const jwt = require("jsonwebtoken") const dotenv = require("dotenv") const User = require("../models/user_model") const Person = require("../models/person_model")
dotenv.config() const SECRET_KEY = process.env.JWT_SECRET || "your_secret_key"
// Updated public routes to include admin routes const publicRoutes = new Set([ // Existing public routes { path: /^/api/auth/register$/, method: "POST" }, { path: /^/api/auth/login$/, method: "POST" }, { path: /^/api/users/profile/[^/]+$/, method: "GET" }, { path: /^/api/users/skills/[^/]+$/, method: "GET" }, { path: /^/api/users/skills/[^/]+$/, method: "POST" }, { path: /^/api/users/jobs/[^/]+$/, method: "GET" }, { path: /^/api/users/recommendations/[^/]+$/, method: "GET" },
// Admin routes (added as public for debugging purposes) { path: /^/api/admin$/, method: "GET" }, { path: /^/api/admin$/, method: "POST" }, { path: /^/api/admin/[^/]+$/, method: "PUT" }, { path: /^/api/admin/[^/]+$/, method: "DELETE" }, { path: /^/api/admin/user/manage$/, method: "POST" }, { path: /^/api/admin/user/delete/[^/]+$/, method: "DELETE" }, { path: /^/api/admin/user/toggleStatus/[^/]+$/, method: "PUT" }, { path: /^/api/admin/users$/, method: "GET" }, { path: /^/api/admin/ai/configure$/, method: "POST" }, ])
console.warn("WARNING: Admin routes are set as public. This is not recommended for production use.")
const authMiddleware = async (req, res, next) => { console.log("Auth Middleware: Checking route", req.method, req.originalUrl)
const isPublicRoute = [...publicRoutes].some( (route) => route.method === req.method && route.path.test(req.originalUrl), )
if (isPublicRoute) { console.log("Auth Middleware: Public route, skipping authentication") return next() }
const token = req.header("Authorization")?.replace("Bearer ", "") if (!token) { console.log("Auth Middleware: No token provided") return res.status(401).json({ error: "Authentication required" }) }
try { console.log("Auth Middleware: Verifying token") const decoded = jwt.verify(token, SECRET_KEY) console.log("Auth Middleware: Decoded token:", JSON.stringify(decoded, null, 2))
if (!decoded.id) {
console.log("Auth Middleware: Token does not contain user ID")
return res.status(401).json({ error: "Invalid token structure" })
}
console.log("Auth Middleware: Finding user with ID:", decoded.id)
// First check in User model
let user = await User.findById(decoded.id).select("-password")
// If not found in User model, check in Person model
if (!user) {
console.log("Auth Middleware: User not found in User model, checking Person model")
user = await Person.findById(decoded.id).select("-password")
}
if (!user) {
console.log("Auth Middleware: User not found in any model")
return res.status(401).json({ error: "User not found" })
}
console.log("Auth Middleware: User authenticated", user._id, "Role:", user.role)
req.user = user
next()
} catch (err) { console.log("Auth Middleware: Error", err.message) return res.status(401).json({ error: "Invalid token" }) } }
const adminMiddleware = (req, res, next) => { console.log("Admin Middleware: Checking user role") if (!req.user) { console.log("Admin Middleware: No user object found") return res.status(401).json({ error: "Authentication required" }) } if (req.user.role !== "admin") { console.log("Admin Middleware: User is not an admin. User role:", req.user.role) return res.status(403).json({ error: "Admin access required" }) } console.log("Admin Middleware: Admin access granted") next() }
module.exports = { authMiddleware, adminMiddleware }
// admin_controller.js const AdminService = require("../services/adminService")
const manageUsers = async (req, res) => { try { const { action, userId, userData } = req.body const result = await AdminService.manageUsers(action, userId, userData) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
const deleteUser = async (req, res) => { try { const userId = req.params.userId const result = await AdminService.manageUsers("delete", userId) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
const toggleUserStatus = async (req, res) => { try { const userId = req.params.userId const result = await AdminService.toggleUserStatus(userId) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
const getAllUsers = async (req, res) => { try { const page = Number.parseInt(req.query.page) || 1 const limit = Number.parseInt(req.query.limit) || 10
const result = await AdminService.getAllUsers(page, limit)
res.json(result)
} catch (error) { res.status(400).json({ message: error.message }) } }
const configureAI = async (req, res) => { try { const aiConfig = req.body const result = await AdminService.configureAI(aiConfig) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
// Admin CRUD operations const createAdmin = async (req, res) => { try { const adminData = req.body const result = await AdminService.createAdmin(adminData) res.status(201).json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
