diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..343db5a --- /dev/null +++ b/nginx.conf @@ -0,0 +1,30 @@ +user nginx; +worker_processes auto; + +http { + # ...existing code... + + server { + server_name kings.com; + root /var/www/kings-frontend; # Path to your built frontend files + index index.html; + location / { + try_files $uri $uri/ /index.html; + } + # ...existing code... + } + + server { + server_name backend.kings.com; + location / { + proxy_pass http://localhost:3000; // Forward to your Node.js backend + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + # ...existing code... + } + } + + # ...existing code... +} diff --git a/server/postman_collection.json b/server/postman_collection.json index 7731854..ed78bf8 100644 --- a/server/postman_collection.json +++ b/server/postman_collection.json @@ -77,6 +77,10 @@ { "key": "Content-Type", "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer " } ], "body": { @@ -100,6 +104,10 @@ { "key": "Content-Type", "value": "application/json" + }, + { + "key": "Authorization", + "value": "Bearer " } ], "body": { @@ -119,7 +127,12 @@ "name": "Delete Team", "request": { "method": "DELETE", - "header": [], + "header": [ + { + "key": "Authorization", + "value": "Bearer " + } + ], "url": { "raw": "http://localhost:3000/api/teams/1", "protocol": "http", diff --git a/server/readme.md b/server/readme.md index b05a4b1..0c08a76 100644 --- a/server/readme.md +++ b/server/readme.md @@ -106,9 +106,10 @@ The server will listen on the port specified in your `.env` file (default is 300 ### Team Endpoints - **GET /api/teams** - Retrieve all teams. + Retrieve all teams (public). + - **POST /api/teams** - Create a new team. Requires `name` and `announcement_time` in the body. + Create a new team (admin only, requires Bearer token). _Request Body Example:_ ```json { @@ -116,10 +117,12 @@ The server will listen on the port specified in your `.env` file (default is 300 "announcement_time": "02:30:00" } ``` + - **PUT /api/teams/:id** - Update a team. + Update a team (admin only, requires Bearer token). + - **DELETE /api/teams/:id** - Delete a team. + Delete a team (admin only, requires Bearer token). ### Testing Sanitization A sample endpoint (POST /api/teams) will sanitize HTML input. For example, sending: diff --git a/server/routes/team.js b/server/routes/team.js index 15871b2..184143b 100644 --- a/server/routes/team.js +++ b/server/routes/team.js @@ -2,13 +2,26 @@ const express = require('express'); const router = express.Router(); const teamController = require('../controllers/teamController'); const { validateTeam } = require('../middlewares/validation'); +const db = require('../db'); + +async function requireAdmin(req, res, next) { + try { + const token = req.headers.authorization?.split(' ')[1]; + if (!token) return res.status(401).json({ error: 'Unauthorized' }); + const [admin] = await db.query('SELECT id FROM admins WHERE session_token = ?', [token]); + if (!admin) return res.status(401).json({ error: 'Unauthorized' }); + next(); + } catch { + res.status(401).json({ error: 'Unauthorized' }); + } +} router.get('/', teamController.getAllTeams); -router.post('/', validateTeam, teamController.createTeam); +router.post('/', requireAdmin, validateTeam, teamController.createTeam); -router.put('/:id', validateTeam, teamController.updateTeam); +router.put('/:id', requireAdmin, validateTeam, teamController.updateTeam); -router.delete('/:id', teamController.deleteTeam); +router.delete('/:id', requireAdmin, teamController.deleteTeam); module.exports = router;