const express = require('express');
const logger = require('./logger');
const app = express();
const port = process.env.PORT || 3000;
app.use(express.json());
let currentUser = undefined
const users = [{ username: 'nadav' ,password:'12345', role:'admin'},{username:'roei',password:'123', role:'user'},{username:'gil',password:'7777',role:'manager'}];
app.post('/login', (req, res) => {
const data = req.body
const {username,password} = data
if (!username || !password){
return res.status(404).send("no password or username")
}
const find = users.find(x=>x.username == username)
if (!find){
res.status(404).send('user not found')
}
if (find.password !== password){
res.status(500).send("password incorrect")
}
currentUser = find
res.status(200).json({username:find.username,role:find.role});
});
app.post('/logout', (req, res) => {
currentUser = undefined
res.json({ message: 'logout successful' });
});
function authMiddleware({ res, req, next }) {
if (!currentUser) {
return res.status(401).json({ message: 'not logged in' });
}
next();
}
app.get('/', (req, res) => {
if (currentUser){
res.send(`Main page Logout`);
} else{
res.send(`Main page Login`);
}
});
app.use(authMiddleware)
app.get('/admin',(req,res)=>{
if (currentUser.role !== 'admin') {
return res.status(401).json({ message: 'user is not authorized' });
}
res.send("hello admin")
})
app.get('/user/profile/:name',(req,res)=>{
const name = req.params.name
const find = users.find(x=>x.username == name)
if (!find){
return res.status(404).json({message:`user not found`})
}
if (find.username != currentUser.username){
return res.status(404).json({ message: `this is not your profile` });
}
return res
.status(200)
.json({ message: `welcome ${find.username} this is your profile` });
}
)
app.listen(port, () => console.log(`Example app ${port}`));