50 lines
928 B
JavaScript
50 lines
928 B
JavaScript
const jwt = require('jsonwebtoken');
|
|
|
|
function authenticateToken(req, res, next) {
|
|
|
|
const authHeader = req.headers.authorization;
|
|
|
|
if (!authHeader) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Access denied. No token provided.'
|
|
});
|
|
}
|
|
|
|
const token = authHeader.split(' ')[1];
|
|
|
|
try {
|
|
const decoded = jwt.verify(
|
|
token,
|
|
process.env.JWT_SECRET
|
|
);
|
|
|
|
req.user = decoded;
|
|
|
|
next();
|
|
|
|
} catch (err) {
|
|
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Invalid token.'
|
|
});
|
|
|
|
}
|
|
}
|
|
function requireAdmin(req, res, next) {
|
|
|
|
if (req.user.role !== 'admin') {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Admin access required'
|
|
});
|
|
}
|
|
|
|
next();
|
|
}
|
|
|
|
module.exports = { authenticateToken, requireAdmin };
|
|
|
|
|