diff --git a/server/controllers/contestCon.js b/server/controllers/contestCon.js index b4281fc..be57635 100644 --- a/server/controllers/contestCon.js +++ b/server/controllers/contestCon.js @@ -62,7 +62,7 @@ const manageViolations = async (req, res) => { } catch (error) { res.status(500).json({ message: 'Server error', error: error.message }); } -};No +}; module.exports = { startContest, diff --git a/server/middlewares/isAdmin.js b/server/middlewares/isAdmin.js new file mode 100644 index 0000000..00f1992 --- /dev/null +++ b/server/middlewares/isAdmin.js @@ -0,0 +1,27 @@ +const User = require('../models/User'); +const isAdmin = async (req, res, next) => { + try { + const clerkUserId = req.auth?.userId; + + if (!clerkUserId) { + return res.status(401).json({ message: 'Unauthorized: No Clerk user ID found' }); + } + + const user = await User.findOne({ clerkId: clerkUserId }); + + if (!user) { + return res.status(404).json({ message: 'User not found in database' }); + } + + if (user.role !== 'admin') { + return res.status(403).json({ message: 'Forbidden: Admin access only' }); + } + + next(); // User is verified admin → continue + } catch (error) { + console.error('isAdmin Middleware Error:', error); + res.status(500).json({ message: 'Internal Server Error' }); + } +}; + +module.exports = isAdmin; diff --git a/server/routes/AdminRoute.js b/server/routes/AdminRoute.js new file mode 100644 index 0000000..fe55af4 --- /dev/null +++ b/server/routes/AdminRoute.js @@ -0,0 +1,17 @@ +const express = require('express'); +const router = express.Router(); + +const { requireAuth } = require('../middlewares/auth'); +const isAdmin = require('../middlewares/isAdmin'); + +const { startContest, manageViolations } = require('../controllers/contestCon'); + + +router.use(requireAuth, isAdmin); + +router.post('/contests/:id/start', startContest); +router.post('/contests/:id/violation', manageViolations); + +// Add more routes like create/update/delete contests/questions here + +module.exports = router;