diff options
| author |   Biswa Kalyan Bhuyan <[email protected]>
| 2025-04-29 10:47:43 +0530 |
|---|---|---|
| committer | Biswa Kalyan Bhuyan <[email protected]>
| 2025-04-29 10:47:43 +0530 |
| commit | a2e0a65b2599267efe94d665d6305f59b225bbd5 (patch) | |
| tree | e2cef2031e3f7655e0c5f419020a3f1064c3b7b8 /backend/src/middleware | |
| parent | 570bf0f3f065d583d6f94ecfc61aae93ba3e43de (diff) | |
| download | restaurant-master.tar.gz restaurant-master.tar.bz2 restaurant-master.zip | |
Diffstat (limited to 'backend/src/middleware')
| -rw-r--r-- | backend/src/middleware/auth.middleware.js | 63 | ||||
| -rw-r--r-- | backend/src/middleware/error.middleware.js | 40 |
2 files changed, 103 insertions, 0 deletions
diff --git a/backend/src/middleware/auth.middleware.js b/backend/src/middleware/auth.middleware.js new file mode 100644 index 0000000..62c7aa9 --- /dev/null +++ b/backend/src/middleware/auth.middleware.js @@ -0,0 +1,63 @@ +const { verifyToken } = require('../utils/jwt'); +const User = require('../models/User'); + +/** + * Authentication middleware + * @param {Object} req - Express request object + * @param {Object} res - Express response object + * @param {Function} next - Express next function + */ +const authenticate = async (req, res, next) => { + try { + let token; + + // Get token from Authorization header + if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) { + token = req.headers.authorization.split(' ')[1]; + } + + if (!token) { + return res.status(401).json({ message: 'Authentication required. Please log in.' }); + } + + // Verify token + const decoded = verifyToken(token); + + // Find user by id + const user = await User.findById(decoded.id); + + if (!user || !user.active) { + return res.status(401).json({ message: 'The user no longer exists or is inactive.' }); + } + + // Attach user to request object + req.user = user; + next(); + } catch (error) { + res.status(401).json({ message: 'Authentication failed. Invalid token.' }); + } +}; + +/** + * Authorization middleware factory + * @param {String[]} roles - Array of allowed roles + * @returns {Function} Express middleware + */ +const authorize = (...roles) => { + return (req, res, next) => { + if (!req.user) { + return res.status(401).json({ message: 'Authentication required.' }); + } + + if (!roles.includes(req.user.role)) { + return res.status(403).json({ message: 'You do not have permission to perform this action.' }); + } + + next(); + }; +}; + +module.exports = { + authenticate, + authorize +};
\ No newline at end of file diff --git a/backend/src/middleware/error.middleware.js b/backend/src/middleware/error.middleware.js new file mode 100644 index 0000000..e037cff --- /dev/null +++ b/backend/src/middleware/error.middleware.js @@ -0,0 +1,40 @@ +const env = require('../config/env'); + +/** + * Not found error handler middleware + * @param {Object} req - Express request object + * @param {Object} res - Express response object + * @param {Function} next - Express next function + */ +const notFound = (req, res, next) => { + const error = new Error(`Not Found - ${req.originalUrl}`); + res.status(404); + next(error); +}; + +/** + * General error handler middleware + * @param {Error} err - Error object + * @param {Object} req - Express request object + * @param {Object} res - Express response object + * @param {Function} next - Express next function + */ +const errorHandler = (err, req, res, next) => { + // Log the error + console.error(err.stack); + + // Set status code + const statusCode = res.statusCode === 200 ? 500 : res.statusCode; + + // Send response + res.status(statusCode).json({ + message: err.message, + stack: env.NODE_ENV === 'production' ? '🥞' : err.stack, + error: env.NODE_ENV === 'development' ? err : {} + }); +}; + +module.exports = { + notFound, + errorHandler +};
\ No newline at end of file |