Issue in solution of week-3/04-mongo-with-jwt-auth assignment
aviralvardiya opened this issue · comments
week-3/04-mongo-with-jwt-auth/solution/middleware/admin.js
week-3/04-mongo-with-jwt-auth/solution/middleware/admin.js
In both the above mentioned files, the middleware just checks if the token is valid or not. However, it does not distinguish whether the token sent corresponds to a user or an admin. Consequently, a user can potentially access admin features by providing their token, and vice versa.
After token verification, the middleware should additionally validate whether the associated username belongs to an admin. If not, it should send an authentication failed error.