20 lines
506 B
JavaScript
20 lines
506 B
JavaScript
import jwt from "jsonwebtoken";
|
|
|
|
export function authMiddleware(req, res, next) {
|
|
const header = req.headers.authorization;
|
|
|
|
if (!header?.startsWith("Bearer ")) {
|
|
return res.status(401).json({ error: "Missing token" });
|
|
}
|
|
|
|
const token = header.split(" ")[1];
|
|
|
|
try {
|
|
req.user = jwt.verify(token, process.env.JWT_SECRET);
|
|
next();
|
|
} catch (err) {
|
|
console.error("JWT verification failed:", err.message);
|
|
return res.status(401).json({ error: "Invalid or expired token" });
|
|
}
|
|
}
|