64 lines
1.4 KiB
JavaScript
64 lines
1.4 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const { User } = require('../models');
|
|
|
|
async function authenticateToken(req, res, next) {
|
|
const authHeader = req.headers['authorization'];
|
|
const token = authHeader && authHeader.split(' ')[1];
|
|
|
|
if (!token) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Access token required'
|
|
});
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
const user = await User.findByPk(decoded.userId, {
|
|
attributes: ['id', 'username', 'email', 'role', 'is_active']
|
|
});
|
|
|
|
if (!user || !user.is_active) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Invalid or inactive user'
|
|
});
|
|
}
|
|
|
|
req.user = user;
|
|
next();
|
|
} catch (error) {
|
|
console.error('Token verification error:', error);
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Invalid or expired token'
|
|
});
|
|
}
|
|
}
|
|
|
|
function requireRole(roles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Authentication required'
|
|
});
|
|
}
|
|
|
|
const userRoles = Array.isArray(roles) ? roles : [roles];
|
|
if (!userRoles.includes(req.user.role)) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Insufficient permissions'
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
module.exports = {
|
|
authenticateToken,
|
|
requireRole
|
|
};
|