Secured the adminpage and createnewblog page to be accessed by admins…

… only
Oliviier-dev · Mar 18, 2024 · 050eaf2 · 050eaf2
1 parent ca94f78
commit 050eaf2
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/UI/Javascript/login-check.js b/UI/Javascript/login-check.js
@@ -1,5 +1,39 @@
 document.addEventListener('DOMContentLoaded', function() {
 
+    function getCookie(name) {
+        const cookieString = document.cookie;
+        const cookies = cookieString.split('; ');
+        for (let i = 0; i < cookies.length; i++) {
+            const cookie = cookies[i];
+            const [cookieName, cookieValue] = cookie.split('=');
+            if (cookieName === name) {
+                return decodeURIComponent(cookieValue);
+            }
+        }
+        return null;
+    }
+
+    // Check if the user is on an admin-only page
+    if (window.location.pathname.includes("adminpage.html") || window.location.pathname.includes("createnewblog.html")) {
+        // Check if user has admin JWT
+        var tokenCookie = getCookie('jwt');
+        if (!tokenCookie) {
+            window.location.href = "../../index.html"; // Redirect to home page
+        } else {
+            // Decode the JWT token payload
+            var parts = tokenCookie.split('.');
+            var payload = parts[1];
+            var decodedPayload = JSON.parse(atob(payload));
+            console.log("Decoded Payload:", decodedPayload.role);
+
+            if (decodedPayload.role !== 'admin') {
+                window.location.href = "../../index.html"; // Redirect to home page
+            }
+        }
+    }
+
+
+
 let loginoutButtons = document.querySelectorAll('.loginout-btn');
 let homeorAdminLink = document.querySelectorAll('.homeOrAdmin');