const getAllAdmins = async (req, res) => { try { const page = Number.parseInt(req.query.page) || 1 const limit = Number.parseInt(req.query.limit) || 10
const result = await AdminService.getAllAdmins(page, limit)
res.json(result)
} catch (error) { res.status(400).json({ message: error.message }) } }
const updateAdmin = async (req, res) => { try { const adminId = req.params.adminId const adminData = req.body const result = await AdminService.updateAdmin(adminId, adminData) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
const deleteAdmin = async (req, res) => { try { const adminId = req.params.adminId const result = await AdminService.deleteAdmin(adminId) res.json(result) } catch (error) { res.status(400).json({ message: error.message }) } }
module.exports = { manageUsers, deleteUser, toggleUserStatus, getAllUsers, configureAI, createAdmin, getAllAdmins, updateAdmin, deleteAdmin, }
const express = require("express") const router = express.Router() const adminController = require("../controllers/admin_controller") const { authMiddleware, adminMiddleware } = require("../middlewares/authMiddleware")
// Apply middleware to all admin routes router.use(authMiddleware) router.use(adminMiddleware)
// Add this at the top of your routes router.get("/check", (req, res) => { res.json({ message: "Admin authentication successful", user: { id: req.user._id, email: req.user.email, role: req.user.role, }, }) })
// Routes for admin management router.post("/", adminController.createAdmin) router.get("/", adminController.getAllAdmins) router.put("/:adminId", adminController.updateAdmin) router.delete("/:adminId", adminController.deleteAdmin)
// Routes for user management router.post("/user/manage", adminController.manageUsers) router.delete("/user/delete/:userId", adminController.deleteUser) router.put("/user/toggleStatus/:userId", adminController.toggleUserStatus) router.get("/users", adminController.getAllUsers)
// Route for AI configuration router.post("/ai/configure", adminController.configureAI)
module.exports = router
const express = require("express") const router = express.Router() const userController = require("../controllers/user_controller") const { authMiddleware } = require("../middlewares/authMiddleware")
// Public routes - can be accessed without authentication router.get("/profile/:userId", userController.getUserProfile) router.get("/skills/:userId", userController.getUserSkills) router.get("/jobs/:userId", userController.getUserJobs) router.get("/recommendations/:userId", userController.getUserRecommendations) router.get("/formations/:userId", userController.getFormations) router.get("/experiences/:userId", userController.getExperiences)
// Protected routes - require authentication router.put("/profile/:userId", userController.updateUserProfile) router.delete("/profile/:userId", userController.deleteUserProfile) router.post("/skills/:userId", userController.addUserSkill) router.delete("/skills/:userId/:skillId", userController.removeUserSkill)
// Formation routes router.post("/formations/:userId", userController.addFormation) router.put("/formations/:userId/:formationId", userController.updateFormation) router.delete("/formations/:userId/:formationId", userController.deleteFormation)
// Experience routes router.post("/experiences/:userId", userController.addExperience) router.put("/experiences/:userId/:experienceId", userController.updateExperience) router.delete("/experiences/:userId/:experienceId", userController.deleteExperience)
// Specific field update routes router.put("/profile/:userId/job-title", userController.updateJobTitle) router.put("/profile/:userId/location", userController.updateLocation)
module.exports = router
i want to add for both user and admin a fonctionalities to activer ou desactiver un compte de user i want that whene the user wants to deactive or active his compte it send a message to the admin do the action donner le requet postman a faire
I'll implement the functionality for account activation/deactivation with admin approval. This will require several changes to your codebase:
Here are the Postman requests you can use to test this functionality:
POST /api/users/account/status-request
Headers:
Authorization: Bearer <user_token>
Body:
{
"requestType": "deactivate",
"reason": "I'm taking a break from the platform for a few months."
}GET /api/users/account/status-requests
Headers:
Authorization: Bearer <user_token>GET /api/admin/account-requests?status=pending
Headers:
Authorization: Bearer <admin_token>PUT /api/admin/account-requests/64a7b3c8d9e0f1g2h3i4j5k6
Headers:
Authorization: Bearer <admin_token>
Body:
{
"action": "approve",
"comment": "Request approved as per user's wish."
}PUT /api/admin/account-requests/64a7b3c8d9e0f1g2h3i4j5k6
Headers:
Authorization: Bearer <admin_token>
Body:
{
"action": "reject",
"comment": "Please contact support for more information."
}This implementation creates a complete workflow where:
The system maintains a history of all requests and their outcomes, which is useful for auditing purposes.