From 7c4e8d7db8bdb5de7443cc01745e8b22f6b83fa3 Mon Sep 17 00:00:00 2001
From: ajdj100 <ajairplane@gmail.com>
Date: Sat, 13 Dec 2025 14:25:39 -0500
Subject: [PATCH] Implemented login requirement for most of the API

---
 api/src/middleware/auth.ts     | 14 ++++++++++++++
 api/src/routes/applications.ts | 19 ++++++++++---------
 api/src/routes/auth.js         |  3 ++-
 api/src/routes/calendar.ts     | 11 ++++++-----
 api/src/routes/course.ts       |  4 ++++
 api/src/routes/loa.ts          |  3 +++
 api/src/routes/members.js      |  7 ++-----
 api/src/routes/ranks.js        |  9 +++++++--
 api/src/routes/roles.js        |  4 ++++
 api/src/routes/statuses.js     |  4 ++++
 10 files changed, 56 insertions(+), 22 deletions(-)
 create mode 100644 api/src/middleware/auth.ts

diff --git a/api/src/middleware/auth.ts b/api/src/middleware/auth.ts
new file mode 100644
index 0000000..371acb7
--- /dev/null
+++ b/api/src/middleware/auth.ts
@@ -0,0 +1,14 @@
+import { NextFunction, Request, Response } from "express";
+
+export const requireLogin = function (req: Request, res: Response, next: NextFunction) {
+    if (req.user?.id)
+        next();
+    else
+        res.sendStatus(401)
+}
+
+function requireRole(roleName: string) {
+    return function (req: Request, res: Response, next: NextFunction) {
+
+    }
+}
\ No newline at end of file
diff --git a/api/src/routes/applications.ts b/api/src/routes/applications.ts
index e1c9394..585f199 100644
--- a/api/src/routes/applications.ts
+++ b/api/src/routes/applications.ts
@@ -9,6 +9,7 @@ import { ApplicationFull, CommentRow } from "@app/shared/types/application"
 import { assignUserToStatus } from '../services/statusService';
 import { Request, response, Response } from 'express';
 import { getUserRoles } from '../services/rolesService';
+import { requireLogin } from '../middleware/auth';
 
 //get CoC
 router.get('/coc', async (req: Request, res: Response) => {
@@ -29,7 +30,7 @@ router.get('/coc', async (req: Request, res: Response) => {
 
 
 // POST /application
-router.post('/', async (req, res) => {
+router.post('/', [requireLogin], async (req, res) => {
   try {
     const App = req.body?.App || {};
     const memberID = req.user.id;
@@ -47,7 +48,7 @@ router.post('/', async (req, res) => {
 });
 
 // GET /application/all
-router.get('/all', async (req, res) => {
+router.get('/all', [requireLogin], async (req, res) => {
   try {
     const rows = await getApplicationList();
     res.status(200).json(rows);
@@ -71,7 +72,7 @@ router.get('/meList', async (req, res) => {
   }
 })
 
-router.get('/me', async (req, res) => {
+router.get('/me', [requireLogin], async (req, res) => {
 
   let userID = req.user.id;
 
@@ -96,7 +97,7 @@ router.get('/me', async (req, res) => {
 })
 
 // GET /application/:id
-router.get('/me/:id', async (req: Request, res: Response) => {
+router.get('/me/:id', [requireLogin], async (req: Request, res: Response) => {
   let appID = Number(req.params.id);
   let member = req.user.id;
   try {
@@ -123,7 +124,7 @@ router.get('/me/:id', async (req: Request, res: Response) => {
 });
 
 // GET /application/:id
-router.get('/:id', async (req: Request, res: Response) => {
+router.get('/:id', [requireLogin], async (req: Request, res: Response) => {
   let appID = Number(req.params.id);
   let asAdmin = !!req.query.admin || false;
   let user = req.user.id;
@@ -159,7 +160,7 @@ router.get('/:id', async (req: Request, res: Response) => {
 });
 
 // POST /application/approve/:id
-router.post('/approve/:id', async (req: Request, res: Response) => {
+router.post('/approve/:id', [requireLogin], async (req: Request, res: Response) => {
   const appID = Number(req.params.id);
   const approved_by = req.user.id;
 
@@ -188,7 +189,7 @@ router.post('/approve/:id', async (req: Request, res: Response) => {
 });
 
