blob: 62c7aa9700faab2b4e5d625dcc8d64242e8fd676 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
const { verifyToken } = require('../utils/jwt');
const User = require('../models/User');
/**
* Authentication middleware
* @param {Object} req - Express request object
* @param {Object} res - Express response object
* @param {Function} next - Express next function
*/
const authenticate = async (req, res, next) => {
try {
let token;
// Get token from Authorization header
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
token = req.headers.authorization.split(' ')[1];
}
if (!token) {
return res.status(401).json({ message: 'Authentication required. Please log in.' });
}
// Verify token
const decoded = verifyToken(token);
// Find user by id
const user = await User.findById(decoded.id);
if (!user || !user.active) {
return res.status(401).json({ message: 'The user no longer exists or is inactive.' });
}
// Attach user to request object
req.user = user;
next();
} catch (error) {
res.status(401).json({ message: 'Authentication failed. Invalid token.' });
}
};
/**
* Authorization middleware factory
* @param {String[]} roles - Array of allowed roles
* @returns {Function} Express middleware
*/
const authorize = (...roles) => {
return (req, res, next) => {
if (!req.user) {
return res.status(401).json({ message: 'Authentication required.' });
}
if (!roles.includes(req.user.role)) {
return res.status(403).json({ message: 'You do not have permission to perform this action.' });
}
next();
};
};
module.exports = {
authenticate,
authorize
};
|
