Added privilege modification to the API

Found a mistyped header
Wait, that's better
2021-03-12 15:04:01 +11:00 · 2021-03-11 00:41:24 +11:00 · 2021-03-11 00:01:19 +11:00 · 2021-03-10 23:57:27 +11:00
6 changed files with 46 additions and 10 deletions
@@ -77,4 +77,13 @@ Content-Type: application/json
 	"password": "helloworld"
 }
 //DOCS: Sets the privilege of the specified user; usable only by admins
 DELETE /auth/deletion
 Authorization: Bearer accessToken
 Content-Type: application/json
 {
 	"username": "example",
 	"privilege: "administrator"
 }
 ```
@@ -0,0 +1,25 @@
 const { accounts } = require('../database/models');
 //auth/account/privilege
 const route = async (req, res) => {
 	//check the user's privilege
 	if (req.user.privilege != 'administrator') {
 		return res.status(401).send('Only admins can change privilege');
 	}
 	const updated = await accounts.update({
 		privilege: req.body.privilege
 	}, {
 		where: {
 			username: req.body.username
 		}
 	});
 	if (updated < 1) {
 		return res.status(403).send(`Unknown account`);
 	}
 	return res.status(200).end();
 };
 module.exports = route;
@@ -9,12 +9,12 @@ const route = async (req, res) => {
 	});
 	if (!account) {
-		res.status(401).send('Unknown account');
+		return res.status(401).send('Unknown account');
 	}
 	//respond with the private-facing data
-	res.status(200).json({
+	return res.status(200).json({
-		contact: await account.contact
+		contact: account.contact
 	});
 };
@@ -2,7 +2,7 @@ const express = require('express');
 const router = express.Router();
 //middleware
-const authToken = require('../utilities/token-auth');
+const tokenAuth = require('../utilities/token-auth');
 //signup -> validate -> login all without a token
 router.post('/signup', require('./signup'));
@@ -13,7 +13,7 @@ router.post('/login', require('./login'));
 router.post('/token', require('./token'));
 //middleware
-router.use(authToken);
+router.use(tokenAuth);
 //basic account management (needs a token)
 router.delete('/logout', require('./logout'));
@@ -21,4 +21,6 @@ router.get('/account', require('./account'));
 router.patch('/update', require('./update'));
 router.delete('/deletion', require('./deletion'));
 router.patch('/account/privilege', require('./account-privilege'));
 module.exports = router;
@@ -4,7 +4,7 @@ const sequelize = new Sequelize(process.env.DB_DATABASE, process.env.DB_USERNAME
 	host: process.env.DB_HOSTNAME,
 	dialect: 'mariadb',
 	timezone: process.env.DB_TIMEZONE,
-	logging: false
+	logging: process.env.DB_LOGGING ? console.log : false
 });
 sequelize.sync();
@@ -6,16 +6,16 @@ module.exports = (req, res, next) => {
 	const token = authHeader?.split (' ')[1]; //'Bearer token'
 	if (!token) {
-		return res.status(401).end();
+		return res.status(401).send('No token found');
 	}
-	jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
+	return jwt.verify(token, process.env.SECRET_ACCESS, (err, user) => {
 		if (err) {
-			return res.status(403).end();
+			return res.status(403).send(err);
 		}
 		req.user = user;
-		next();
+		return next();
 	});
 };
Author	SHA1	Message	Date
Kayne Ruse	61ddd5b38f	Added privilege modification to the API	2021-03-12 15:04:01 +11:00
Kayne Ruse	cbd3ed9d3e	Found a mistyped header	2021-03-11 00:41:24 +11:00
Kayne Ruse	7bbd6bbcf1	Wait, that's better	2021-03-11 00:01:19 +11:00
Kayne Ruse	7ddef6ed1b	Added DB_QUIET as an option	2021-03-10 23:57:27 +11:00