First fully working user management, move to layout groups

src/routes/api/add/+server.ts

@@ -1,28 +1,30 @@
 import type { RequestHandler } from '@sveltejs/kit';
 import { Recipe } from '../../../models/Recipe';
 import { dbConnect, dbDisconnect } from '../../../utils/db';
-import type {RecipeModelType} from '../../../types/types';
-import { BEARER_TOKEN } from '$env/static/private'
 import { error } from '@sveltejs/kit';
+import { authenticateUser } from '$lib/js/authenticate';;
 // header: use for bearer token for now
 // recipe json in body
-export const POST: RequestHandler = async ({request}) => {
-  let message = await request.json()
-  const recipe_json = message.recipe
-  const bearer_token = message.headers.bearer
-  if(bearer_token === BEARER_TOKEN){
-  	await dbConnect();
-	try{
-		await Recipe.create(recipe_json);
-	} catch(e){
-		throw error(400, e)
-	}
-  	await dbDisconnect();
-	return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
-			    status: 200,
-  	});
-	}
-  else{
-	throw error(403, "Password incorrect")
-	}
+export const POST: RequestHandler = async ({request, cookies}) => {
+	let message = await request.json()
+  	const recipe_json = message.recipe
+  	const user = await authenticateUser(cookies)
+  	if(!user){
+  		throw error(401, "Not logged in")
+  	}
+  	if(!user.access.includes("rezepte")){
+  	      	throw error(401, "This user does not have permissions to add recipes")
+  	}
+  	else{
+		await dbConnect();
+  		try{
+  	      		await Recipe.create(recipe_json);
+  		} catch(e){
+  	      		throw error(400, e)
+  	      	}
+  		await dbDisconnect();
+  	      	return new Response(JSON.stringify({msg: "Added recipe successfully"}),{
+  	      		    status: 200,
+  		});
+  	}
 };