Index: backend/auth/auth.js
===================================================================
--- backend/auth/auth.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
+++ backend/auth/auth.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -0,0 +1,28 @@
+const jwt = require('jsonwebtoken');
+const path = require('path');
+const dotenv = require('dotenv');
+dotenv.config({ path: path.resolve(__dirname, '../.env') });
+
+const authenticateToken = (req, res, next) => {
+ const authHeader = req.headers['authorization'];
+ const token = authHeader && authHeader.split(' ')[1];
+
+ if (!token) {
+ return res.status(401).json({ message: 'Authentication required' });
+ }
+
+ jwt.verify(token, process.env.SUPABASE_JWT_SECRET, (err, decoded) => {
+ if (err) {
+ return res.status(403).json({ message: 'Invalid or expired token' });
+ }
+
+ // Add the decoded user info to request for permission checks
+ req.user = {
+ ...decoded,
+ isModerator: decoded.user_metadata?.isModerator || false,
+ };
+ next();
+ });
+};
+
+module.exports = authenticateToken;
Index: backend/controllers/apiController.js
===================================================================
--- backend/controllers/apiController.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/controllers/apiController.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -1,3 +1,3 @@
-const supabase = require('../supabaseClient');
+const { supabase, restartSupabaseConnection } = require('../supabaseClient');
const Student = require('../models/Student');
const prisma = require('../lib/prisma');
Index: backend/controllers/forumController.js
===================================================================
--- backend/controllers/forumController.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/controllers/forumController.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -8,4 +8,5 @@
const { analyzePostContent } = require('../ai/processRequestAi');
const { createReviewPost } = require('./reviewController');
+const verifyModeratorStatus = require('../services/checkModeratorStatus');
const createForumPost = async (req, res) => {
@@ -73,5 +74,4 @@
});
- // Update the domain object with the generated ID
post.id = savedPost.id;
await decrementPostCounter(authorId);
@@ -107,4 +107,5 @@
}
}
+//Dali treba?
const createApprovedForumPost = async (req, res) => {
const { title, content, authorId, authorName } = req.body;
@@ -176,37 +177,34 @@
};
-const updateForumPost = async (req, res) => {
+const deleteForumPost = async (req, res) => {
const { id } = req.params;
- const { title, content } = req.body;
-
- try {
- // Update using Prisma
- const updatedPost = await prisma.forum_posts.update({
+ const userId = req.user.sub;
+
+ try {
+ const post = await prisma.forum_posts.findUnique({
where: { id },
- data: {
- title,
- content,
- },
- });
-
- if (!updatedPost) {
+ select: {
+ author_id: true,
+ },
+ });
+
+ if (!post) {
return res.status(404).json({ error: 'Forum post not found' });
}
- // Create domain object from updated data
- const post = new ForumPost({
- id: updatedPost.id,
- title: updatedPost.title,
- content: updatedPost.content,
- authorName: updatedPost.author_name,
- dateCreated: updatedPost.date_created,
- });
-
- res.status(200).json({
- message: 'Forum post updated successfully',
- post,
- });
- } catch (err) {
- // Prisma throws when record not found
+ if (post.author_id === userId) {
+ await prisma.forum_posts.delete({ where: { id } });
+ return res.status(204).send();
+ }
+
+ const hasPermission = await verifyModeratorStatus(userId);
+ if (!hasPermission) {
+ return res.status(403).json({
+ error: 'You do not have permission to delete this post',
+ });
+ }
+ await prisma.forum_posts.delete({ where: { id } });
+ res.status(204).send();
+ } catch (err) {
if (err.code === 'P2025') {
return res.status(404).json({ error: 'Forum post not found' });
@@ -217,27 +215,6 @@
};
-const deleteForumPost = async (req, res) => {
- const { id } = req.params;
-
- try {
- // Delete using Prisma
- await prisma.forum_posts.delete({
- where: { id },
- });
-
- res.status(204).send();
