From 2fe34034a5e6bb0b43ff33d42a1073f2f984be2d Mon Sep 17 00:00:00 2001 From: unknown Date: Sun, 6 Jul 2025 23:40:05 +0700 Subject: [PATCH] :triangular_flag_on_post: (user) create soft delete controller boilerplate create basic boilerplate for soft delete user including make middleware that only admin and owner can access --- .../userRoles/isOwnerOrAdmin.middleware.ts | 26 +++++++++++++++++++ .../controller/softDeleteUser.controller.ts | 7 +++++ src/modules/user/index.ts | 7 +++++ 3 files changed, 40 insertions(+) create mode 100644 src/middleware/userRoles/isOwnerOrAdmin.middleware.ts create mode 100644 src/modules/user/controller/softDeleteUser.controller.ts diff --git a/src/middleware/userRoles/isOwnerOrAdmin.middleware.ts b/src/middleware/userRoles/isOwnerOrAdmin.middleware.ts new file mode 100644 index 0000000..5358652 --- /dev/null +++ b/src/middleware/userRoles/isOwnerOrAdmin.middleware.ts @@ -0,0 +1,26 @@ +import { Context } from "elysia"; +import { getCookie } from "../../helpers/http/userHeader/cookies/getCookies"; +import { jwtDecode } from "../../helpers/http/jwt/decode"; +import { returnErrorResponse } from "../../helpers/callback/httpResponse"; +import { mainErrorHandler } from "../../helpers/error/handler"; + +export const isOwnerOrAdminMiddleware = (ctx: Context) => { + try { + const clientCookie = getCookie(ctx); + const clientToken = jwtDecode(clientCookie.auth_token!); + const clientUsername = clientToken.user.username; + // const isClientAdmin = clientToken.user.username + + const targetUsername = ctx.params.username; + if (targetUsername !== clientUsername) + return returnErrorResponse( + ctx.set, + 401, + "You don't have access to this resource" + ); + + // Pass + } catch (error) { + return mainErrorHandler(ctx.set, error); + } +}; diff --git a/src/modules/user/controller/softDeleteUser.controller.ts b/src/modules/user/controller/softDeleteUser.controller.ts new file mode 100644 index 0000000..039187d --- /dev/null +++ b/src/modules/user/controller/softDeleteUser.controller.ts @@ -0,0 +1,7 @@ +import { Context } from "elysia"; +import { returnWriteResponse } from "../../../helpers/callback/httpResponse"; + +export const softDeleteUserController = async (ctx: Context) => { + const data = ctx.params.username; + return returnWriteResponse(ctx.set, 201, "Okay", data); +}; diff --git a/src/modules/user/index.ts b/src/modules/user/index.ts index 712a18c..78a7e2f 100644 --- a/src/modules/user/index.ts +++ b/src/modules/user/index.ts @@ -5,6 +5,8 @@ import { editUserController } from "./controller/editUser.controller"; import { unautenticatedMiddleware } from "../../middleware/auth/unauthenticated.middleware"; import { authenticatedMiddleware } from "../../middleware/auth/authenticated.middleware"; import { checkUserPasswordController } from "./controller/checkUserPassword.controller"; +import { isOwnerOrAdminMiddleware } from "../../middleware/userRoles/isOwnerOrAdmin.middleware"; +import { softDeleteUserController } from "./controller/softDeleteUser.controller"; export const userModule = new Elysia({ prefix: "/users" }) .get("/", getAllUserController) @@ -18,4 +20,9 @@ export const userModule = new Elysia({ prefix: "/users" }) .onBeforeHandle(authenticatedMiddleware) // middleware to ensure the user is authenticated .put("/", editUserController) .post("/check-password", checkUserPasswordController) + ) + .group("", (app) => + app + .onBeforeHandle(isOwnerOrAdminMiddleware) + .delete(":username", softDeleteUserController) );