"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireAuth = requireAuth; exports.requireRole = requireRole; const jwt_1 = require("../lib/jwt"); function requireAuth(req, res, next) { const authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith('Bearer ')) { return res.status(401).json({ error: 'Unauthorized' }); } const token = authHeader.split(' ')[1]; try { const payload = (0, jwt_1.verifyAccessToken)(token); req.user = payload; next(); } catch (err) { return res.status(401).json({ error: 'Invalid or expired token' }); } } function requireRole(roles) { return (req, res, next) => { if (!req.user) { return res.status(401).json({ error: 'Unauthorized' }); } if (!roles.includes(req.user.role)) { return res.status(403).json({ error: 'Forbidden' }); } next(); }; } //# sourceMappingURL=auth.js.map