 // POST /application/deny/:id
-router.post('/deny/:id', async (req, res) => {
+router.post('/deny/:id', [requireLogin], async (req, res) => {
   const appID = req.params.id;
 
   try {
@@ -203,7 +204,7 @@ router.post('/deny/:id', async (req, res) => {
 });
 
 // POST /application/:id/comment
-router.post('/:id/comment', async (req: Request, res: Response) => {
+router.post('/:id/comment', [requireLogin], async (req: Request, res: Response) => {
   const appID = req.params.id;
   const data = req.body.message;
   const user = req.user;
@@ -246,7 +247,7 @@ VALUES(?, ?, ?);`
 });
 
 // POST /application/:id/comment
-router.post('/:id/adminComment', async (req: Request, res: Response) => {
+router.post('/:id/adminComment', [requireLogin], async (req: Request, res: Response) => {
   const appID = req.params.id;
   const data = req.body.message;
   const user = req.user;
diff --git a/api/src/routes/auth.js b/api/src/routes/auth.js
index c736f33..8b0c379 100644
--- a/api/src/routes/auth.js
+++ b/api/src/routes/auth.js
@@ -7,6 +7,7 @@ const express = require('express');
 const { param } = require('./applications');
 const router = express.Router();
 import pool from '../db';
+import { requireLogin } from '../middleware/auth';
 const querystring = require('querystring');
 
 
@@ -90,7 +91,7 @@ router.get('/callback', (req, res, next) => {
     })(req, res, next);
 });
 
-router.get('/logout', function (req, res, next) {
+router.get('/logout', [requireLogin], function (req, res, next) {
     req.logout(function (err) {
         if (err) { return next(err); }
         var params = {
diff --git a/api/src/routes/calendar.ts b/api/src/routes/calendar.ts
index ff486cb..3b9f119 100644
--- a/api/src/routes/calendar.ts
+++ b/api/src/routes/calendar.ts
@@ -1,6 +1,7 @@
 import { Request, Response } from "express";
 import { createEvent, getEventAttendance, getEventDetails, getShortEventsInRange, setAttendanceStatus, setEventCancelled, updateEvent } from "../services/calendarService";
 import { CalendarAttendance, CalendarEvent } from "@app/shared/types/calendar";
+import { requireLogin } from "../middleware/auth";
 
 const express = require('express');
 const r = express.Router();
@@ -35,7 +36,7 @@ r.get('/upcoming', async (req, res) => {
     res.sendStatus(501);
 })
 
-r.post('/:id/cancel', async (req: Request, res: Response) => {
+r.post('/:id/cancel', [requireLogin], async (req: Request, res: Response) => {
     try {
         const eventID = Number(req.params.id);
         setEventCancelled(eventID, true);
@@ -45,7 +46,7 @@ r.post('/:id/cancel', async (req: Request, res: Response) => {
         res.status(500).send('Error setting cancel status');
     }
 })
-r.post('/:id/uncancel', async (req: Request, res: Response) => {
+r.post('/:id/uncancel', [requireLogin], async (req: Request, res: Response) => {
     try {
         const eventID = Number(req.params.id);
         setEventCancelled(eventID, false);
@@ -57,7 +58,7 @@ r.post('/:id/uncancel', async (req: Request, res: Response) => {
 })
 
 
-r.post('/:id/attendance', async (req: Request, res: Response) => {
+r.post('/:id/attendance', [requireLogin], async (req: Request, res: Response) => {
     try {
         let member = req.user.id;
         let event = Number(req.params.id);
@@ -85,7 +86,7 @@ r.get('/:id', async (req: Request, res: Response) => {
 
 
 //post a new calendar event 
-r.post('/', async (req: Request, res: Response) => {
+r.post('/', [requireLogin], async (req: Request, res: Response) => {
     try {
         const member = req.user.id;
         let event: CalendarEvent = req.body;
@@ -100,7 +101,7 @@ r.post('/', async (req: Request, res: Response) => {
     }
 })
 
