[E-Commerce App with REST API] (5) token로 user 정보 확인 & 관리자 검증 & MongoDB의 ID 유효한가

250x250

관리 메뉴

😎 공부하는 징징알파카는 처음이지?

[E-Commerce App with REST API] (5) token로 user 정보 확인 & 관리자 검증 & MongoDB의 ID 유효한가 본문

👩‍💻 백엔드(Back-End)/Node js

[E-Commerce App with REST API] (5) token로 user 정보 확인 & 관리자 검증 & MongoDB의 ID 유효한가

징징알파카 2023. 3. 22. 19:40

728x90

<본 블로그는 Developers Corner 의 유튜브를 참고해서 공부하며 작성하였습니다 :-)>

=> Node.js E-Commerce App with REST API: Let's Build a Real-Life Example!

🌷 로그인 시 나오는 token으로 user 정보 확인하기

로그인 해서 token 나온걸 auth bearer 설정해서 입력하기!!!!!!!!!!! 그리고, id로 조회하기

🌷 관리자인지 확인하기

role이 admin 과 user로 나뉜다

🌷 관리자에서 block 인지 unblock 인지

🌷 코드

✅ controllers/useCtrl.js

const User = require("../models/User");
const bcrypt = require("bcrypt");
const asyncHandler = require("express-async-handler");
const { generateToken } = require("../config/jwtToken");
const { validateMongodbID } = require("../utils/validateMongodbID");

const createUser = asyncHandler(async (req, res) => {
  const { firstname, lastname, email, mobile, password } = req.body;
  const findUser = await User.findOne({ email: email });

  // email이 db에 없다면
  if (!findUser) {
    // Create a new User
    // 1) 우선 비밀번호 해쉬화(암호화)
    const hashedPassword = await bcrypt.hash(password, 10);
    // 2) 새 User 정보 만들기
    const newUser = await User.create({
      firstname, lastname, email, mobile, password: hashedPassword
    });

    res.json(newUser);
  } else {
    // User already exists
    throw new Error("User already exists");
  }
});

const loginCheck = asyncHandler(async (req, res) => {
  const { email, password } = req.body;
  // check if user exists or not
  const findUser = await User.findOne({ email: email });

  // user 가 없다면 done
  if (!findUser) {
    throw new Error("That email is not registered!");
  }
  // Match password (기존 비밀번호와 입력한 비밀번호 체크)
  bcrypt.compare(password, findUser.password, (err, isMatch) => {
    if (err) throw err;
    if (isMatch) {
      res.json({
        _id: findUser?._id,
        firstname: findUser?.firstname,
        lastname: findUser?.lastname,
        email: findUser?.email,
        mobile: findUser?.mobile,
        token: generateToken(findUser?._id)
      });
    } else {
      throw new Error("Email or Password is incorrect!");
    }
  });
})

// Update a user
const updateUser = asyncHandler(async (req, res) => {
  const { _id } = req.user;
  validateMongodbID(_id);

  try {
    const updateUser = await User.findByIdAndUpdate(
      _id,
      {
        firstname: req?.body?.firstname,
        lastname: req?.body?.lastname,
        email: req?.body?.email,
        mobile: req?.body?.mobile,
      }, {
      new: true,
    }
    );
    res.json(updateUser);
  } catch (error) {
    throw new Error(error);
  }
});


// get all users
const getAllUsers = asyncHandler(async (req, res) => {
  try {
    const getUser = await User.find();
    res.json({ getUser });
  } catch (error) {
    throw new Error(error);
  }
});

// get a single users
const getAUsers = asyncHandler(async (req, res) => {
  const { id } = req.params;
  validateMongodbID(id);

  try {
    const getUser = await User.findById(id);
    res.json({ getUser });
  } catch (error) {
    throw new Error(error);
  }
});

// delete a user
const deleteAUser = asyncHandler(async (req, res) => {
  const { id } = req.params;
  validateMongodbID(id);

  try {
    const deleteAUser = await User.findByIdAndDelete(id);
    res.json({ deleteAUser });
  } catch (error) {
    throw new Error(error);
  }
});

