Fixes for Admin Login, @somaiya.edu validation, and Password Visibility

server/middleware/verifyAdmin.js

@@ -0,0 +1,25 @@
+const jwt = require("jsonwebtoken");
+
+const verifyAdmin = (req, res, next) => {
+  try {
+    const token = req.cookies.token; // Ensure you are using cookies for auth
+    if (!token) {
+      return res
+        .status(401)
+        .json({ message: "Access denied. No token provided." });
+    }
+
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    // Check if user is admin based on the 'isAdmin' boolean in the token
+    if (!decoded.isAdmin) {
+      return res.status(403).json({ message: "Access denied. Admins only." });
+    }
+
+    req.user = decoded; // Attach user data to the request
+    next();
+  } catch (error) {
+    res.status(401).json({ message: "Invalid or expired token" });
+  }
+};
+
+module.exports = verifyAdmin;