83 lines
1.9 KiB
JavaScript
83 lines
1.9 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const { User } = require('../models');
|
|
|
|
async function authenticateToken(req, res, next) {
|
|
const authHeader = req.headers['authorization'];
|
|
const token = authHeader && authHeader.split(' ')[1];
|
|
|
|
if (!token) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Access token required'
|
|
});
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
|
|
// Log what's in the token for debugging
|
|
console.log('🔍 JWT Token decoded:', {
|
|
userId: decoded.userId,
|
|
username: decoded.username,
|
|
role: decoded.role,
|
|
tenantId: decoded.tenantId,
|
|
provider: decoded.provider
|
|
});
|
|
|
|
const user = await User.findByPk(decoded.userId, {
|
|
attributes: ['id', 'username', 'email', 'role', 'is_active', 'tenant_id']
|
|
});
|
|
|
|
if (!user || !user.is_active) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Invalid or inactive user'
|
|
});
|
|
}
|
|
|
|
req.user = user;
|
|
|
|
// Extract tenant info from JWT token if available
|
|
if (decoded.tenantId) {
|
|
req.tenantId = decoded.tenantId;
|
|
console.log('✅ Tenant context set:', decoded.tenantId);
|
|
} else {
|
|
console.log('⚠️ No tenantId in JWT token');
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error('Token verification error:', error);
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Invalid or expired token'
|
|
});
|
|
}
|
|
}
|
|
|
|
function requireRole(roles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Authentication required'
|
|
});
|
|
}
|
|
|
|
const userRoles = Array.isArray(roles) ? roles : [roles];
|
|
if (!userRoles.includes(req.user.role)) {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Insufficient permissions'
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
module.exports = {
|
|
authenticateToken,
|
|
requireRole
|
|
};
|