32 lines
1014 B
JavaScript
32 lines
1014 B
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requireAuth = requireAuth;
|
|
exports.requireRole = requireRole;
|
|
const jwt_1 = require("../lib/jwt");
|
|
function requireAuth(req, res, next) {
|
|
const authHeader = req.headers.authorization;
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res.status(401).json({ error: 'Unauthorized' });
|
|
}
|
|
const token = authHeader.split(' ')[1];
|
|
try {
|
|
const payload = (0, jwt_1.verifyAccessToken)(token);
|
|
req.user = payload;
|
|
next();
|
|
}
|
|
catch (err) {
|
|
return res.status(401).json({ error: 'Invalid or expired token' });
|
|
}
|
|
}
|
|
function requireRole(roles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: 'Unauthorized' });
|
|
}
|
|
if (!roles.includes(req.user.role)) {
|
|
return res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
next();
|
|
};
|
|
}
|
|
//# sourceMappingURL=auth.js.map
|