adding what i could

api/models/user.js

@@ -0,0 +1,20 @@
+const mongoose = require('mongoose')
+
+const schema = new mongoose.Schema({
+  username: {
+      type: String,
+      required: [true, 'username required'],
+      unique: [true, 'username already exists']
+  },
+  password: {
+    type: String,
+    required: [true, 'Password required'],
+    minlength: [8, 'Password must be 8 or more characters']
+   },
+  admin: {
+      type: Boolean,
+      default: false
+    },
+}, { timestamps: { createdAt: 'created_at', updatedAt: 'updated_at' } })
+
+module.exports = mongoose.model('User', schema)

api/routes/auth.js

@@ -0,0 +1,50 @@
+const router = require('express').Router()
+const bcrypt = require('bcrypt')
+const jsonwebtoken = require('jsonwebtoken')
+const User = require('../models/user')
+
+router.post('/signup', async (req, res, next) => {
+    const status = 201
+try {
+    const {username, password} = req.body
+    const user = await User.findOne({username})
+        if (user) throw new Error('User name is already in use')
+
+    const saltRounds = 5
+    const hashedPassword = await bcrypt.hash(password, saltRounds)
+    const response = await User.create({
+        username,
+        password: hashedPassword
+    })
+    res.status(status).json({status, response})
+} catch (e) {
+const error = new Error(e.message)
+error.status = 400
+next(error)
+}
+})
+
+router.post('/login', async (req, res, next) => {
+    const status = 201
+    try {
+        const {username, password} = req.body
+        const user = await User.findOne({username})
+        if (user === null) {
+            throw new Error("Username - could not be found")
+        }
+        const goodLogin = await bcrypt.compare(password, user.password)
+        if (goodLogin === null) {
+            throw new Error('Username - Password combination could not be found')
+        }
+        const payload = {id: user._id}
+        const options = {expiresIn: '1 day'}
+        const token = jsonwebtoken.sign(payload, 'ASECRETPASSCODE', options)
+        res.status(status).json({status, token})
+    } catch (e) {
+        const error = new Error('Password combination could not be found')
+        error.status = 400
+        next(error)
+    }
+})
+
+module.exports = router

api/routes/books.js

@@ -1,5 +1,7 @@
 const router = require('express').Router()
+const jsonwebtoken = require('jsonwebtoken')
 const Book = require('../models/book')
+const User = require('../models/user')
 
 router.get('/', async (req, res, next) => {
   const status = 200
@@ -28,12 +30,19 @@ router.get('/:id', async (req, res, next) => {
 router.post('/', async (req, res, next) => {
   const status = 200
   try {
+    const token = req.headers.authorization.split('Bearer ')[1]
+    const payload = jsonwebtoken.verify(token, 'ASECRETPASSCODE')
+    const user = await User.findOne({ _id: payload.id })
+    if (user.admin === false) {
+      throw new Error('You must be an admin')
+    }
+    else {
     const book = await Book.create(req.body)
     if (!book) throw new Error(`Request body failed: ${JSON.stringify(req.body)}`)
 
     const response = await Book.findById(book._id).select('-__v')
     res.json({ status, response })
-  } catch (e) {
+  }} catch (e) {
     console.error(e)
     const message = 'Failure to create. Please check request body and try again.'
     const error = new Error(message)
@@ -46,7 +55,12 @@ router.post('/', async (req, res, next) => {
 router.patch('/:id/reserve', async (req, res, next) => {
   const { id } = req.params
   try {
+    if (req.headers.authorization === null) {
+      throw new Error('You must be logged in')
+    }
+    else {
     const book = await Book.findById(id)
+
     if (!book) {
       const error = new Error(`Invalid Book _id: ${id}`)
       error.message = 404
@@ -60,7 +74,7 @@ router.patch('/:id/reserve', async (req, res, next) => {
     const response = await Book.findById(book._id).select('-__v')
     const status = 200
     res.json({ status, response })
-  } catch (e) {
+  }} catch (e) {
     console.error(e)
   }
 })

app.js

@@ -17,6 +17,8 @@ app.use(require('body-parser').json())
 
 // Routes
 app.use('/api/books', require('./api/routes/books'))
+app.use('/api', require('./api/routes/auth'))
+app.use('/api', require('./api/routes/auth'))
 
 // Not Found Handler
 app.use((req, res, next) => {

db/seeds2.js

@@ -0,0 +1,24 @@
+const mongoose = require('mongoose')
+const User = require('../api/models/user')
+const config = require('../nodemon.json')
+
+const reset = async () => {
+    mongoose.connect(config.env.MONGO_DB_CONNECTION, { useNewUrlParser: true })
+  await User.deleteMany() // Deletes all records
+  return await User.create(
+  {
+    username: 'userOne',
+    password: 'passwordOne',
+    admin: false
+  },
+  {
+    username: 'adminOne',
+    password: 'passwordOne',
+    admin: true
+  })
+
+  }
+  reset().catch(console.error).then((response) => {
+    console.log(`Seeds successful! ${response.length} records created.`)
+    return mongoose.disconnect()
+  })

nodemon.sample.json

@@ -1,6 +1,6 @@
 {
   "env": {
-    "MONGO_DB_CONNECTION": "",
+    "MONGO_DB_CONNECTION": "mongodb+srv://jt-user1:KeRHniXmgkUBZx4l@cluster0-ya0qa.mongodb.net/test?retryWrites=true&w=majority",
     "NODE_ENV": "development",
     "PORT": 5000
   }