Merge branch '13-enforce-user-authorization' into 'main'

Resolve "Enforce user authorization" Closes #13 See merge request !7

Merge branch '13-enforce-user-authorization' into 'main'
e09fd2d8 · Jesus Galaz Reyes · db2c99de · dbf57183 · e09fd2d8 · e09fd2d8
Commit e09fd2d8 authored 5 months ago by Jesus Galaz Reyes
--- a/public/index.html
+++ b/public/index.html
@@ -6,6 +6,7 @@
    <title>ToDo</title>
    <link rel="stylesheet" href="./css/index.css" />
    <script src="./js/index.js" defer></script>
+    <script src="./js/authorization.js" defer></script>
  </head>
  <body>
    <div class="container">

--- a/public/js/app.js
+++ b/public/js/app.js
-// Obtener referencia a los elementos del DOM
+// Get reference to DOM elements
 const taskList = document.querySelector('.task-list ul');
 const newTaskForm = document.querySelector('form');


--- a/public/js/authorization.js
+++ b/public/js/authorization.js
+document.addEventListener('DOMContentLoaded', async () => {
+    // Event for checking if the user is logged in
+    try {
+      const res = await fetch('/api/users/loggedin', { method: 'POST' });
+      if (!res.ok) {
+        window.location.href = 'login.html';  
+      }
+    } catch (err) {
+      console.error('Error while checking if a user is logged in:', err);
+    }
+});
\ No newline at end of file
--- a/routes/users.js
+++ b/routes/users.js
@@ -58,6 +58,17 @@ router.post('/login', async (req, res) => {
  }
 });

+// Checking if the user is logged in
+router.post('/loggedin', (req, res) => {
+  try {
+    if (!req.session.user) {
+      res.status(403).json({ error: 'Unauthorized' });
+    }
+  } catch (error) {
+    console.error('Authorization check failed:', error);
+    res.status(500).json({ error: 'Server error' });
+  }
+});

 // Closing user session
 router.post('/logout', (req, res) => {