feat: Mechanisme voor automatische aanmaak en update van accounts aangemaakt.

backend/src/routes/auth.ts

@@ -1,13 +1,15 @@
 import express from 'express';
-import { getFrontendAuthConfig } from '../controllers/auth.js';
+import {handleGetFrontendAuthConfig, handleHello} from '../controllers/auth.js';
 import {authenticatedOnly, studentsOnly, teachersOnly} from "../middleware/auth/checks/auth-checks";
 
 const router = express.Router();
 
 // Returns auth configuration for frontend
-router.get('/config', (_req, res) => {
-    res.json(getFrontendAuthConfig());
-});
+router.get('/config', handleGetFrontendAuthConfig);
+
+// This endpoint is called by the client when the user has just logged in.
+// It creates or updates the user entity based on the authentication data the endpoint was called with.
+router.post('/hello', authenticatedOnly, handleHello);
 
 router.get('/testAuthenticatedOnly', authenticatedOnly, (_req, res) => {
     /* #swagger.security = [{ "student": [ ] }, { "teacher": [ ] }] */

backend/src/routes/students.ts

@@ -12,13 +12,16 @@ import {
 } from '../controllers/students.js';
 import joinRequestRouter from './student-join-requests.js';
 import {onlyAllowUserHimself} from "../middleware/auth/checks/user-auth-checks";
+import {adminOnly} from "../middleware/auth/checks/auth-checks";
 
 const router = express.Router();
 
 // Root endpoint used to search objects
-router.get('/', getAllStudentsHandler);
+router.get('/', adminOnly, getAllStudentsHandler);
 
-router.post('/', createStudentHandler);
+// Users will be created automatically when some resource is created for them. Therefore, this endpoint
+// can only be used by an administrator.
+router.post('/', adminOnly, createStudentHandler);
 
 router.delete('/:username', onlyAllowUserHimself, deleteStudentHandler);
 

backend/src/routes/teachers.ts

@@ -10,26 +10,29 @@ import {
     getTeacherStudentHandler,
     updateStudentJoinRequestHandler,
 } from '../controllers/teachers.js';
+import {adminOnly} from "../middleware/auth/checks/auth-checks";
+import {onlyAllowUserHimself} from "../middleware/auth/checks/user-auth-checks";
+import {onlyAllowTeacherOfClass} from "../middleware/auth/checks/class-auth-checks";
 const router = express.Router();
 
 // Root endpoint used to search objects
-router.get('/', getAllTeachersHandler);
+router.get('/', adminOnly, getAllTeachersHandler);
 
-router.post('/', createTeacherHandler);
+router.post('/', adminOnly, createTeacherHandler);
 
-router.get('/:username', getTeacherHandler);
+router.get('/:username', onlyAllowUserHimself, getTeacherHandler);
 
-router.delete('/:username', deleteTeacherHandler);
+router.delete('/:username', onlyAllowUserHimself, deleteTeacherHandler);
 
-router.get('/:username/classes', getTeacherClassHandler);
+router.get('/:username/classes', onlyAllowUserHimself, getTeacherClassHandler);
 
-router.get('/:username/students', getTeacherStudentHandler);
+router.get('/:username/students', onlyAllowUserHimself, getTeacherStudentHandler);
 
-router.get('/:username/questions', getTeacherQuestionHandler);
+router.get('/:username/questions', onlyAllowUserHimself, getTeacherQuestionHandler);
 
-router.get('/:username/joinRequests/:classId', getStudentJoinRequestHandler);
+router.get('/:username/joinRequests/:classId', onlyAllowTeacherOfClass, getStudentJoinRequestHandler);
 
-router.put('/:username/joinRequests/:classId/:studentUsername', updateStudentJoinRequestHandler);
+router.put('/:username/joinRequests/:classId/:studentUsername', onlyAllowTeacherOfClass, updateStudentJoinRequestHandler);
 
 // Invitations to other classes a teacher received
 router.get('/:id/invitations', (_req, res) => {