Initial commit

server/middleware/auth.js

@@ -0,0 +1,63 @@
+const jwt = require('jsonwebtoken');
+const { User } = require('../models');
+
+async function authenticateToken(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+
+  if (!token) {
+    return res.status(401).json({
+      success: false,
+      message: 'Access token required'
+    });
+  }
+
+  try {
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    const user = await User.findByPk(decoded.userId, {
+      attributes: ['id', 'username', 'email', 'role', 'is_active']
+    });
+
+    if (!user || !user.is_active) {
+      return res.status(401).json({
+        success: false,
+        message: 'Invalid or inactive user'
+      });
+    }
+
+    req.user = user;
+    next();
+  } catch (error) {
+    console.error('Token verification error:', error);
+    return res.status(403).json({
+      success: false,
+      message: 'Invalid or expired token'
+    });
+  }
+}
+
+function requireRole(roles) {
+  return (req, res, next) => {
+    if (!req.user) {
+      return res.status(401).json({
+        success: false,
+        message: 'Authentication required'
+      });
+    }
+
+    const userRoles = Array.isArray(roles) ? roles : [roles];
+    if (!userRoles.includes(req.user.role)) {
+      return res.status(403).json({
+        success: false,
+        message: 'Insufficient permissions'
+      });
+    }
+
+    next();
+  };
+}
+
+module.exports = {
+  authenticateToken,
+  requireRole
+};