Implement authentication for admin users

Tumelo2748 commented 1 month ago

Description:

This PR adds authentication middleware for securing our applications using JWT.

Key Changes:

Admin Controller:
- Added registerAdmin and loginAdmin controllers to handle authentication logic.
Middleware:
- Added authenticateToken and isAdmin middleware to protect admin-only routes.

How Has This Been Tested?

Locally tested:
- Admin registration and login using JWT tokens.
- Protecting admin-only routes with authenticateToken and isAdmin middleware.

Related Issue:

Closes #10

Checklist:

[x] Created admin registration and login logic to controllers.
[x] Created middleware to protect admin routes.
[x] Locally tested and verified.

PhamelaMhlaba commented 1 month ago

Great job on implementing the authentication system for admin users using JWT! I see you have added the registerAdmin and loginAdmin controllers and middleware like authenticateToken and isAdmin to secure the routes.

Since I'm still learning, I have a quick question: How does the authenticateToken middleware handle cases when a token is invalid?

Thanks for taking the time for testing the features locally!

Tumelo2748 commented 1 month ago

So Jwt use verify to check if a token is valid or not, It check whether the token is expired or not Another way it checks if a token is valid or not is by checking if the jwt matches with the secret key

High-Table-Consortium / fullstack-capstone-dockerized