我的数据库具有以下设置
CREATE TABLE IF NOT EXISTS
users(
id UUID PRIMARY KEY,
firstname VARCHAR(128) NOT NULL,
lastname VARCHAR(128) NOT NULL,
othername VARCHAR(128) NOT NULL,
email VARCHAR(128) UNIQUE NOT NULL,
phoneNumber VARCHAR(128) NOT NULL,
passportUrl VARCHAR(128) NOT NULL,
isAdmin BOOLEAN NOT NULL,
password VARCHAR(128) NOT NULL
)`;
我的用户控制器的一部分
const createQuery = `INSERT INTO
users(id, firstname, lastname, othername, email, phoneNumber, passportUrl, isAdmin, password)
VALUES($1, $2, $3, $4, $5, $6, $7, $8, $9)
returning *`;
const values = [
uuidv4(),
req.body.firstname,
req.body.lastname,
req.body.othername,
req.body.email,
req.body.phoneNumber,
req.body.passportUrl,
false,
hashPassword
];
和我的帮助文件的一部分
generateToken(id, isAdmin) {
const token = jwt.sign({
userId: id,
role: isAdmin
},
process.env.SECRET, { expiresIn: '1d' }
);
return token;
}
我希望只有管理员才能访问某些路由。我想不出一种方法来测试用户是否是管理员,以授予或限制访问权限