- } catch (err) {
- // Prisma throws when record not found
- if (err.code === 'P2025') {
- return res.status(404).json({ error: 'Forum post not found' });
- }
- console.error('Server error:', err);
- res.status(500).json({ error: 'Internal server error' });
- }
-};
-
// Comment Functions
const createComment = async (req, res) => {
- // Accept post_id, content, authorId, authorName from body
const { post_id, content, authorId, authorName } = req.body;
@@ -262,5 +239,4 @@
}
- // Store in database using Prisma
const savedComment = await prisma.comments.create({
data: {
@@ -307,5 +283,4 @@
});
- // Convert to domain objects
const comments = dbComments.map(
(comment) =>
@@ -326,48 +301,25 @@
};
-const updateComment = async (req, res) => {
- const { commentId } = req.params;
- const { content } = req.body;
-
- try {
- // Update using Prisma
- const updatedComment = await prisma.comments.update({
- where: { id: commentId },
- data: { content },
- });
-
- // Create domain object from updated data
- const comment = new Comment({
- id: updatedComment.id,
- content: updatedComment.content,
- authorName: updatedComment.author_name,
- dateCreated: updatedComment.dateCreated,
- });
-
- res.status(200).json({
- message: 'Comment updated successfully',
- comment,
- });
- } catch (err) {
- if (err.code === 'P2025') {
- return res.status(404).json({ error: 'Comment not found' });
- }
- console.error('Server error:', err);
- res.status(500).json({ error: 'Internal server error' });
- }
-};
-
const deleteComment = async (req, res) => {
const { commentId } = req.params;
-
+ const userId = req.user.sub;
try {
// First get the comment to find its post_id
const comment = await prisma.comments.findUnique({
where: { id: commentId },
- select: { post_id: true },
+ select: { post_id: true, author_id: true },
});
if (!comment) {
return res.status(404).json({ error: 'Comment not found' });
+ }
+ const user = await prisma.users.findUnique({
+ where: { id: userId },
+ select: { isModerator: true },
+ });
+ if (comment.author_id !== userId && !(user && user.isModerator)) {
+ return res.status(403).json({
+ error: 'You do not have permission to delete this comment',
+ });
}
@@ -398,9 +350,9 @@
createForumPost,
getForumPosts,
- updateForumPost,
+
deleteForumPost,
createComment,
getComments,
- updateComment,
+
deleteComment,
createApprovedForumPost,
Index: backend/controllers/reviewController.js
===================================================================
--- backend/controllers/reviewController.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/controllers/reviewController.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -4,5 +4,5 @@
const filter = require('leo-profanity');
const safeWords = require('../filters/safeWords');
-
+const verifyModeratorStatus = require('../services/checkModeratorStatus');
const createReviewPost = async (req, res) => {
const { title, content, authorId, authorName } = req.body;
@@ -34,5 +34,12 @@
const limit = parseInt(req.query.limit) || 5;
const skip = page * limit;
-
+ const userId = req.query.userId;
+ const hasModeratorStatus = await verifyModeratorStatus(userId);
+ if (!hasModeratorStatus) {
+ console.log('Access denied: User is not a moderator');
+ return res.status(403).json({
+ error: 'Access denied. Only moderators can access review posts.',
+ });
+ }
try {
const posts = await prisma.to_be_reviewed.findMany({
@@ -73,5 +80,12 @@
const deleteReviewPost = async (req, res) => {
const { id } = req.params;
-
+ const userId = req.query.userId;
+ const hasModeratorStatus = await verifyModeratorStatus(userId);
+ if (!hasModeratorStatus) {
+ console.log('Access denied: User is not a moderator');
+ return res.status(403).json({
+ error: 'Access denied. Only moderators can access review posts.',
+ });
+ }
try {
// Delete using Prisma
@@ -95,6 +109,15 @@
console.log('Approving review post', req.params.id);
const { id } = req.params;
+ const userId = req.query.userId;
- // 1. Get the post to be approved
+ const hasModeratorStatus = await verifyModeratorStatus(userId);
+
+ if (!hasModeratorStatus) {
+ console.log('Access denied: User is not a moderator');
