first init of the branch

coding-bootcamps-eu · Feb 28, 2024 · fb853f8 · fb853f8
1 parent d2ec82b
commit fb853f8
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 4 deletions.
diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -28,7 +28,8 @@
     "passport": "^0.6.0",
     "passport-jwt": "^4.0.1",
     "passport-local": "^1.0.0",
-    "passport-local-mongoose": "^8.0.0"
+    "passport-local-mongoose": "^8.0.0",
+    "validator": "^13.11.0"
   },
   "devDependencies": {
     "@types/bcrypt": "^5.0.0",
@@ -43,6 +44,7 @@
     "@types/passport": "^1.0.12",
     "@types/passport-jwt": "^3.0.9",
     "@types/passport-local": "^1.0.35",
+    "@types/validator": "^13.11.9",
     "concurrently": "^8.2.1",
     "nodemon": "^3.0.1",
     "ts-node": "^10.9.2",

diff --git a/backend/src/controller/accountController.ts b/backend/src/controller/accountController.ts
@@ -1,9 +1,10 @@
 import { Request, Response } from "express";
-import { UserModel } from "../models/Users";
+import { User, UserModel } from "../models/Users";
 import jwt from "jwt-simple";
 import config from "../config";
 import mongoose from "mongoose";
 import { Status } from "../models/Status";
+import validator from "validator";
 
 export default {
   login: async (req: Request, res: Response) => {
@@ -26,22 +27,51 @@ export default {
   register: async (req: Request, res: Response) => {
     try {
       const { email, password } = req.body;
+
       if (!email || !password) {
         return res
           .status(400)
           .json({ error: "Email and password are required" });
       }
+      // Validator, um das E-Mail-Format zu überprüfen
+      if (!validator.isEmail(email)) {
+        return res.status(400).json({ error: "Invalid email format" });
+      }
+
+      // Prüfung ob es Benutzer gibt
+      const usersCount = await UserModel.countDocuments();
+      const isAdmin = usersCount === 0;
+
+      // Wenn nicht der erste Benutzer, überprüfe Admin-Berechtigung
+
+      const user = req.user as User;
+      if (!isAdmin && (!user || !user.isAdmin)) {
+        return res
+          .status(403)
+          .json({ error: "Only admins can register new users" });
+      }
+
       const newUser = new UserModel({
         username: email,
         password: password,
+        isAdmin: isAdmin, // Setze Admin, wenn erster Benutzer
       });
+
       await UserModel.register(newUser, password);
       res.json({ message: "Successful registration!" });
     } catch (err) {
       console.error("Invalid registration", err);
+
+      if (err.name === "UserExistsError") {
+        return res.status(409).json({
+          error: "A user with the given username is already registered",
+        });
+      }
+
       res.status(500).json({ error: "Invalid registration" });
     }
   },
+
   getStatus: async (req: Request, res: Response) => {
     try {
       const secretToken = req.headers.authorization as string;

diff --git a/backend/src/models/Users.ts b/backend/src/models/Users.ts
@@ -5,12 +5,14 @@ export interface User extends Document {
   id: string;
   username: string;
   password: string;
+  isAdmin: boolean;
   comparePassword(candidatePassword: string): Promise<boolean>;
 }
 
 const UserSchema: Schema<User> = new mongoose.Schema({
   username: { type: String, required: true, unique: true },
   password: { type: String, required: true },
+  isAdmin: { type: Boolean, default: false },
 });
 
 UserSchema.pre("save", async function (next) {

diff --git a/backend/src/server.ts b/backend/src/server.ts
@@ -8,7 +8,7 @@ import { Strategy as LocalStrategy } from "passport-local";
 import connectToDB from "./db";
 import config from "./config";
 
-import { UserModel } from "./models/Users";
+import { User, UserModel } from "./models/Users";
 import initializePassport from "./middleware/auth";
 
 class App {
@@ -22,6 +22,12 @@ class App {
   }
   private initializeMiddleware(): void {
     this.app.use(cors());
+    this.app.use((req, res, next) => {
+      if (req.user) {
+        req.user = req.user as User;
+      }
+      next();
+    });
     this.app.use(bodyParser.json());
     this.app.use(bodyParser.urlencoded({ extended: false }));
     this.app.use(