Project initially Done

Author: pronazmul

controller/loginController.js

@@ -32,7 +32,7 @@ const userLogin = async (req, res, next) => {
           mobile: user.mobile,
           email: user.email,
           avatar: user.avatar,
-          role: "user",
+          role: user.role || "user",
         };
 
         // Generate Token:
@@ -49,7 +49,7 @@ const userLogin = async (req, res, next) => {
 
         // Set Logged in user as local Identifier:
         res.locals.loggedInUser = userObject;
-        res.render("inbox");
+        res.redirect("/inbox");
       } else {
         throw createHttpError("Login Failed! Please Try Again");
       }

middlewares/common/checkLogin.js

@@ -1,4 +1,5 @@
 // External Modules:
+const createError = require("http-errors");
 const jwt = require("jsonwebtoken");
 
 const checkLogin = (req, res, next) => {
@@ -38,5 +39,24 @@ const redirectLogin = (req, res, next) => {
   }
 };
 
+const checkRole = (role) => (req, res, next) => {
+  console.log(req.user);
+  if (req.user.role && role.includes(req.user.role)) {
+    next();
+  } else {
+    if (res.locals.html) {
+      next(createError(401, "You are not Authorized to access this page!"));
+    } else {
+      res.status(401).json({
+        errors: {
+          common: {
+            msg: "You are not Authorized To access this page!",
+          },
+        },
+      });
+    }
+  }
+};
+
 // Module Export :
-module.exports = { checkLogin, redirectLogin };
+module.exports = { checkRole, checkLogin, redirectLogin };

public/stylesheets/style.css

@@ -473,7 +473,8 @@ input[type="submit"]:active {
 }
 
 .other-message .message-content {
-  grid-template-columns: 48px 1fr 1fr;
+  /* grid-template-columns: 48px 1fr 1fr; */
+  grid-template-columns: 48px 1fr;
   grid-column-gap: 15px;
 }
 

router/userRouter.js

@@ -8,7 +8,7 @@ const {
   addUser,
   deleteUser,
 } = require("../controller/userController");
-const { checkLogin } = require("../middlewares/common/checkLogin");
+const { checkLogin, checkRole } = require("../middlewares/common/checkLogin");
 const decorateHtmlResponse = require("../middlewares/common/decorateHtmlResponse");
 const avatarUpload = require("../middlewares/users/avatarUpload");
 const {
@@ -17,15 +17,22 @@ const {
 } = require("../middlewares/users/userValidator");
 
 // Get User Page
-router.get("/", decorateHtmlResponse("User"), checkLogin, getUsers);
+router.get(
+  "/",
+  decorateHtmlResponse("User"),
+  checkLogin,
+  checkRole(["admin"]),
+  getUsers
+);
 
 // Delete User:
-router.delete("/:id", deleteUser);
+router.delete("/:id", checkLogin, checkRole(["admin"]), deleteUser);
 
 // Add User With Avatar {Rest API}
 router.post(
   "/",
   checkLogin,
+  checkRole(["admin"]),
   avatarUpload,
   addUserValidators,
   addUserValidationHandler,

views/inbox.ejs

@@ -83,7 +83,6 @@
 
     // HANDLE NEW/LIVE INCOMINT MESSAGE FROM SOCKET:
     socket.on('new_message', (data)=>{
-      console.log("Socket is Working!")
       if(data.message.conversation_id == current_conversation_id){
       // message class
       const messageClass = data.message.sender.id === loggedinUserId ? 'you-message' : 'other-message';

views/partials/header.ejs

@@ -20,7 +20,15 @@
       <% if(loggedInUser && loggedInUser.email){ %>
       <div class="menu-item"><a href="/inbox">Inbox</a></div>
       <div class="menu-item"><a href="/users">Users</a></div>
-      <div class="menu-item"><a href="#" onclick="logout()">logout</a></div>
+      <div class="menu-item">
+        <% if (loggedInUser && loggedInUser.avatar) { %>
+        <img src="./uploads/avatars/<%= loggedInUser.avatar %>" alt="<%= loggedInUser.name %>"
+        />
+        <% } else { %>
+        <img src="./images/nophoto.png" alt="<%= loggedInUser.name %>" />
+        <% } %>
+        <a href="#" onclick="logout()">Logout</a>
+      </div>
       <% }else{ %>
       <div class="menu-item"><a href="/inbox">Inbox</a></div>
       <div class="menu-item"><a href="/users">Users</a></div>