+ return res.status(403).json({
+ error: 'Access denied. Only moderators can access review posts.',
+ });
+ }
+
const postToApprove = await prisma.to_be_reviewed.findUnique({
where: { id },
@@ -105,5 +128,4 @@
}
- // 2. Create a new forum post with the same data
const newForumPost = await prisma.forum_posts.create({
data: {
@@ -115,10 +137,8 @@
});
- // 3. Delete the post from to_be_reviewed
await prisma.to_be_reviewed.delete({
where: { id },
});
- // 4. Send success response with the created post
res.status(200).json({
message: 'Post approved and published successfully',
Index: backend/controllers/taskController.js
===================================================================
--- backend/controllers/taskController.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/controllers/taskController.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -4,4 +4,5 @@
const getTaskByDate = async (req, res) => {
const { date } = req.params;
+ console.log(date);
try {
@@ -244,4 +245,5 @@
},
});
+ console.log(task.difficulty);
if (isOutputCorrect(userOutput, testCase.output, task.output_type)) {
const timeBonus = getTimeBonus();
Index: backend/node_modules/.package-lock.json
===================================================================
--- backend/node_modules/.package-lock.json (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/node_modules/.package-lock.json (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -230,4 +230,10 @@
"node": ">=8"
}
+ },
+ "node_modules/buffer-equal-constant-time": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+ "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
+ "license": "BSD-3-Clause"
},
"node_modules/bytes": {
@@ -742,4 +748,13 @@
"engines": {
"node": ">= 0.4"
+ }
+ },
+ "node_modules/ecdsa-sig-formatter": {
+ "version": "1.0.11",
+ "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+ "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+ "license": "Apache-2.0",
+ "dependencies": {
+ "safe-buffer": "^5.0.1"
}
},
@@ -992,19 +1007,4 @@
}
},
- "node_modules/fsevents": {
- "version": "2.3.3",
- "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
- "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
- "dev": true,
- "hasInstallScript": true,
- "license": "MIT",
- "optional": true,
- "os": [
- "darwin"
- ],
- "engines": {
- "node": "^8.16.0 || ^10.6.0 || >=11.0.0"
- }
- },
"node_modules/function-bind": {
"version": "1.1.2",
@@ -1243,4 +1243,47 @@
"license": "MIT"
},
+ "node_modules/jsonwebtoken": {
+ "version": "9.0.2",
+ "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
+ "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
+ "license": "MIT",
+ "dependencies": {
+ "jws": "^3.2.2",
+ "lodash.includes": "^4.3.0",
+ "lodash.isboolean": "^3.0.3",
+ "lodash.isinteger": "^4.0.4",
+ "lodash.isnumber": "^3.0.3",
+ "lodash.isplainobject": "^4.0.6",
+ "lodash.isstring": "^4.0.1",
+ "lodash.once": "^4.0.0",
+ "ms": "^2.1.1",
+ "semver": "^7.5.4"
+ },
+ "engines": {
+ "node": ">=12",
+ "npm": ">=6"
+ }
+ },
+ "node_modules/jwa": {
+ "version": "1.4.2",
+ "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz",
+ "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==",
+ "license": "MIT",
+ "dependencies": {
+ "buffer-equal-constant-time": "^1.0.1",
+ "ecdsa-sig-formatter": "1.0.11",
+ "safe-buffer": "^5.0.1"
+ }
+ },
+ "node_modules/jws": {
+ "version": "3.2.2",
+ "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
+ "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+ "license": "MIT",
+ "dependencies": {
+ "jwa": "^1.4.1",
+ "safe-buffer": "^5.0.1"
+ }
+ },
"node_modules/leo-profanity": {
"version": "1.7.0",
@@ -1257,4 +1300,46 @@
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.includes": {
+ "version": "4.3.0",
+ "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
+ "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isboolean": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+ "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isinteger": {
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
