removed authorization

chiefkarim · Sep 10, 2023 · d80c072 · d80c072
1 parent 53472f8
commit d80c072
Show file tree

Hide file tree

Showing 7 changed files with 119 additions and 70 deletions.
diff --git a/app.js b/app.js
@@ -58,10 +58,7 @@ app.use(logger("dev"));
 app.use(express.json());
 app.use(cookieParser());
 app.use(express.static(path.join(__dirname, "public")));
-app.use(function(req,res,next){
-  res.locals.currentUser = req.user
-  next()
-})
+
 
 //setting up authentication
 const LocalStrategy = require('passport-local')

diff --git a/controllers/collectionController.js b/controllers/collectionController.js
@@ -32,24 +32,16 @@ exports.list_items_api = asyncHandler(async(req,res,next)=>{
 
 //handling editing request GET
 exports.edit_get = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         const collections =await collectionModel.find({})
         res.render('collectionEdit',{title:'edit collection',collections:collections})
 
-    }else{
-        res.redirect('/log-in',)
-    }
 })
 
 //API handling editing request GET
 exports.edit_get_api = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         const collections =await collectionModel.find({})
         res.send({title:'edit collection',collections:collections})
 
-    }else{
-        res.res({authorization:false})
-    }
 })
 
 //handling editing request POST
@@ -61,7 +53,6 @@ exports.edit_post =[
         .escape()
         ,asyncHandler(async(req,res,next)=>{
             //initializing errors
-            if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
                 const errors = validationResult(req)
                 //checking that the collection exists
@@ -90,11 +81,9 @@ exports.edit_post =[
 
                 }
 
-            }else{
-                res.redirect('/log-in',)
 
 
-    }})]
+    })]
 
 //handling editing request POST
 exports.edit_post_api =[ 
@@ -105,7 +94,6 @@ exports.edit_post_api =[
         .escape()
         ,asyncHandler(async(req,res,next)=>{
             //initializing errors
-            if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
                 const errors = validationResult(req)
                 //checking that the collection exists
@@ -134,34 +122,26 @@ exports.edit_post_api =[
 
                 }
 
-            }else{
-                res.send({authorization:false})
 
 
-    }})]
+    })]
 
 //handling create item request GET
 exports.create_get =asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         const collections = await collectionModel.find({})
 
         res.render('collectionCreate',{title:"collections create",collections:collections})
 
-    }else{
-        res.redirect('/log-in',)
-    }
+
 })
 
 //handling create item request GET
 exports.create_get_api =asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         const collections = await collectionModel.find({})
 
         res.send({title:"collections create",collections:collections})
 
-    }else{
-        res.send({authorization:false})
-    }
+
 })
 
 //handling create item request Post
@@ -176,7 +156,6 @@ exports.create_post =[
     .isLength({min:3})
     .escape(),
     asyncHandler(async(req,res,next)=>{
-        if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
             //initializing errors
             const errors = validationResult(req)
@@ -204,10 +183,8 @@ exports.create_post =[
                  await updatedCollection.save()
                 res.redirect('/collection')
             }
-        }else{
-            res.redirect('/log-in',)
 
-    }})
+    })
 ]
 
 //API handling create item request Post
@@ -222,7 +199,6 @@ exports.create_post_api =[
     .isLength({min:3})
     .escape(),
     asyncHandler(async(req,res,next)=>{
-        if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
             //initializing errors
             const errors = validationResult(req)
@@ -250,28 +226,20 @@ exports.create_post_api =[
                  await updatedCollection.save()
                 res.redirect('/collection')
             }
-        }else{
-            res.redirect('/log-in',)
 
-    }})
+    })
 ]
 
 //handling deleting a collection
 exports.delete = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         await collectionModel.findByIdAndDelete(req.params.id)
         res.redirect('/collection')
-    }else{
-        res.redirect('/log-in',)
-    }
+
 })
 
 //API handling deleting a collection
 exports.delete_api = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         await collectionModel.findByIdAndDelete(req.params.id)
         res.send({authorization:true})
-    }else{
-        res.send({authorization:false})
-    }
+
 })
diff --git a/controllers/itemController.js b/controllers/itemController.js
@@ -20,22 +20,18 @@ exports.detail_api = asyncHandler(async(req,res,next)=>{
 
 // display edit item page on Get
 exports.edit_get = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
         const collections = await collectionModel.find({})
         if(req.params.id){
             let item = await itemModel.findById({_id: req.params.id});
             res.render('editItem',{title:'item',item:item,collections:collections,})
         }
         res.render('editItem',{title:'item',collections:collections,})
-    }else{
-        res.redirect('/log-in',)
-    }
+
 
 })
 //API display edit item page on Get
 exports.edit_get_api = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
         const collections = await collectionModel.find({})
         if(req.params.id){
@@ -44,9 +40,7 @@ exports.edit_get_api = asyncHandler(async(req,res,next)=>{
         }
         res.send({title:'item',collections:collections,})
 
-    }else{
-        res.send({authorization:false})
-    }
+
 
 })
 
@@ -64,7 +58,6 @@ exports.edit_post = [
     .escape()
     ,asyncHandler(async(req,res,next)=>{
         // extracting errors 
-        if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
             const errors = validationResult(req)
             const collections = await collectionModel.find()
@@ -139,9 +132,7 @@ exports.edit_post = [
                   res.redirect(updatedItem.url)
                 }
             }
-        }else{
-            res.redirect('/log-in',)
-        }
+
 })]
 
 //API handel edited item on Post
@@ -158,7 +149,6 @@ exports.edit_post_api = [
     .escape()
     ,asyncHandler(async(req,res,next)=>{
         // extracting errors 
-        if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
 
             const errors = validationResult(req)
             const collections = await collectionModel.find()
@@ -233,29 +223,21 @@ exports.edit_post_api = [
 
                 }
             }
-        }else{
-            res.send({authorization:false})
-        }
+
 })]
 
 //handling deleting a item
 exports.delete = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         await itemModel.findByIdAndDelete(req.params.id)
         res.redirect('/collection')
 
-    }else{
-        res.redirect('/log-in',)
-    }
+
 })
 
 //API handling deleting a item
 exports.delete_api = asyncHandler(async(req,res,next)=>{
-    if(typeof res.locals.currentUser == 'object' && res.locals.currentUser.username === 'admin'){
         await itemModel.findByIdAndDelete(req.params.id)
         res.send({authorization:true})
 
-    }else{
-        res.send({authorization:false})
-    }
+
 })
diff --git a/controllers/log-inController.js b/controllers/log-inController.js
@@ -1,7 +1,7 @@
 const asyncHandler = require('express-async-handler')
 const {body, validationResult} = require('express-validator')
 const passport = require('passport')
-
+const jwt = require('jsonwebtoken')
 //handling log in request GET
 exports.logIn_get = asyncHandler(async(req,res,next)=>{
     res.render("log-in",{title:'Log in'})
@@ -28,5 +28,5 @@ exports.logIn_post = [
     passport.authenticate("local", {
         successRedirect: "/",
         failureRedirect: "/log-in"
-      })
+      }),
 ]