Add admin middleware and route example

0xTim · Mar 20, 2020 · 6d86b82 · 6d86b82
1 parent b35aa90
commit 6d86b82
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 4 deletions.
diff --git a/Sources/App/Controllers/UserController.swift b/Sources/App/Controllers/UserController.swift
@@ -12,16 +12,19 @@ struct UserController: RouteCollection {
 
         let tokenAuthRoutes = userRoutes.grouped(Token.authenticator().middleware())
         tokenAuthRoutes.get("me", use: getMyDetailsHandler)
-        tokenAuthRoutes.delete(":userID", use: deleteHandler)
+
+        let adminMiddleware = tokenAuthRoutes.grouped(AdminMiddleware())
+        adminMiddleware.delete(":userID", use: deleteHandler)
     }
 
     func indexHandler(_ req: Request) throws -> EventLoopFuture<[User]> {
         return User.query(on: req.db).all()
     }
 
     func createHandler(_ req: Request) throws -> EventLoopFuture<User> {
-        let user = try req.content.decode(User.self)
-        user.passwordHash = try Bcrypt.hash(user.passwordHash)
+        let userData = try req.content.decode(CreateUserData.self)
+        let passwordHash = try Bcrypt.hash(userData.password)
+        let user = User(name: userData.name, email: userData.email, passwordHash: passwordHash, userType: userData.userType)
         return user.save(on: req.db).map { user }
     }
 
@@ -42,3 +45,10 @@ struct UserController: RouteCollection {
         try req.auth.require(User.self)
     }
 }
+
+struct CreateUserData: Content {
+    let name: String
+    let email: String
+    let password: String
+    let userType: UserType
+}
diff --git a/Sources/App/Middleware/AdminMiddleware.swift b/Sources/App/Middleware/AdminMiddleware.swift
@@ -0,0 +1,10 @@
+import Vapor
+
+struct AdminMiddleware: Middleware {
+    func respond(to request: Request, chainingTo next: Responder) -> EventLoopFuture<Response> {
+        guard let user = try? request.auth.require(User.self), user.userType == .admin else {
+            return request.eventLoop.makeFailedFuture(Abort(.forbidden))
+        }
+        return next.respond(to: request)
+    }
+}
diff --git a/Sources/App/Migrations/CreateUser.swift b/Sources/App/Migrations/CreateUser.swift
@@ -7,6 +7,7 @@ struct CreateUser: Migration {
             .field("name", .string, .required)
             .field("email", .string, .required)
             .field("password_hash", .string, .required)
+            .field("user_type", .string, .required)
             .unique(on: "email")
             .create()
     }

diff --git a/Sources/App/Models/User.swift b/Sources/App/Models/User.swift
@@ -17,14 +17,18 @@ final class User: Model, Content, ModelUser {
 
     @Field(key: "password_hash")
     var passwordHash: String
+
+    @Field(key: "user_type")
+    var userType: UserType
 
     init() { }
 
-    init(id: UUID? = nil, name: String, email: String, passwordHash: String) {
+    init(id: UUID? = nil, name: String, email: String, passwordHash: String, userType: UserType) {
         self.id = id
         self.name = name
         self.email = email
         self.passwordHash = passwordHash
+        self.userType = userType
     }
 
     func verify(password: String) throws -> Bool {
@@ -40,3 +44,8 @@ extension User {
         )
     }
 }
+
+enum UserType: String, Content {
+    case normal
+    case admin
+}
diff --git a/startLocalDockerDB.sh b/startLocalDockerDB.sh
@@ -0,0 +1 @@
+docker run --name postgres-authtest -e POSTGRES_DB=vapor_database -e POSTGRES_USER=vapor_username -e POSTGRES_PASSWORD=vapor_password -p 5432:5432 -d postgres
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		docker run --name postgres-authtest -e POSTGRES_DB=vapor_database -e POSTGRES_USER=vapor_username -e POSTGRES_PASSWORD=vapor_password -p 5432:5432 -d postgres