diff --git a/middlewares/authorize.ts b/middlewares/authorize.ts new file mode 100644 index 0000000..3459e8a --- /dev/null +++ b/middlewares/authorize.ts @@ -0,0 +1,30 @@ +import { queryDatabase } from "routes/databaseFunctions"; +import { Client } from "pg"; + +const authorize = function (client: Client) { + return async (req: any, res: any, next: any) => { + const name = req.headers.name.toLowerCase(); + const key = req.headers.authorization?.split(" ")[1]; + const query = { + text: "SELECT * FROM apikey WHERE name = $1 AND apikey = $2", + values: [name, key] + } + + if (!name || !key) { + return res.status(400).json({ message: "Please enter your name and key before accessing the database!" }); + } + + try { + const result = await queryDatabase(client, query.text, query.values); + if (result.rows.length === 0) { + return res.status(401).json({ message: "Invalid name or key!" }); + } + next(); + } + catch (e: any) { + return res.status(500).json({ message: e.message }); + } + } +} + +export default authorize; \ No newline at end of file diff --git a/routes/projectsDB.ts b/routes/projectsDB.ts index a796638..0004f5e 100644 --- a/routes/projectsDB.ts +++ b/routes/projectsDB.ts @@ -6,6 +6,7 @@ import { Client, QueryResult } from "pg"; import validate from "../middlewares/validate"; import getDB from "../db"; import synchronizeLocal from "../utils/synchronize"; +import authorize from "middlewares/authorize"; const router: Router = Router(); @@ -67,7 +68,8 @@ async function startServer() { } }); - router.post("/add", validate, async (req: any, res: any) => { + router.post("/add", authorize(client), validate, async (req: any, res: any) => { + const values: Array = Object.values(req.body); const query = ` INSERT INTO projects (name, "short-desc", "long-desc", team, link, image, "tech-stack", cohort, topic) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)`; @@ -81,7 +83,7 @@ async function startServer() { } }); - router.put("/update", validate, async (req: any, res: any) => { + router.put("/update", authorize(client), validate, async (req: any, res: any) => { const projectName = req.query.name; if (!projectName) {