shell bypass 403
const express = require('express');
const router = express.Router();
const bcrypt = require('bcryptjs');
const jwt = require('jsonwebtoken');
const JWT_SECRET = "l!TtLeGr()O//En";
const Admin = require('../../schema/Admin')
router.post('/register', async (req, res) => {
try {
const { name, email, password } = req.body
console.log('body', req.body)
if (name && email && password) {
const checkAdmin = await Admin.findOne({ email })
if (checkAdmin) {
return res.redirect("/sites/little-groovin-guitar/admin/login?error=Email Address Already Used...")
}
const salt = await bcrypt.genSalt(10)
const hashPassword = await bcrypt.hash(password, salt)
newAdmin = await Admin.create({ name, email, password: hashPassword })
const fetchAdmin = await Admin.findOne({ email })
const { _id } = fetchAdmin
const admin = {
id: _id, name, email
}
const authtoken = jwt.sign(admin, JWT_SECRET);
return res.status(200)
// .cookie('authtoken', authtoken)
.redirect("/sites/little-groovin-guitar/admin-panel/students?message=admin-panel?message=students Registered Successfully...")
}
else {
console.log(req.body)
return res.redirect("/sites/little-groovin-guitar/admin/login?error=Invalid Form Data...")
}
}
catch (err) {
console.log(err);
console.log(err.message);
return res.redirect("/sites/little-groovin-guitar/admin/login?error=" + err.message)
}
})
router.post('/login', async (req, res) => {
try {
const { email, password } = req.body
console.log({ email, password })
// return
const checkAdmin = await Admin.findOne({ email })
if (checkAdmin) {
const passwordCompare = await bcrypt.compare(password, checkAdmin.password);
if (passwordCompare) {
const { _id, email} = checkAdmin
const admin = {
id: _id, email
}
const authtoken = jwt.sign(admin, JWT_SECRET);
console.log(authtoken)
return res.status(200).cookie('authtoken', authtoken).redirect("/sites/little-groovin-guitar/admin" + '?message=Admin Logged In Successfully...')
}
else {
console.log("Invalid Password")
return res.status(422).redirect("/sites/little-groovin-guitar/admin/login" + '?error="Invalid Credentials')
}
}
else {
console.log("Invalid Email")
return res.status(422).redirect("/sites/little-groovin-guitar/admin/login" + '?error="Invalid Credentials')
}
}
catch (err) {
console.log(err.message);
return res.status(422).redirect("/sites/little-groovin-guitar/admin/login?error=" + err.message)
}
})
router.get('/logout', async (req, res) => {
res.clearCookie('authtoken')
return res.status(200).redirect('/sites/little-groovin-guitar/?message=Admin Logged Out...')
})
router.get("/register-child" , (req, res) =>{
return res.render("admin/register-child")
})
router.get('/delete/:id', async (req, res) => {
try {
const adminId = req.params.id;
await Admin.findByIdAndDelete(adminId);
console.log(`Admin with ID ${adminId} deleted.`);
res.redirect('/sites/little-groovin-guitar/admin-panel/students'); // Redirect to the admin list
} catch (error) {
console.error("Error deleting admin:", error);
res.status(500).send("Server Error");
}
});
module.exports = router