From ad4da56fc15e42fdf89f283828d7e1ca2165a4f5 Mon Sep 17 00:00:00 2001
From: UTkarsh <utkarshme96@gmail.com>
Date: Sun, 19 Feb 2017 19:14:04 +0530
Subject: [PATCH] Add a middleware function to restrict access

- Add ```isAdmin``` or ```isUser``` as a middleware function in requests
  to block access. I couldn't do it because I don't really know what to
  restrict. :P
- Improve signup strategy so that users and admins can't have same
  username.
---
 passport_config.js | 13 ++++++++++++-
 routes/index.js    | 30 +++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/passport_config.js b/passport_config.js
index 520133f..6303cb5 100644
--- a/passport_config.js
+++ b/passport_config.js
@@ -50,7 +50,18 @@ module.exports = function(app, passport){
             return cb(null, false, {message:"User already registered"});
           }
           else{
-            app.db.users.insert({username: username, password:password});
+            // Must not be the same as admins
+            app.db.admins.findOne({username: username}, function(err, user) {
+              if (err) {
+                return cb(err);
+              }
+              if (user) {
+                return cb(null, false, {message:"User already registered"});
+              }
+              else{
+                app.db.users.insert({username: username, password:password});
+              }
+            });
           }
         });
       }else
diff --git a/routes/index.js b/routes/index.js
index d1b5b5e..b5f4720 100644
--- a/routes/index.js
+++ b/routes/index.js
@@ -364,7 +364,7 @@ function rescanItem(req) {
   app.db.songs.find({ _id: { $in: items }}, function(err, songs) {
     if (!err && songs)
 
-        // add the location to the list of songs to scan
+      // add the location to the list of songs to scan
       for (var i = 0; i < songs.length; i++) {
         songLocArr.push(songs[i].location);
       }
@@ -655,3 +655,31 @@ function getYoutubeSongs(req) {
     });
   });
 }
+
+function isUser(req, res, next) {
+  if (req.isAuthenticated()) {
+    app.db.users.findOne({username: req.user.username}, function (err, user) {
+      if (!user) {
+        res.redirect('/login');
+      } else {
+        return next();
+      }
+    });
+  }else {
+    res.redirect('/login?notAuth');
+  }
+}
+
+function isAdmin(req, res, next) {
+  if (req.isAuthenticated()) {
+    app.db.admin.findOne({username: req.user.username}, function (err, user) {
+      if (!user) {
+        res.redirect('/admin');
+      } else {
+        return next();
+      }
+    });
+  }else {
+    res.redirect('/admin?notAuth');
+  }
+}