this is setup of book management app's backend
- server.js file
- config dir
- db.js file to connect the database with our server
- .env file for the environment variables
- userSchema.js
- userModel.js
- routes dir
- userRouter.js
a. registration route
b. login route
- we'll assign token to the each user once the user logged in and send the token as to id card
- bookSchema.js
- bookModel.js
- bookRouter.js --> perform CRUD operations
a. POST Router to create a book
b. GET Router to read books
c. Patch/update a book
d. Delete a book
- middleware dir
a. authMiddleware.js
### PROBLEM
- understand why do we need authorization check[x]
- update the schema of books check[x]
- update the login router and send userId and username as payload in token
- update in middleware and we'll log and see the payload once it gets decoded check[x]
### SOLUTION how we can build the authorization
- we'll send the user details in the form of payload as token
- we'll decode the token in the middleware and attach with req.body
- we'll create the books with userDetails check[x]
- one to many relationship
- user a ===> multiple books
- we'll add authorization part-3 to so only authorized person can access their books
- update the user Schema -> check[x]
- update book Schema -> check[x]
- update Router following:
a. users - > Sign-up and login
b. books
- middlewares dir
a. access.js --> it will take role as argument and verify the role to perform CRUD operations
- Test API with RBAC
- creator - > Create book, update book, delete book
NOTE : `Add auth middleware before access middleware to perfom CRUD`
- can the multiple roles get access to read the books ? "Yes" -> check the routers of book
- we'll perfom in the booksRouter.get() method
- update book Schema
- update the router bookRouter.get() method
- update the router bookRouter.get() method