+ "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isnumber": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
+ "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isplainobject": {
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+ "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isstring": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
+ "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.once": {
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
+ "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
"license": "MIT"
},
@@ -1748,5 +1833,4 @@
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
"integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
- "dev": true,
"license": "ISC",
"bin": {
Index: backend/package-lock.json
===================================================================
--- backend/package-lock.json (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/package-lock.json (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -17,4 +17,5 @@
"dotenv": "^16.5.0",
"express": "^5.1.0",
+ "jsonwebtoken": "^9.0.2",
"leo-profanity": "^1.7.0",
"openai": "^5.1.1"
@@ -250,4 +251,10 @@
"node": ">=8"
}
+ },
+ "node_modules/buffer-equal-constant-time": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
+ "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==",
+ "license": "BSD-3-Clause"
},
"node_modules/bytes": {
@@ -762,4 +769,13 @@
"engines": {
"node": ">= 0.4"
+ }
+ },
+ "node_modules/ecdsa-sig-formatter": {
+ "version": "1.0.11",
+ "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
+ "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
+ "license": "Apache-2.0",
+ "dependencies": {
+ "safe-buffer": "^5.0.1"
}
},
@@ -1263,4 +1279,47 @@
"license": "MIT"
},
+ "node_modules/jsonwebtoken": {
+ "version": "9.0.2",
+ "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.2.tgz",
+ "integrity": "sha512-PRp66vJ865SSqOlgqS8hujT5U4AOgMfhrwYIuIhfKaoSCZcirrmASQr8CX7cUg+RMih+hgznrjp99o+W4pJLHQ==",
+ "license": "MIT",
+ "dependencies": {
+ "jws": "^3.2.2",
+ "lodash.includes": "^4.3.0",
+ "lodash.isboolean": "^3.0.3",
+ "lodash.isinteger": "^4.0.4",
+ "lodash.isnumber": "^3.0.3",
+ "lodash.isplainobject": "^4.0.6",
+ "lodash.isstring": "^4.0.1",
+ "lodash.once": "^4.0.0",
+ "ms": "^2.1.1",
+ "semver": "^7.5.4"
+ },
+ "engines": {
+ "node": ">=12",
+ "npm": ">=6"
+ }
+ },
+ "node_modules/jwa": {
+ "version": "1.4.2",
+ "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.4.2.tgz",
+ "integrity": "sha512-eeH5JO+21J78qMvTIDdBXidBd6nG2kZjg5Ohz/1fpa28Z4CcsWUzJ1ZZyFq/3z3N17aZy+ZuBoHljASbL1WfOw==",
+ "license": "MIT",
+ "dependencies": {
+ "buffer-equal-constant-time": "^1.0.1",
+ "ecdsa-sig-formatter": "1.0.11",
+ "safe-buffer": "^5.0.1"
+ }
+ },
+ "node_modules/jws": {
+ "version": "3.2.2",
+ "resolved": "https://registry.npmjs.org/jws/-/jws-3.2.2.tgz",
+ "integrity": "sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==",
+ "license": "MIT",
+ "dependencies": {
+ "jwa": "^1.4.1",
+ "safe-buffer": "^5.0.1"
+ }
+ },
"node_modules/leo-profanity": {
"version": "1.7.0",
@@ -1277,4 +1336,46 @@
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.includes": {
+ "version": "4.3.0",
+ "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
+ "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isboolean": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
+ "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isinteger": {
+ "version": "4.0.4",
+ "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
+ "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isnumber": {
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
+ "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isplainobject": {
+ "version": "4.0.6",
+ "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
+ "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.isstring": {
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
+ "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==",
+ "license": "MIT"
+ },
+ "node_modules/lodash.once": {
+ "version": "4.1.1",
+ "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
+ "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==",
