From f103f0cb4f7a3ec3aa592befb531087972959415 Mon Sep 17 00:00:00 2001 From: MattLeo Date: Wed, 3 Dec 2025 11:55:16 -0600 Subject: [PATCH] added user roles account creation --- server/auth.js | 3 ++- server/db.js | 8 +++++--- server/server.js | 14 ++++++++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/server/auth.js b/server/auth.js index d7e40de..be09535 100644 --- a/server/auth.js +++ b/server/auth.js @@ -16,7 +16,8 @@ function generateToken(user) { email: user.email, username: user.username, display_name: user.display_name, - auth_provider: user.auth_provider + auth_provider: user.auth_provider, + role: user.role }; const token = jwt.sign(payload, JWT_SECRET, {expiresIn: JWT_EXPIRATION}); diff --git a/server/db.js b/server/db.js index 3e77e7a..1f9059e 100644 --- a/server/db.js +++ b/server/db.js @@ -61,6 +61,7 @@ async function initDb() { display_name TEXT, auth_provider TEXT DEFAULT 'local', entra_id TEXT, + role TEXT, created_at DATETIME DEFAULT CURRENT_TIMESTAMP ) `); @@ -211,11 +212,12 @@ function searchArticles(query) { * @param {string} display_name - The name that will be desplayed when an article is created or updated * @param {string} authProvider - the source of the authentication: 'local' or 'entra' * @param {string} entraId - The ID number for the associated entra account, can be null if auth provider is local + * @param {string} role - The user's role permissions (Admin / Editor / User) * @returns {Object} - The user object of the newly created user */ -function createUser(username, email, passHash, display_name, authProvider = 'local', entraId = null) { - db.run("INSERT INTO users (username, email, pass_hash, display_name, auth_provider, entra_id) VALUES (?, ?, ?, ?, ?, ?)", - [username, email, passHash, display_name, authProvider, entraId] +function createUser(username, email, passHash, display_name, authProvider = 'local', entraId = null, role = 'User') { + db.run("INSERT INTO users (username, email, pass_hash, display_name, auth_provider, entra_id, role) VALUES (?, ?, ?, ?, ?, ?, ?)", + [username, email, passHash, display_name, authProvider, entraId, role] ) // Saving DB with newly created record diff --git a/server/server.js b/server/server.js index a3f839a..0e93633 100644 --- a/server/server.js +++ b/server/server.js @@ -149,6 +149,7 @@ initDb().then(() => { email: newUser.email, display_name: newUser.display_name, auth_provider: newUser.auth_provider, + role: user.role, created_at: newUser.created_at }, token @@ -188,6 +189,7 @@ initDb().then(() => { email: user.email, display_name: user.display_name, auth_provider: user.auth_provider, + role: user.role, created_at: user.created_at }, token @@ -217,6 +219,13 @@ initDb().then(() => { return res.status(401).json({error: 'Invalid Microsoft token'}); } + const decoded = jwt.decode(accessToken); + const roles = decoded.roles || {}; + let userRole = 'User'; + + if (roles.includes('Admin')) userRole = 'Admin'; + else if (roles.includes('Editor')) userRole = 'Editor'; + const msUser = await graphResponse.json(); // Check if user exists in our database @@ -230,7 +239,8 @@ initDb().then(() => { null, msUser.displayName, 'entra', - msUser.id + msUser.id, + userRole ); } else if (user.auth_provider === 'local') { return res.status(400).json({ @@ -238,7 +248,6 @@ initDb().then(() => { }); } - // Generate our JWT token const token = generateToken(user); return res.status(200).json({ @@ -248,6 +257,7 @@ initDb().then(() => { email: user.email, display_name: user.display_name, auth_provider: user.auth_provider, + role: user.role, created_at: user.created_at }, token