From b2bf1aaf926b76c992acb709b375b91d4015c887 Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Sun, 14 Mar 2021 04:34:46 +1100
Subject: [PATCH] Altered API, read more

I moved /auth/account/privilege to /admin/privilege

I also fixed PATCH and DELETE on /account
---
 README.md                                     | 26 +++++++++----------
 server/{auth => admin}/account-privilege.js   |  5 ----
 server/admin/index.js                         | 25 +++++++++++++++---
 .../auth/{deletion.js => account-delete.js}   |  0
 server/auth/{account.js => account-query.js}  |  0
 server/auth/{update.js => account-update.js}  |  0
 server/auth/index.js                          |  8 +++---
 server/server.js                              |  4 +--
 8 files changed, 40 insertions(+), 28 deletions(-)
 rename server/{auth => admin}/account-privilege.js (71%)
 rename server/auth/{deletion.js => account-delete.js} (100%)
 rename server/auth/{account.js => account-query.js} (100%)
 rename server/auth/{update.js => account-update.js} (100%)

diff --git a/README.md b/README.md
index 67a6c50..ca2f1be 100644
--- a/README.md
+++ b/README.md
@@ -37,9 +37,13 @@ Content-Type: application/json
 	"refreshToken": "fghij"
 }
 
-//DOCS: Retreives the private account data, results vary
-GET /auth/account
-Authorization: Bearer accessToken
+//Replace an expired authToken pair with these values
+POST /auth/token
+Content-Type: application/json
+
+{
+	"token": "refreshToken"
+}
 
 //DOCS: After this is called, the refresh route will no longer work
 DELETE /auth/logout
@@ -49,13 +53,9 @@ Authorization: Bearer accessToken
 	"token": "refreshToken"
 }
 
-//Replace an expired authToken pair with these values
-POST /auth/token
-Content-Type: application/json
-
-{
-	"token": "refreshToken"
-}
+//DOCS: Retreives the private account data, results vary
+GET /auth/account
+Authorization: Bearer accessToken
 
 //Result
 {
@@ -64,12 +64,12 @@ Content-Type: application/json
 }
 
 //DOCS: Update account data, input varies, but is always JSON
-PATCH /auth/update
+PATCH /auth/account
 Content-Type: application/json
 Authorization: Bearer accessToken
 
 //DOCS: Sets the timer, account will be deleted after 2 days
-DELETE /auth/deletion
+DELETE /auth/account
 Authorization: Bearer accessToken
 Content-Type: application/json
 
@@ -78,7 +78,7 @@ Content-Type: application/json
 }
 
 //DOCS: Sets the privilege of the specified user; usable only by admins
-DELETE /auth/deletion
+PATCH /auth/admin/privilege
 Authorization: Bearer accessToken
 Content-Type: application/json
 
diff --git a/server/auth/account-privilege.js b/server/admin/account-privilege.js
similarity index 71%
rename from server/auth/account-privilege.js
rename to server/admin/account-privilege.js
index 719c525..43373ac 100644
--- a/server/auth/account-privilege.js
+++ b/server/admin/account-privilege.js
@@ -2,11 +2,6 @@ const { accounts } = require('../database/models');
 
 //auth/account/privilege
 const route = async (req, res) => {
-	//check the user's privilege
-	if (req.user.privilege != 'administrator') {
-		return res.status(401).send('Only admins can change privilege');
-	}
-
 	const updated = await accounts.update({
 		privilege: req.body.privilege
 	}, {
diff --git a/server/admin/index.js b/server/admin/index.js
index 6e6b3aa..0ca7a28 100644
--- a/server/admin/index.js
+++ b/server/admin/index.js
@@ -1,3 +1,22 @@
-module.exports = {
-	defaultAccount: require('./default-account')
-};
\ No newline at end of file
+const express = require('express');
+const router = express.Router();
+
+//middleware
+const tokenAuth = require('../utilities/token-auth');
+
+router.use(tokenAuth);
+router.use((req, res, next) => {
+	//check the user's privilege
+	if (req.user.privilege != 'administrator') {
+		return res.status(401).send('Admins only');
+	}
+
+	next();
+});
+
+require('./default-account')(); //generate the default accouunt
+
+//basic route management
+router.patch('/privilege', require('./account-privilege'));
+
+module.exports = router;
\ No newline at end of file
diff --git a/server/auth/deletion.js b/server/auth/account-delete.js
similarity index 100%
rename from server/auth/deletion.js
rename to server/auth/account-delete.js
diff --git a/server/auth/account.js b/server/auth/account-query.js
similarity index 100%
rename from server/auth/account.js
rename to server/auth/account-query.js
diff --git a/server/auth/update.js b/server/auth/account-update.js
similarity index 100%
rename from server/auth/update.js
rename to server/auth/account-update.js
diff --git a/server/auth/index.js b/server/auth/index.js
index 3152d4d..ab07546 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -17,10 +17,8 @@ router.use(tokenAuth);
 
 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
-router.get('/account', require('./account'));
-router.patch('/update', require('./update'));
-router.delete('/deletion', require('./deletion'));
-
-router.patch('/account/privilege', require('./account-privilege'));
+router.get('/account', require('./account-query'));
+router.patch('/account', require('./account-update'));
+router.delete('/account', require('./account-delete'));
 
 module.exports = router;
diff --git a/server/server.js b/server/server.js
index 7721490..fbd5186 100644
--- a/server/server.js
+++ b/server/server.js
@@ -15,8 +15,8 @@ app.use(cors());
 //database connection
 const database = require('./database');
 
-const admin = require('./admin');
-admin.defaultAccount();
+//access the admin
+app.use('/admin', require('./admin'));
 
 //access the auth
 app.use('/auth', require('./auth'));