ajout vérification token valide pour éffectuer opération

backend/controllers/posts.js

@@ -0,0 +1,52 @@
+const { validationResult } = require('express-validator');
+
+const Post = require('../models/posts');
+
+exports.fetchAll = async (req, res, next) => {
+    try {
+        const [allPosts] = await Post.fetchAll();
+        res.status(200).json(allPosts);
+    } catch (err) {
+        if (!err.statusCode) {
+            err.statusCode = 500;
+        }
+        next(err);
+    }
+}
+
+exports.postPost = async (req, res, next) => {
+    const errors = validationResult(req);
+    if (!errors.isEmpty()) return;
+
+    const title = req.body.title;
+    const body = req.body.body;
+    const user = req.body.user;
+
+    try{
+        const post = {
+            title: title,
+            body: body,
+            user: user,
+        };
+        const result = await Post.save(post);
+
+        res.status(201).json({ message: ' publication réussi ' });
+    } catch (err) {
+        if(!err.statusCode) {
+            err.statusCode = 500;
+        }
+        next(err);
+    }
+};
+
+exports.deletePost = async (req, res, next) => {
+    try {
+        const deleteResponse = await Post.delete(req.params.id);
+        res.status(200).json(deleteResponse);
+    } catch (err) {
+        if (!err.statusCode) {
+            err.statusCode = 500;
+        }
+        next(err);
+    }
+}

backend/index.js

@@ -4,6 +4,8 @@ const bodyParser = require('body-parser');
 
 const authRoutes = require('./routes/auth');
 
+const postsRoutes = require('./routes/posts');
+
 const errorController = require('./controllers/error');
 
 const app = express();
@@ -25,6 +27,8 @@ app.use((req, res, next) => {
 
 app.use('/auth', authRoutes);
 
+app.use('/post', postsRoutes);
+
 app.use(errorController.get404);
 
 app.use(errorController.get500);

backend/middleware/auth.js

@@ -0,0 +1,28 @@
+const jwt = require('jsonwebtoken');
+
+module.exports = (req, res, next) => {
+    const authHeader = req.get('Authorization');
+    if(!authHeader) {
+        const error = new Error('Utilisateur non enregistré');
+        error.statusCode = 401;
+        throw error;
+    }
+    const token = authHeader.split(' ')[1];
+    let decodedToken;
+    try {
+        decodedToken = jwt.verify(token, 'secretfortoken');
+    }
+    catch(err){
+        err.statusCode = 500;
+        throw err;
+    }
+    if(!decodedToken){
+        const error = new Error('Utilisateur non enregistré');
+        error.statusCode = 401;
+        throw error;
+    }
+    req.isLoggedIn = true;
+    req.userId = decodedToken.userId;
+    req.email = decodedToken.email;
+    next();
+};

backend/models/posts.js

@@ -0,0 +1,25 @@
+const db = require('../util/database');
+
+module.exports = class Post {
+    constructor(title, body, user){
+        this.title = title;
+        this.body = body;
+        this.user = user;
+    }
+
+    static fetchAll(){
+        return db.execute('SELECT * FROM posts');
+    }
+
+    static save(post){
+        return db.execute(
+            'INSERT INTO posts (title, body, user) VALUES (?, ?, ?)',
+            [post.title, post.body, post.user]
+        );
+    }
+
+    static delete(id){
+        return db.execute('DELETE FROM posts WHERE id = ?', [id]);
+    }
+};
+

backend/routes/posts.js

@@ -0,0 +1,26 @@
+const express = require('express');
+
+const { body } = require('express-validator');
+
+const router = express.Router(); 
+
+const postsController = require('../controllers/posts');
+
+const auth = require ('../middleware/auth');
+
+router.get('/', auth, postsController.fetchAll);
+
+router.post(
+    '/', 
+    [
+        auth,
+        body('title').trim().isLength({ min : 5 }).not().isEmpty(),
+        body('body').trim().isLength({ min : 10 }).not().isEmpty(),
+        body('user').trim().not().isEmpty()
+    ], postsController.postPost
+);
+
+router.delete('/:id', auth, postsController.deletePost)
+
+
+module.exports = router;