47 lines
1.5 KiB
JavaScript
47 lines
1.5 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const User = require('../models/User');
|
|
|
|
/**
|
|
* Strict authentication middleware. Rejects requests without a valid JWT.
|
|
*/
|
|
const protect = async (req, res, next) => {
|
|
let token;
|
|
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
|
|
try {
|
|
token = req.headers.authorization.split(' ')[1];
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = await User.findById(decoded.id).select('-password');
|
|
if (!req.user) {
|
|
return res.status(401).json({ message: 'User not found' });
|
|
}
|
|
return next();
|
|
} catch (error) {
|
|
return res.status(401).json({ message: 'Not authorized, token failed' });
|
|
}
|
|
}
|
|
|
|
return res.status(401).json({ message: 'Not authorized, no token provided' });
|
|
};
|
|
|
|
/**
|
|
* Optional authentication middleware. Populates req.user if a valid token is present,
|
|
* but allows the request to proceed as a guest if no token is found.
|
|
*/
|
|
const optionalAuth = async (req, res, next) => {
|
|
if (req.headers.authorization && req.headers.authorization.startsWith('Bearer')) {
|
|
try {
|
|
const token = req.headers.authorization.split(' ')[1];
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = await User.findById(decoded.id).select('-password');
|
|
} catch (error) {
|
|
// Ignore error and continue as guest
|
|
}
|
|
}
|
|
next();
|
|
};
|
|
|
|
module.exports = {
|
|
protect,
|
|
optionalAuth
|
|
};
|