hit-haui · dinhhonglieu · May 20, 2023 · May 20, 2023 · May 27, 2023 · Jun 1, 2023
diff --git a/src/controllers/user.controllers.js b/src/controllers/user.controllers.js
@@ -48,7 +48,7 @@ const updateUserById = async (req, res) => {
   const { userId } = req.params;
   const newUser = req.body;
   try {
-    const updatedUser = await Blog.findByIdAndUpdate(userId, newUser);
+    const updatedUser = await User.findByIdAndUpdate(userId, newUser);
     if (!updatedUser) {
       const err = new Error(" user not found!");
       err.status = 404;
@@ -65,7 +65,7 @@ const updateUserById = async (req, res) => {
 const deleteUserById = async (req, res, next) => {
   const { userId } = req.params;
   try {
-    const deletedUser = await Blog.findByIdAndDelete(userId);
+    const deletedUser = await User.findByIdAndDelete(userId);
     if (!deletedUser) {
       const err = new Error("User not found");
       err.status = 400;

diff --git a/src/middleware/Auth.middleware.js b/src/middleware/Auth.middleware.js
@@ -0,0 +1,35 @@
+const User = require('../models/User.model')
+const jwt = require('jsonwebtoken')
+
+const authMiddleware = async (req, res, next) =>{
+    const authorization = req.headers.authorization;
+    try{
+        if(!authorization){
+            const err = new Error("Unauthorizator")
+            err.status = 401
+            throw err
+        }
+        const token = authorization.split(" ")[1]
+        const payload = jwt.verify(token,process.env.SECRET_KEY )
+        const userId = payload.userId
+        const user = await User.findById(userId)
+        if(!user) {
+            const err = new Error("User not exist")
+            err.status = 404
+            throw(err)
+        }
+        if(user.role !== 'admin'){
+            const err = new Error("Forbidden!")
+            err.status = 404
+            throw(err)
+        }
+        req.user = user
+        next()
+
+    }catch(error){
+        next(error)
+    }
+
+}
+
+module.exports = authMiddleware;
diff --git a/src/routers/auth.route.js b/src/routers/auth.route.js
@@ -1,6 +1,5 @@
 const express = require("express");
 const { register, login } = require("../controllers/auth.controller");
-
 const authMiddleware = express.Router();
 
 authMiddleware.route("/register").post(register);

diff --git a/src/routers/blog.route.js b/src/routers/blog.route.js
@@ -18,7 +18,6 @@ const storage = multer.diskStorage({
 })
 const upload = multer({ storage: storage}).single('image');
 const blogRouter = express.Router();
-
 blogRouter.route("/").get(getBlogs).post(upload, createBlog);
 
 blogRouter.route("/:blogId").get(getBlog).put(updateBlog).delete(deleteBlog);

diff --git a/src/routers/user.route.js b/src/routers/user.route.js
@@ -8,13 +8,13 @@ const {
   deleteUserById,
 } = require("../controllers/User.controllers");
 const userRouter = express.Router();
-
-userRouter.route("/").get(getUsers).post(createUser);
+const authMiddleware = require('../middleware/Auth.middleware')
+userRouter.route("/").get(getUsers).post(authMiddleware,createUser);
 
 userRouter
   .route("/:userId")
   .get(getUserById)
-  .put(updateUserById)
-  .delete(deleteUserById);
+  .put(authMiddleware,updateUserById)
+  .delete(authMiddleware,deleteUserById);
 
 module.exports = userRouter;