feat: implement GET /comments route for admins to retrieve all comments

[benoit-bremaud]

Summary

This pull request implements the GET /comments route that allows administrators to retrieve all comments. This route is secured and accessible only to users with admin privileges.

Changes Implemented

• Created getAllComments method in commentController to handle retrieving all comments.
• Added authentication middleware (authenticateToken) to protect the route.
• Added authorization middleware (isAdmin) to ensure only admins can access this route.
• Verified functionality with Postman tests using both admin and non-admin accounts.

How to Test

1. Retrieve All Comments as Admin:

   • Send a GET request to http://localhost:5000/api/comments with a valid admin token in the Authorization header.
   • Ensure the response includes all comments.

2. Unauthorized Access Attempt:

   • Send a GET request to http://localhost:5000/api/comments with a non-admin token in the Authorization header.
   • Ensure the response is 403 Forbidden with a message "Access denied: Admins only".

Example Request (Admin)

GET /comments HTTP/1.1
Host: localhost:5000
Authorization: Bearer <admin_token>

Example Response

[
    {
        "_id": "669b31e121af94e2afcdd82f",
        "content": "Looking forward to this event!",
        "author": "669b2fba21af94e2afcdd828",
        "event": "669b314e21af94e2afcdd82d",
        "status": "pending",
        "createdAt": "2024-07-20T03:41:21.577Z",
        "updatedAt": "2024-07-20T03:41:21.578Z",
        "__v": 0
    },
    {
        "_id": "669b320521af94e2afcdd831",
        "content": "The last event was amazing, can't wait for this one!",
        "author": "669b2fba21af94e2afcdd828",
        "event": "669b314e21af94e2afcdd82d",
        "status": "pending",
        "createdAt": "2024-07-20T03:41:57.020Z",
        "updatedAt": "2024-07-20T03:41:57.020Z",
        "__v": 0
    }
]

Resolves #146