-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauthMiddleware.js
More file actions
44 lines (35 loc) · 1.35 KB
/
authMiddleware.js
File metadata and controls
44 lines (35 loc) · 1.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
const jwt = require('jsonwebtoken');
const { getUserById } = require('../lib/repo');
const protect = async (req, res, next) => {
try {
console.log('protect middleware: auth header present =', Boolean(req.headers.authorization));
const authHeader = req.headers.authorization;
if (!authHeader || !authHeader.startsWith('Bearer ')) {
return res.status(401).json({ message: 'No token, not authorized' });
}
const token = authHeader.split(' ')[1];
if (!process.env.JWT_SECRET) {
console.error('FATAL: JWT_SECRET env var is not set');
return res.status(500).json({ message: 'Server misconfiguration' });
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
console.log('protect middleware: token decoded for user id =', decoded.id);
const user = await getUserById(decoded.id);
if (!user) {
return res.status(401).json({ message: 'User no longer exists' });
}
req.user = user;
next();
} catch (err) {
console.error('protect middleware error:', err.message);
if (
err.name === 'JsonWebTokenError' ||
err.name === 'TokenExpiredError' ||
err.name === 'CastError'
) {
return res.status(401).json({ message: 'Not authorized, token failed' });
}
return res.status(500).json({ message: 'Auth middleware error' });
}
};
module.exports = { protect };