"license": "MIT"
},
@@ -1768,5 +1869,4 @@
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.1.tgz",
"integrity": "sha512-hlq8tAfn0m/61p4BVRcPzIGr6LKiMwo4VM6dGi6pt4qcRkmNzTcWq6eCEjEh+qXjkMDvPlOFFSGwQjoEa6gyMA==",
- "dev": true,
"license": "ISC",
"bin": {
Index: backend/package.json
===================================================================
--- backend/package.json (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/package.json (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -20,4 +20,5 @@
"dotenv": "^16.5.0",
"express": "^5.1.0",
+ "jsonwebtoken": "^9.0.2",
"leo-profanity": "^1.7.0",
"openai": "^5.1.1"
Index: backend/routers/forumRouter.js
===================================================================
--- backend/routers/forumRouter.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/routers/forumRouter.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -3,12 +3,9 @@
const forumController = require('../controllers/forumController');
-// Forum Post Routes
router.post('/posts', forumController.createForumPost);
router.get('/posts', forumController.getForumPosts);
-router.put('/posts/:id', forumController.updateForumPost);
+
router.delete('/posts/:id', forumController.deleteForumPost);
-// Comment Routes
-router.put('/comments/:commentId', forumController.updateComment);
router.delete('/comments/:commentId', forumController.deleteComment);
router.post('/comments', forumController.createComment);
Index: backend/routers/reviewRouter.js
===================================================================
--- backend/routers/reviewRouter.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/routers/reviewRouter.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -3,8 +3,7 @@
const reviewController = require('../controllers/reviewController');
-// Review Routes
-
router.post('/posts/:id', reviewController.approveReviewPost);
router.get('/posts', reviewController.getReviewPosts);
+
router.delete('/posts/:id', reviewController.deleteReviewPost);
Index: backend/scripts/toggleModeratorStatus.js
===================================================================
--- backend/scripts/toggleModeratorStatus.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/scripts/toggleModeratorStatus.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -2,17 +2,18 @@
const path = require('path');
-// Load .env from parent directory (backend/)
require('dotenv').config({ path: path.join(__dirname, '..', '.env') });
-// This script toggles the moderator status of a user in the Supabase database.
-// node scripts/toggleModeratorStatus.js USER_ID_HERE
-
-// Debug: Check if env vars are loaded
-console.log('SUPABASE_URL:', process.env.SUPABASE_URL ? 'Loaded' : 'Not loaded');
-console.log('SERVICE_ROLE_KEY:', process.env.SUPABASE_SERVICE_ROLE_KEY ? 'Loaded' : 'Not loaded');
+console.log(
+ 'SUPABASE_URL:',
+ process.env.SUPABASE_URL ? 'Loaded' : 'Not loaded'
+);
+console.log(
+ 'SERVICE_ROLE_KEY:',
+ process.env.SUPABASE_SERVICE_ROLE_KEY ? 'Loaded' : 'Not loaded'
+);
const supabase = createClient(
process.env.SUPABASE_URL,
- process.env.SUPABASE_SERVICE_ROLE_KEY
+ process.env.SUPABASE_SERVICE_ROLE_KEY
);
@@ -24,5 +25,5 @@
.eq('id', userId)
.single();
-
+
if (fetchError) throw fetchError;
if (!user) {
@@ -30,5 +31,5 @@
return;
}
-
+
const { data: updatedUser, error: updateError } = await supabase
.from('users')
@@ -37,8 +38,10 @@
.select('username')
.single();
-
+
if (updateError) throw updateError;
-
- console.log(`User ${user.username} moderator status changed to: ${!user.isModerator}`);
+
+ console.log(
+ `User ${user.username} moderator status changed to: ${!user.isModerator}`
+ );
} catch (error) {
console.error('Error:', error);
Index: backend/server.js
===================================================================
--- backend/server.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/server.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -8,4 +8,5 @@
const reviewRouter = require('./routers/reviewRouter');
const taskRouter = require('./routers/taskRouter');
+const authenticateToken = require('./auth/auth');
