Remove tutorials & add auth manager

backend/app/config/response.config.js

@@ -1,9 +1,9 @@
-function sendMessage (res, successCode, data) {
-  res.status(200).json({ status: 'success', successCode: successCode, data: data });
+function sendMessage (res, successCode, data, token=null) {
+  res.status(200).json({ status: 'success', successCode: successCode, token: token, data: data });
 }
 
-function sendError (res, statusCode, errorCode, reason) {
-  res.status(statusCode).json({ status: 'error', errorCode: errorCode, reason: reason });
+function sendError (res, statusCode, errorCode, reason, token=null) {
+  res.status(statusCode).json({ status: 'error', errorCode: errorCode, data: { token: token, reason: reason }});
 }
 
 module.exports = { sendMessage, sendError };

backend/app/config/sessionJWT.config.js

@@ -12,10 +12,11 @@ const JWTRS256_PRIVATE_KEY = Buffer.from(process.env.JWTRS256_PRIVATE_KEY, 'base
 const JWTRS256_PUBLIC_KEY = Buffer.from(process.env.JWTRS256_PUBLIC_KEY, 'base64').toString('utf-8');
 
 
-function createSessionJWT (mail) {
+function createSessionJWT (login, role) {
   return sessionJWTConfig.sign(
     {
-      mail: mail,
+      login: login,
+      role: role,
       midExp: Math.floor(Date.now() / 1000) + 1800
     },
     JWTRS256_PRIVATE_KEY,
@@ -28,20 +29,21 @@ function createSessionJWT (mail) {
 
 function createSessionCookie(req, res, payload) {
   let jwtToken;
-  if ((typeof payload.mail !== 'undefined') &&
-    (typeof payload.midExp !== 'undefined') &&
+  if (typeof payload.login !== 'undefined' &&
+    typeof payload.role !== 'undefined' &&
+    typeof payload.midExp !== 'undefined' &&
     (Math.floor(Date.now() / 1000) <= payload.midExp)) {
     jwtToken = req.headers.cookie;
   }
   else {
-    jwtToken = createSessionJWT(payload.mail);
+    jwtToken = createSessionJWT(payload.login, payload.role);
   }
   res.cookie('SESSIONID', jwtToken, {httpOnly:true, secure:false});
 }
 
 function decodeSessionCookie(sessionid) {
   if (typeof sessionid === 'undefined') {
-    return {mail: -1};
+    return {login: -1, role: -1};
   }
   try {
     const token = sessionJWTConfig.verify(
@@ -51,7 +53,7 @@ function decodeSessionCookie(sessionid) {
     return {token: token};
   }
   catch (err) {
-    return {mail: -1};
+    return {login: -1, role: -1};
   }
 }
 
@@ -65,20 +67,28 @@ function setSessionCookie (req, res, session) {
 }
 module.exports.setSessionCookie = setSessionCookie;
 
-function getMail(session) {
+function getToken(session) {
   if (typeof session === 'undefined' || typeof session.token === 'undefined') return -1;
   return session.token;
 }
-module.exports.getMail = getMail;
+module.exports.getToken = getToken;
 
-function checkLogin(req, res){
+function checkLogin(req, res, role=null){
   if(typeof req.cookies !== 'undefined'){
     const session = getSession(req.cookies.SESSIONID);
-    const token = getMail(session);
-    if(token.mail === 'undefined' || token.mail === -1){
+    const token = getToken(session);
+    if(token.login === 'undefined' || token.login === -1){
       return sendError(res, 500, -1, "User not authenticated.");
     } else{
-      return token;
+      if(role === null){
+        return token;
+      } else{
+        if(token.role !== 'undefined' && token.role === role){
+          return token;
+        } else{
+          return sendError(res, 500, -1, "User doesn't have permission.", token);
+        }
+      }
     }
   } else {
     return sendError(res, 500, -1, "Cookies don't exist.");