Fix user id in new database instances. Add roles middleware

app/auth.js

@@ -14,7 +14,7 @@ const createToken = ({ id, isAdmin }) =>
       { id, isAdmin },
       process.env.JWT_SECRET,
       {
-        expiresIn: 60,
+        expiresIn: 30 * 60,
       },
       (err, token) => {
         if (!err) {

app/controllers/tag/tag.controller.js

@@ -1,5 +1,8 @@
 const { Tag } = require('../../models');
+const { removeById } = require('../common');
 
 exports.getAll = () => Tag.all();
 
-exports.create = (name) => Tag.create({name});
+exports.create = name => Tag.create({ name });
+
+exports.remove = id => removeById(Tag, id);

app/routes/answer.js

@@ -2,8 +2,8 @@ const Answer = require('../controllers/answer/answer.controller');
 
 exports.create = async ctx => {
   const { id } = ctx.params;
-  const { text, userId } = ctx.request.body;
-  const question = await Answer.create(text, id, userId);
+  const { text } = ctx.request.body;
+  const question = await Answer.create(text, id, ctx.state.user.id);
   if (question) {
     ctx.body = question;
   } else {

app/routes/helpers.js

@@ -0,0 +1,12 @@
+exports.checkAdminOrOwner = model => async (ctx, next) => {
+  if (ctx.state.user.isAdmin) {
+    next();
+    return;
+  }
+  const instance = await model.findById(ctx.params.id);
+  if (instance.userId !== ctx.state.user.id) {
+    ctx.status = 403;
+    return
+  }
+  next();
+};

app/routes/index.js

@@ -4,6 +4,9 @@ const question = require('./question');
 const answer = require('./answer');
 const tag = require('./tag');
 
+const { Question, Answer } = require('../models');
+const { checkAdminOrOwner } = require('./helpers');
+
 const router = new Router();
 
 router.get('/', ctx => {
@@ -18,10 +21,10 @@ router.get('/users', user.getAll);
 router.post('/questions', question.create);
 router.get('/questions', question.getAll);
 router.get('/questions/:id', question.getById);
-router.patch('/questions/:id', question.update);
+router.patch('/questions/:id', checkAdminOrOwner(Question), question.update);
 router.post('/questions/:id/upvote', question.upvote);
 router.post('/questions/:id/downvote', question.downvote);
-router.delete('/questions/:id', question.remove);
+router.delete('/questions/:id', checkAdminOrOwner(Question), question.remove);
 
 router.post('/questions/:id/answers', answer.create);
 router.get('/questions/:id/answers', answer.getAllByQuestionId);
@@ -30,8 +33,8 @@ router.post('/questions/:id/add-tag', question.addTag);
 router.post('/questions/:id/remove-tag', question.removeTag);
 
 router.get('/answers/:id', answer.getById);
-router.patch('/answers/:id', answer.update);
-router.delete('/answers/:id', answer.remove);
+router.patch('/answers/:id', checkAdminOrOwner(Answer), answer.update);
+router.delete('/answers/:id', checkAdminOrOwner(Answer), answer.remove);
 router.post('/answers/:id/upvote', answer.upvote);
 router.post('/answers/:id/doenvote', answer.downvote);
 

app/routes/question.js

@@ -1,8 +1,8 @@
 const Question = require('../controllers/question/question.controller');
 
 exports.create = async ctx => {
-  const { title, description, userId } = ctx.request.body;
-  const question = await Question.create(title, description, userId);
+  const { title, description } = ctx.request.body;
+  const question = await Question.create(title, description, ctx.state.user.id);
   if (question) {
     ctx.body = question;
   } else {

app/routes/tag.js

@@ -10,11 +10,15 @@ exports.getAll = async ctx => {
 }
 
 exports.create = async ctx => {
-  const { name } = ctx.request.body;
-  const tag = await Tag.create(name);
-  if (tag) {
-    ctx.body = tag;
+  if (ctx.state.user.isAdmin) {
+    const { name } = ctx.request.body;
+    const tag = await Tag.create(name);
+    if (tag) {
+      ctx.body = tag;
+    } else {
+      ctx.status = 400;
+    }
   } else {
-    ctx.status = 400;
+    ctx.status = 403;
   }
 };

app/routes/user.js

@@ -5,7 +5,9 @@ exports.register = async ctx => {
   const { login, password } = ctx.request.body;
   const user = await User.create(login, password);
   if (user) {
+    const token = await createToken(user);
     ctx.body = {
+      token,
       message: `User ${user.login} has been created.`,
     };
   } else {

package.json

@@ -24,7 +24,6 @@
   "dependencies": {
     "bcrypt": "^1.0.3",
     "dotenv": "^5.0.1",
-    "eslint-config-prettier": "^2.9.0",
     "jsonwebtoken": "^8.2.1",
     "koa": "^2.5.0",
     "koa-bodyparser": "^4.2.0",
@@ -37,6 +36,7 @@
   "devDependencies": {
     "eslint": "^4.19.1",
     "eslint-config-airbnb-base": "^12.1.0",
+    "eslint-config-prettier": "^2.9.0",
     "eslint-plugin-import": "^2.10.0"
   }
 }