app.use(express.json());
@@ -18,7 +19,7 @@
app.use('/api', apiRouter);
-app.use('/forum', forumRouter);
-app.use('/review', reviewRouter);
-app.use('/task', taskRouter);
+app.use('/forum', authenticateToken, forumRouter);
+app.use('/review', authenticateToken, reviewRouter);
+app.use('/task', authenticateToken, taskRouter);
app.get('/', indexRouter);
app.use((req, res, next) => {
Index: backend/services/checkModeratorStatus.js
===================================================================
--- backend/services/checkModeratorStatus.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
+++ backend/services/checkModeratorStatus.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -0,0 +1,12 @@
+const prisma = require('../lib/prisma');
+
+async function verifyModeratorStatus(userId) {
+ const user = await prisma.users.findUnique({
+ where: { id: userId },
+ select: { isModerator: true },
+ });
+
+ return user?.isModerator === true;
+}
+
+module.exports = verifyModeratorStatus;
Index: backend/supabaseClient.js
===================================================================
--- backend/supabaseClient.js (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ backend/supabaseClient.js (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -6,8 +6,12 @@
if (!supabaseUrl || !supabaseKey) {
- throw new Error('Missing SUPABASE_URL or SUPABASE_SERVICE_ROLE_KEY in environment variables');
+ throw new Error(
+ 'Missing SUPABASE_URL or SUPABASE_SERVICE_ROLE_KEY in environment variables'
+ );
}
const supabase = createClient(supabaseUrl, supabaseKey);
-module.exports = supabase;
+module.exports = {
+ supabase,
+};
Index: client/src/CreatePost/CreatePost.jsx
===================================================================
--- client/src/CreatePost/CreatePost.jsx (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ client/src/CreatePost/CreatePost.jsx (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -23,4 +23,5 @@
return;
}
+ const token = localStorage.getItem('jwt');
try {
@@ -29,4 +30,5 @@
headers: {
'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
},
body: JSON.stringify({
Index: client/src/Dashboard/components/Forum.jsx
===================================================================
--- client/src/Dashboard/components/Forum.jsx (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ client/src/Dashboard/components/Forum.jsx (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -17,7 +17,14 @@
const fetchPosts = async () => {
+ const token = localStorage.getItem('jwt');
+ console.log(token);
try {
const response = await fetch(
- `/forum/posts?page=${page}&limit=${postsPerPage}`
+ `/forum/posts?page=${page}&limit=${postsPerPage}`,
+ {
+ headers: {
+ Authorization: `Bearer ${token}`,
+ },
+ }
);
if (!response.ok) {
@@ -27,5 +34,4 @@
if (page === 0) {
setPosts(data);
- console.log('Fetched posts:', data);
} else {
setPosts((prevPosts) => [...prevPosts, ...data]);
@@ -40,4 +46,5 @@
const handleDeletePost = async (postId) => {
+ const token = localStorage.getItem('jwt');
try {
const response = await fetch(`/forum/posts/${postId}`, {
@@ -45,4 +52,5 @@
headers: {
'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
},
});
Index: client/src/Dashboard/components/ForumPostDetail.jsx
===================================================================
--- client/src/Dashboard/components/ForumPostDetail.jsx (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ client/src/Dashboard/components/ForumPostDetail.jsx (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -1,6 +1,6 @@
-import React, { useEffect, useState } from "react";
-import trashIcon from "../../assets/images/delete.svg";
-import Navbar from "./Navbar";
-import { useParams, useNavigate, useLocation } from "react-router-dom";
+import React, { useEffect, useState } from 'react';
+import trashIcon from '../../assets/images/delete.svg';
+import Navbar from './Navbar';
+import { useParams, useNavigate, useLocation } from 'react-router-dom';
const ForumPostDetail = () => {
@@ -8,12 +8,13 @@
const [loading, setLoading] = useState(true);
const [error, setError] = useState(null);
