29 lines
878 B
JavaScript
29 lines
878 B
JavaScript
import jwt from "jsonwebtoken";
|
|
|
|
// require a valid JWT in Authorization: Bearer <token>
|
|
export function requireAuth(req, res, next) {
|
|
const auth = req.headers.authorization || "";
|
|
const [scheme, token] = auth.split(" ");
|
|
if (scheme !== "Bearer" || !token) {
|
|
return res.status(401).json({ error: "Not authenticated" });
|
|
}
|
|
try {
|
|
const payload = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = { id: payload.sub, role: payload.role };
|
|
next();
|
|
} catch {
|
|
res.status(401).json({ error: "Invalid token" });
|
|
}
|
|
}
|
|
|
|
// ensure the user has a specific role
|
|
export function requireRole(role) {
|
|
return (req, res, next) => {
|
|
if (!req.user) return res.status(401).json({ error: "Not authenticated" });
|
|
if (req.user.role !== role) {
|
|
return res.status(403).json({ error: "Forbidden" });
|
|
}
|
|
next();
|
|
};
|
|
}
|