admin/3dtours
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Khởi tạo dự án 3dtours

Browse Source
This commit is contained in:
locphamtran
2026-06-07 16:55:00 +07:00
commit 10d2e07297
18 changed files with 3333 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/middlewares/authMiddleware.js
+46
View File
@@ -0,0 +1,46 @@
const jwt = require('jsonwebtoken');
const User = require('../models/User');
/**
* Strict authentication middleware. Rejects requests without a valid JWT.
*/
const protect = async (req, res, next) => {
let token;
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
try {
token = req.headers.authorization.split(' ')[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decoded.id).select('-password');
if (!req.user) {
return res.status(401).json({ message: 'User not found' });
}
return next();
} catch (error) {
return res.status(401).json({ message: 'Not authorized, token failed' });
}
}
return res.status(401).json({ message: 'Not authorized, no token provided' });
};
/**
* Optional authentication middleware. Populates req.user if a valid token is present,
* but allows the request to proceed as a guest if no token is found.
*/
const optionalAuth = async (req, res, next) => {
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
try {
const token = req.headers.authorization.split(' ')[1];
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = await User.findById(decoded.id).select('-password');
} catch (error) {
// Ignore error and continue as guest
}
}
next();
};
module.exports = {
protect,
optionalAuth
};