Add and implement test so that only admin users can access analytics

routes/log.js

@@ -67,6 +67,17 @@ router.post('/', async (req, res) => {
 	}
 })
 
+router.all('*', (req, res, next) => {
+	if(req.session.admin) {
+		next()
+	} else {
+		res.status(401)
+		res.json({
+			errors: [Errors.requestNotAuthorized]
+		})
+	}
+})
+
 router.get('/top-threads', async (req, res) => {
 	try {
 		let logs = await Log.findAll({

test/log.js

@@ -252,7 +252,7 @@ describe('Log', () => {
 		})
 
 		it('should return top 3 threads', async () => {
-			let res = await user.get('/api/v1/log/top-threads')
+			let res = await admin.get('/api/v1/log/top-threads')
 
 			res.body[0].should.have.deep.property('Thread.name', 'thread3')
 			res.body[1].should.have.deep.property('Thread.name', 'thread')
@@ -263,6 +263,20 @@ describe('Log', () => {
 			res.body[1].should.have.property('pageViews', 6)
 			res.body[2].should.have.property('pageViews', 3)
 		})
+
+		it('should return an error if not an admin', done => {
+			user
+				.get('/api/v1/log/top-threads')
+				.end((err, res) => {
+					res.should.have.status(401)
+					
+					res.body.errors.should.contain.something.that.deep.equals(
+						Errors.requestNotAuthorized
+					)
+
+					done()
+				})
+		})
 	})
 
 	after(() => sequelize.sync({ force: true }))