feat: Add token-based authorization to category deletion and enhance user registration with error handling and audit logging.

2026-02-12 17:55:45 +07:00 · 2026-02-12 17:55:45 +07:00 · af14610442
commit af14610442
parent 45941fbe6c
16 changed files with 1003 additions and 236 deletions
--- a/Backend/src/controllers/AdminCourseApprovalController.ts
+++ b/Backend/src/controllers/AdminCourseApprovalController.ts
@ -25,10 +25,8 @@ export class AdminCourseApprovalController {
    @Response('403', 'Forbidden - Admin only')
    public async listPendingCourses(@Request() request: any): Promise<ListPendingCoursesResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await AdminCourseApprovalService.listPendingCourses();
+        if (!token) throw new ValidationError('No token provided');
+        return await AdminCourseApprovalService.listPendingCourses(token);
    }

    /**
@ -44,10 +42,8 @@ export class AdminCourseApprovalController {
    @Response('404', 'Course not found')
    public async getCourseDetail(@Request() request: any, @Path() courseId: number): Promise<GetCourseDetailForAdminResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await AdminCourseApprovalService.getCourseDetail(courseId);
+        if (!token) throw new ValidationError('No token provided');
+        return await AdminCourseApprovalService.getCourseDetail(token, courseId);
    }

    /**
@ -68,9 +64,7 @@ export class AdminCourseApprovalController {
        @Body() body?: ApproveCourseBody
    ): Promise<ApproveCourseResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
+        if (!token) throw new ValidationError('No token provided');
        return await AdminCourseApprovalService.approveCourse(token, courseId, body?.comment);
    }

@ -92,9 +86,7 @@ export class AdminCourseApprovalController {
        @Body() body: RejectCourseBody
    ): Promise<RejectCourseResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
+        if (!token) throw new ValidationError('No token provided');
        return await AdminCourseApprovalService.rejectCourse(token, courseId, body.comment);
    }
 }
--- a/Backend/src/controllers/CategoriesController.ts
+++ b/Backend/src/controllers/CategoriesController.ts
@ -45,6 +45,6 @@ export class CategoriesAdminController {
    @Response('401', 'Invalid or expired token')
    public async deleteCategory(@Request() request: any, @Path() id: number): Promise<deleteCategoryResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '') || '';
-        return await this.categoryService.deleteCategory(id);
+        return await this.categoryService.deleteCategory(token,id);
    }
 }
--- a/Backend/src/controllers/RecommendedCoursesController.ts
+++ b/Backend/src/controllers/RecommendedCoursesController.ts
@ -22,10 +22,8 @@ export class RecommendedCoursesController {
    @Response('403', 'Forbidden - Admin only')
    public async listApprovedCourses(@Request() request: any): Promise<ListApprovedCoursesResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await RecommendedCoursesService.listApprovedCourses();
+        if (!token) throw new ValidationError('No token provided');
+        return await RecommendedCoursesService.listApprovedCourses(token);
    }

    /**
@ -42,10 +40,8 @@ export class RecommendedCoursesController {
    @Response('404', 'Course not found')
    public async getCourseById(@Request() request: any, @Path() courseId: number): Promise<GetCourseByIdResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
-        return await RecommendedCoursesService.getCourseById(courseId);
+        if (!token) throw new ValidationError('No token provided');
+        return await RecommendedCoursesService.getCourseById(token, courseId);
    }

    /**
@ -62,13 +58,11 @@ export class RecommendedCoursesController {
    @Response('404', 'Course not found')
    public async toggleRecommended(
        @Request() request: any,
-        @Path() courseId: number,   
+        @Path() courseId: number,
        @Query() is_recommended: boolean
    ): Promise<ToggleRecommendedResponse> {
        const token = request.headers.authorization?.replace('Bearer ', '');
-        if (!token) {
-            throw new ValidationError('No token provided');
-        }
+        if (!token) throw new ValidationError('No token provided');
        return await RecommendedCoursesService.toggleRecommended(token, courseId, is_recommended);
    }
 }