Initial commit: CMS backend for Old Vine Hotel

- Complete Express.js API server - MongoDB integration with Mongoose - Admin authentication and authorization - Room management (CRUD operations) - Booking management system - Guest management - Payment processing (Stripe integration) - Content management (pages, blog, gallery) - Media upload and management - Integration services (Booking.com, Expedia, Opera PMS, Trip.com) - Email notifications - Comprehensive logging and error handling
2026-01-06 12:21:56 +04:00
commit a3308a26e2
48 changed files with 15294 additions and 0 deletions
--- a/middleware/adminAuth.js
+++ b/middleware/adminAuth.js
@@ -0,0 +1,68 @@
+const jwt = require('jsonwebtoken');
+const Admin = require('../models/Admin'); // We'll create this model
+
+const adminAuth = async (req, res, next) => {
+  try {
+    // Get token from header
+    const token = req.header('Authorization')?.replace('Bearer ', '');
+    
+    if (!token) {
+      return res.status(401).json({
+        success: false,
+        message: 'Access denied. Admin authentication required.'
+      });
+    }
+
+    // Verify token
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // Check if the token indicates admin user
+    if (!decoded.isAdmin) {
+      return res.status(403).json({
+        success: false,
+        message: 'Access denied. Admin privileges required.'
+      });
+    }
+    
+    // Check if role is one of the allowed admin roles
+    const allowedRoles = ['super-admin', 'admin', 'editor', 'manager'];
+    if (!allowedRoles.includes(decoded.role)) {
+      return res.status(403).json({
+        success: false,
+        message: 'Access denied. Insufficient privileges.'
+      });
+    }
+
+    // Add admin info to request object
+    req.admin = {
+      id: decoded.id,
+      email: decoded.email,
+      role: decoded.role
+    };
+    
+    next();
+  } catch (error) {
+    console.error('Admin authentication error:', error.message);
+    
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid admin token'
+      });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({
+        success: false,
+        message: 'Admin token expired'
+      });
+    }
+    
+    res.status(500).json({
+      success: false,
+      message: 'Server error during admin authentication'
+    });
+  }
+};
+
+module.exports = adminAuth;