diff --git a/routes/postsRoutes.js b/routes/postsRoutes.js index c720983..3bdbb92 100644 --- a/routes/postsRoutes.js +++ b/routes/postsRoutes.js @@ -572,30 +572,51 @@ router.put( ); //Delete Routes -router.delete("/posts/delete/:id", async (req, res) => { - try { - const tokenDecode = req.authData; - if (!tokenDecode || !tokenDecode.id) { - return res.status(401).json({ message: "Unauthorized: Invalid token" }); - } - const deletedPost = await Post.destroy({ - where: { - id: req.params.id, - userId: tokenDecode.id, - }, - }); +router.delete( + "/posts/delete/:id", + authMiddleware.authenticateToken, + async (req, res) => { + try { + const tokenDecode = req.authData; - if (!deletedPost) { - return res - .status(404) - .json({ message: "Post not found or unauthorized" }); + if (!tokenDecode || !tokenDecode.id) { + return res.status(401).json({ message: "Unauthorized: Invalid token" }); + } + + const postId = req.params.id; + + const postToDelete = await Post.findOne({ + where: { + id: postId, + userId: tokenDecode.id, + }, + }); + + if (!postToDelete) { + return res + .status(404) + .json({ message: "Post not found or unauthorized" }); + } + const deletedPost = await Post.destroy({ + where: { + id: postId, + userId: tokenDecode.id, + }, + }); + + if (!deletedPost) { + return res + .status(404) + .json({ message: "Post not found or unauthorized" }); + } + + res.status(200).json({ message: "Post deleted successfully" }); + } catch (error) { + console.error("Error deleting post", error); + res.status(500).json({ message: "Internal server error" }); } - res.status(200).json({ message: "Post deleted successfully" }); - } catch (error) { - console.error("Error deleting post", error); - res.status(500).json({ message: "Internal server error" }); } -}); +); //update user router.put(