- const [commentText, setCommentText] = useState("");
+ const [commentText, setCommentText] = useState('');
const location = useLocation();
const statePost = useState(location.state?.post || {});
const post = statePost[0];
const [posting, setPosting] = useState(false);
- const user = JSON.parse(localStorage.getItem("user"));
+ const user = JSON.parse(localStorage.getItem('user'));
const navigate = useNavigate();
const { postId } = useParams();
+ const token = localStorage.getItem('jwt');
useEffect(() => {
@@ -21,7 +22,12 @@
setLoading(true);
setError(null);
- fetch(`/forum/comments?post_id=${postId}`)
+ fetch(`/forum/comments?post_id=${postId}`, {
+ headers: {
+ 'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
+ },
+ })
.then((res) => {
- if (!res.ok) throw new Error("Failed to fetch comments");
+ if (!res.ok) throw new Error('Failed to fetch comments');
return res.json();
})
@@ -38,7 +44,8 @@
try {
const response = await fetch(`/forum/comments/${commentId}`, {
- method: "DELETE",
+ method: 'DELETE',
headers: {
- "Content-Type": "application/json",
+ 'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
},
});
@@ -50,7 +57,7 @@
prevComments.filter((comment) => comment.id !== commentId)
);
- console.log("Post deleted successfully");
+ console.log('Post deleted successfully');
} catch (error) {
- console.error("Error deleting post:", error);
+ console.error('Error deleting post:', error);
}
};
@@ -60,10 +67,13 @@
setPosting(true);
setError(null);
- const user = JSON.parse(localStorage.getItem("user"));
+ const user = JSON.parse(localStorage.getItem('user'));
try {
- const response = await fetch("/forum/comments", {
- method: "POST",
- headers: { "Content-Type": "application/json" },
+ const response = await fetch('/forum/comments', {
+ method: 'POST',
+ headers: {
+ 'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
+ },
body: JSON.stringify({
post_id: postId,
@@ -75,9 +85,11 @@
if (!response.ok) {
const errData = await response.json();
- throw new Error(errData.error || "Failed to post comment");
+ throw new Error(errData.error || 'Failed to post comment');
}
- setCommentText("");
+ setCommentText('');
// Refresh comments
- fetch(`/forum/comments?post_id=${post.id}`)
+ fetch(`/forum/comments?post_id=${post.id}`, {
+ headers: { Authorization: `Bearer ${token}` },
+ })
.then((res) => res.json())
.then((data) => setComments(data));
@@ -101,5 +113,5 @@
@@ -170,9 +182,9 @@
if (
window.confirm(
- "Are you sure you want to delete this comment?"
+ 'Are you sure you want to delete this comment?'
)
) {
// Call your delete comment function here
- console.log("Delete comment:", comment.id);
+ console.log('Delete comment:', comment.id);
}
handleDeleteComment(comment.id);
@@ -192,5 +204,5 @@
{comment.dateCreated
? new Date(comment.dateCreated).toLocaleString()
- : ""}
+ : ''}
Index: client/src/Dashboard/components/ManagePosts.jsx
===================================================================
--- client/src/Dashboard/components/ManagePosts.jsx (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ client/src/Dashboard/components/ManagePosts.jsx (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -1,7 +1,7 @@
-import React, { useState, useEffect } from "react";
-import { useNavigate } from "react-router-dom";
-import doneAll from "../../assets/images/done-all.svg";
-import trashIcon from "../../assets/images/delete.svg"; // Add this import
-import Navbar from "./Navbar";
+import React, { useState, useEffect } from 'react';
+import { useNavigate } from 'react-router-dom';
+import doneAll from '../../assets/images/done-all.svg';
+import trashIcon from '../../assets/images/delete.svg'; // Add this import
+import Navbar from './Navbar';
const ManagePosts = () => {
@@ -11,6 +11,6 @@
const [hasMore, setHasMore] = useState(true);
const postsPerPage = 5;
- const user = JSON.parse(localStorage.getItem("user"));
-
+ const user = JSON.parse(localStorage.getItem('user'));
+ const token = localStorage.getItem('jwt');
useEffect(() => {
fetchPosts();
@@ -20,7 +20,12 @@
try {
const response = await fetch(
- `/review/posts?page=${page}&limit=${postsPerPage}`