// block user
const blockUser = asyncHandler(async (req, res) => {
  const { id } = req.params;
  validateMongodbID(id);

  try {
    const block = await User.findByIdAndUpdate(
      id,
      {
        isBlocked: true,
      },
      {
        new: true,
      }
    );
    res.json(block);
    // res.json({
    //   message : "User blocked"
    // });
  } catch (error) {
    throw new Error(error);
  }
});

const unblockUser = asyncHandler(async (req, res) => {
  const { id } = req.params;
  validateMongodbID(id);

  try {
    const unblock = await User.findByIdAndUpdate(
      id,
      {
        isBlocked: false,
      },
      {
        new: true,
      }
    );
    res.json({
      message : "User unblocked"
    });
  } catch (error) {
    throw new Error(error);
  }
});


module.exports = {
  createUser,
  loginCheck,
  getAllUsers,
  getAUsers,
  deleteAUser,
  updateUser,
  blockUser,
  unblockUser
};

✅ middlewares/authMiddleware.js

const User = require("../models/User");
const jwt = require("jsonwebtoken");
const asyncHandler = require("express-async-handler");

const authMiddleware = asyncHandler(async (req, res, next) => {
  let token;
  if (req?.headers?.authorization?.startsWith("Bearer")) {
    token = req.headers.authorization.split(" ")[1];
    try {
      if (token) {
        const decoded = jwt.verify(token, process.env.SECRET);
        const user = await User.findById(decoded?.id);
        req.user = user;
        next();
      }
    } catch (error) {
      throw new Error("Not authorized token expired. Plz login again!");
    }
  } else {
    throw new Error("No token attached to header!");
  }
});

const isAdmin = asyncHandler(async (req, res, next) => {
  const {email} = req.user;
  const adminUser = await User.findOne({email});

  // 관리자인지 사용자인지 확인하기
  if (adminUser.role !== "admin") {
    throw new Error ("You are not an admin!!");
  } else {
    next();
  }
});

module.exports = {
  authMiddleware,
  isAdmin
};

✅ models/User.js

const mongoose = require("mongoose");

const UserSchema = new mongoose.Schema({
  firstname: {
    type: String,
    required: true
  },
  lastname: {
    type: String,
    required: true
  },
  email: {
    type: String,
    required: true,
    unique: true
  },
  mobile: {
    type: String,
    required: true,
    unique: true
  },
  password: {
    type: String,
    required: true,
  },
  role: {
    type: String,
    default: "user",
  },
  isBlocked : {
    type : Boolean,
    default : false,
  },
  cart: {
    type: Array,
    default: [],
  },
  address: [{
    type: mongoose.Schema.Types.ObjectId,
    ref: "Address"
  }],
  wishList: [{
    type: mongoose.Schema.Types.ObjectId,
    ref: "Product"
  }]
}, {
  timestamps: true,
  collection: 'users'
});

const User = mongoose.model("User", UserSchema);
module.exports = User;

✅ routes/authRoute.js

const express = require("express");
const router = express.Router();
const { createUser, loginCheck, getAllUsers, getAUsers, deleteAUser, updateUser, blockUser, unblockUser } = require("../controllers/userCtrl");
const { authMiddleware, isAdmin } = require("../middlewares/authMiddleware");

router.post("/register", createUser);
router.post("/login", loginCheck);

router.get("/all-users", getAllUsers);
router.get("/:id", authMiddleware, isAdmin, getAUsers);
router.delete("/:id", deleteAUser);
router.put("/edit-user", authMiddleware, updateUser);
router.put("/block-user/:id", authMiddleware, isAdmin, blockUser);
router.put("/unblock-user/:id", authMiddleware, isAdmin, unblockUser);

module.exports = router;

✅ utils/validateMongodbID.js

const mongoose = require("mongoose");

const validateMongodbID = (id) => {
    const isValid = mongoose.Types.ObjectId.isValid(id);
    if (!isValid) {
        throw new Error("This id is not valid or not found!");   
    }
};

module.exports = {
    validateMongodbID
};

728x90

저작자표시

'👩‍💻 백엔드(Back-End) > Node js' 카테고리의 다른 글

[E-Commerce App with REST API] (7) logout 시 쿠키 삭제 (0)	2023.03.23
[E-Commerce App with REST API] (6) cookie-parser & Refresh Token으로 재발급 받기 (Access Token 차이점) (0)	2023.03.23
[E-Commerce App with REST API] (4) login 인증 by jwt & 유저의 정보 post, get, delete, put (0)	2023.03.22
[E-Commerce App with REST API] (3) Async Request Handler 활용한 에러 & bcrypt의 hashl, Salt 적용 (0)	2023.03.21
[E-Commerce App with REST API] (2) User의 회원가입 내역을 MongoDB 연동 & PostMan 확인 (0)	2023.03.21