.db.admin.findOne({username: req.user.username}, function (err, user) {
+      if (!user) {
+        res.redirect('/admin');
+      } else {
+        return next();
+      }
+    });
+  }else {
+    res.redirect('/admin?notAuth');
+  }
+}