+ `/review/posts?page=${page}&limit=${postsPerPage}&userId=${user.id}`,
+ {
+ headers: {
+ Authorization: `Bearer ${token}`,
+ },
+ }
);
- console.log("Response status:", response.status);
+ console.log('Response status:', response.status);
if (!response.ok) {
@@ -29,5 +34,5 @@
const data = await response.json();
- console.log("Fetched posts data:", data);
+ console.log('Fetched posts data:', data);
if (page === 0) {
@@ -41,22 +46,26 @@
}
} catch (error) {
- console.error("Error fetching forum posts:", error);
+ console.error('Error fetching forum posts:', error);
}
};
const handleDeletePost = async (postId) => {
try {
- const response = await fetch(`/review/posts/${postId}`, {
- method: "DELETE",
- headers: {
- "Content-Type": "application/json",
- },
- });
+ const response = await fetch(
+ `/review/posts/${postId}?userId=${user.id}`,
+ {
+ method: 'DELETE',
+ headers: {
+ 'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
+ },
+ }
+ );
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
setPosts((prevPosts) => prevPosts.filter((post) => post.id !== postId));
- console.log("Post deleted successfully");
+ console.log('Post deleted successfully');
} catch (error) {
- console.error("Error deleting post:", error);
+ console.error('Error deleting post:', error);
}
};
@@ -64,16 +73,20 @@
const handleApprovePost = async (post) => {
try {
- const response = await fetch(`/review/posts/${post.id}`, {
- method: "POST",
- headers: {
- "Content-Type": "application/json",
- },
- body: JSON.stringify({
- authorId: user.id,
- authorName: user.name,
- title: post.title,
- content: post.content,
- }),
- });
+ const response = await fetch(
+ `/review/posts/${post.id}?userId=${user.id}`,
+ {
+ method: 'POST',
+ headers: {
+ 'Content-Type': 'application/json',
+ Authorization: `Bearer ${token}`,
+ },
+ body: JSON.stringify({
+ authorId: user.id,
+ authorName: user.name,
+ title: post.title,
+ content: post.content,
+ }),
+ }
+ );
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
@@ -82,7 +95,7 @@
prevPosts.filter((postce) => postce.id !== post.id)
);
- console.log("Post approved successfully");
+ console.log('Post approved successfully');
} catch (error) {
- console.error("Error approving post:", error);
+ console.error('Error approving post:', error);
}
};
@@ -114,5 +127,5 @@
if (
window.confirm(
- "Are you sure you want to approve this post?"
+ 'Are you sure you want to approve this post?'
)
) {
@@ -129,5 +142,5 @@
if (
window.confirm(
- "Are you sure you want to delete this post?"
+ 'Are you sure you want to delete this post?'
)
) {
@@ -143,5 +156,5 @@
className="text-3xl font-semibold mb-2 cursor-pointer hover:underline"
onClick={() => {
- console.log("Post clicked:", post);
+ console.log('Post clicked:', post);
navigate(`/dashboard/forum-detail/${post.id}`, {
state: { post },
@@ -154,10 +167,10 @@
- By {post.authorName},{" "}
- {post.dateCreated.split("T")[0]}
+ By {post.authorName},{' '}
+ {post.dateCreated.split('T')[0]}
{post.content && post.content.length > 300
- ? post.content.slice(0, 300) + "..."
+ ? post.content.slice(0, 300) + '...'
: post.content}
Index: client/src/Dashboard/components/Profile.jsx
===================================================================
--- client/src/Dashboard/components/Profile.jsx (revision 0750a8f61836e0ea352dfe8011e87ae53cbe7b64)
+++ client/src/Dashboard/components/Profile.jsx (revision dab69c90a750e1b1618b6417de9e2d0d0eeb583d)
@@ -6,15 +6,32 @@
import { useAuth } from '../../contexts/AuthContext.jsx';
import { useNavigate } from 'react-router-dom';
+import { useEffect } from 'react';
const Profile = () => {
const { logout } = useAuth();
const navigate = useNavigate();
+ const user = JSON.parse(localStorage.getItem('user'));
+ useEffect(() => {
+ if (!user) {
+ navigate('/');
+ }
+ }, [user, navigate]);
+
const handleSignOut = async () => {
await logout();
navigate('/');
};
- const user = JSON.parse(localStorage.getItem('user'));
- console.log('User data:', user);
+
if (!user) {
- console.error('No user data found in localStorage.');
+ return (
+
+
+
+
Redirecting to login...
+
+