-r.put('/', async (req: Request, res: Response) => {
+r.put('/', [requireLogin], async (req: Request, res: Response) => {
     try {
         let event: CalendarEvent = req.body;
         event.start = new Date(event.start);
diff --git a/api/src/routes/course.ts b/api/src/routes/course.ts
index 046b9bb..e1a9103 100644
--- a/api/src/routes/course.ts
+++ b/api/src/routes/course.ts
@@ -1,10 +1,14 @@
 import { CourseAttendee, CourseEventDetails } from "@app/shared/types/course";
 import { getAllCourses, getCourseEventAttendees, getCourseEventDetails, getCourseEventRoles, getCourseEvents, insertCourseEvent } from "../services/CourseSerivce";
 import { Request, Response, Router } from "express";
+import { requireLogin } from "../middleware/auth";
 
 const courseRouter = Router();
 const eventRouter = Router();
 
+courseRouter.use(requireLogin)
+eventRouter.use(requireLogin)
+
 courseRouter.get('/', async (req, res) => {
     try {
         const courses = await getAllCourses();
diff --git a/api/src/routes/loa.ts b/api/src/routes/loa.ts
index cbcc30b..d86bf47 100644
--- a/api/src/routes/loa.ts
+++ b/api/src/routes/loa.ts
@@ -5,6 +5,9 @@ import { Request, Response } from 'express';
 import pool from '../db';
 import { closeLOA, createNewLOA, getAllLOA, getLOAbyID, getLoaTypes, getUserLOA, setLOAExtension } from '../services/loaService';
 import { LOARequest } from '@app/shared/types/loa';
+import { requireLogin } from '../middleware/auth';
+
+router.use(requireLogin);
 
 //member posts LOA
 router.post("/", async (req: Request, res: Response) => {
diff --git a/api/src/routes/members.js b/api/src/routes/members.js
index 08c169e..cb16001 100644
--- a/api/src/routes/members.js
+++ b/api/src/routes/members.js
@@ -2,15 +2,12 @@ const express = require('express');
 const router = express.Router();
 
 import pool from '../db';
+import { requireLogin } from '../middleware/auth';
 import { getUserActiveLOA } from '../services/loaService';
 import { getUserData } from '../services/memberService';
 import { getUserRoles } from '../services/rolesService';
 
-router.use((req, res, next) => {
-    console.log(req.user);
-    console.log('Time:', Date.now())
-    next()
-})
+router.use(requireLogin);
 
 //get all users
 router.get('/', async (req, res) => {
diff --git a/api/src/routes/ranks.js b/api/src/routes/ranks.js
index cb8c4b1..75e48b7 100644
--- a/api/src/routes/ranks.js
+++ b/api/src/routes/ranks.js
@@ -1,10 +1,15 @@
 const express = require('express');
 const r = express.Router();
 const ur = express.Router();
-const { getAllRanks, insertMemberRank } = require('../services/rankService')
+const { getAllRanks, insertMemberRank } = require('../services/rankService');
+const { requireLogin } = require('../middleware/auth');
+
+r.use(requireLogin)
+ur.use(requireLogin)
 
 //insert a new latest rank for a user
-ur.post('/', async (req, res) => {3
+ur.post('/', async (req, res) => {
+    3
     try {
         const change = req.body?.change;
         await insertMemberRank(change.member_id, change.rank_id, change.date);
diff --git a/api/src/routes/roles.js b/api/src/routes/roles.js
index 2a435f0..332d140 100644
--- a/api/src/routes/roles.js
+++ b/api/src/routes/roles.js
@@ -3,8 +3,12 @@ const r = express.Router();
 const ur = express.Router();
 
 import pool from '../db';
+import { requireLogin } from '../middleware/auth';
 import { assignUserGroup, createGroup } from '../services/rolesService';
 
+r.use(requireLogin)
+ur.use(requireLogin)
+
 //manually assign a member to a group
 ur.post('/', async (req, res) => {
     try {
diff --git a/api/src/routes/statuses.js b/api/src/routes/statuses.js
index 8e9d48e..7d07a71 100644
--- a/api/src/routes/statuses.js
+++ b/api/src/routes/statuses.js
@@ -3,6 +3,10 @@ const status = express.Router();
 const memberStatus = express.Router();
 
 import pool from '../db';
+import { requireLogin } from '../middleware/auth';
+
+status.use(requireLogin);
+memberStatus.use(requireLogin);
 
 //insert a new latest rank for a user
 memberStatus.post('/', async (req, res) => {