diff --git a/src/api/routes/alarmRoutes.js b/src/api/routes/alarmRoutes.js
index 9739f4f..f62aa6c 100644
--- a/src/api/routes/alarmRoutes.js
+++ b/src/api/routes/alarmRoutes.js
@@ -1,7 +1,7 @@
import {
requireMonitor,
requireUser,
- validateAuth
+ requireRole
} from '#api/middlewares/index.js';
import { UserType } from '#db/schemas/index.js';
import { RouteMethod } from '#api/RouteDescription.js';
diff --git a/src/api/routes/auth/accountRoutes.js b/src/api/routes/auth/accountRoutes.js
index a2181d1..547110e 100644
--- a/src/api/routes/auth/accountRoutes.js
+++ b/src/api/routes/auth/accountRoutes.js
@@ -1,6 +1,7 @@
import { deleteUser, loginUser, registerUser } from '#db/index.js';
import { AuthDto, RegisterDto } from '#dto/index.js';
import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
+import { WhoAmIDto } from '#dto/auth/WhoAmIDto.js';
/**
* @type {RouteDescription}
@@ -91,3 +92,23 @@ export const deleteRoute = {
})
}
};
+
+/**
+ * @type {RouteDescription}
+ */
+export const whoAmI = {
+ path: '/auth/whoami',
+ methods: {
+ get: new RouteMethod({
+ description: 'Get current user',
+ async method(req, res) {
+ const data = await WhoAmIDto.create({
+ userId: req.auth.sub,
+ deviceId: req.auth.deviceId,
+ type: req.auth.type
+ });
+ res.send(data);
+ }
+ })
+ }
+};
diff --git a/src/api/routes/auth/adminAccountRoutes.js b/src/api/routes/auth/adminAccountRoutes.js
index 2153945..13cca53 100644
--- a/src/api/routes/auth/adminAccountRoutes.js
+++ b/src/api/routes/auth/adminAccountRoutes.js
@@ -1,6 +1,6 @@
import { deleteUser, loginUser, registerUser, UserType } from '#db/index.js';
import { AuthDto, RegisterDto } from '#dto/index.js';
-import { requireAdmin, validateAuth } from '#api/middlewares/index.js';
+import { requireAdmin, requireRole } from '#api/middlewares/index.js';
import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
/**
diff --git a/src/api/routes/auth/deviceRoutes.js b/src/api/routes/auth/deviceRoutes.js
index 849a48c..40090e8 100644
--- a/src/api/routes/auth/deviceRoutes.js
+++ b/src/api/routes/auth/deviceRoutes.js
@@ -1,6 +1,6 @@
import { registerUser } from '#db/index.js';
import { RegisterDto } from '#dto/index.js';
-import { validateAuth } from '#api/middlewares/index.js';
+import { requireRole } from '#api/middlewares/index.js';
import { RouteDescription, RouteMethod } from '#api/RouteDescription.js';
/**
@@ -10,7 +10,7 @@ export const getDevicesRoute = {
path: '/auth/devices',
methods: {
get: new RouteMethod({
- middlewares: [validateAuth({})],
+ middlewares: [requireRole({})],
async method(req, res) {
const data = await RegisterDto.create(req.body);
const registerResult = await registerUser(data);
diff --git a/src/api/routes/budgetRoutes.js b/src/api/routes/budgetRoutes.js
index d7ebde4..4ad4897 100644
--- a/src/api/routes/budgetRoutes.js
+++ b/src/api/routes/budgetRoutes.js
@@ -1,7 +1,7 @@
import {
requireMonitor,
requireUser,
- validateAuth
+ requireRole
} from '#api/middlewares/index.js';
import { UserType } from '#db/schemas/index.js';
import {
@@ -10,25 +10,30 @@ import {
RouteMethodList
} from '#api/RouteDescription.js';
import { getUserById } from '#db/dbAccess/index.js';
+import { SafeNSoundError } from '#util/error.js';
/**
* @type {RouteDescription}
*/
export const getBudgetByUserRoute = {
path: '/budget/:id',
- methods: new RouteMethodList({
+ methods: {
get: new RouteMethod({
middlewares: [requireMonitor],
async method(req, res) {
if (req.user.type !== UserType.ADMIN) {
if (!req.user.monitoredUsers.includes(req.params.id))
- throw new Error('meow');
+ throw new SafeNSoundError({
+ errCode: 'UNAUTHORIZED',
+ message:
+ "You do not have permission to access this user's budget."
+ });
}
- //if (!req.)
- // const user = await getUserById(req.);
+ const user = await getUserById(req.params.id);
+ res.send({ balance: user.balance });
}
})
- })
+ }
};
/**
|
