21 lines
549 B
JavaScript
21 lines
549 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
const { sendError } = require("../utils/http");
|
|
|
|
function auth(req, res, next) {
|
|
const header = req.headers.authorization;
|
|
if (!header) return sendError(res, 401, "Missing token");
|
|
|
|
const token = header.split(" ")[1];
|
|
if (!token) return sendError(res, 401, "Invalid token format");
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = decoded; // id + role
|
|
next();
|
|
} catch (err) {
|
|
sendError(res, 401, "Invalid or expired token");
|
|
}
|
|
}
|
|
|
|
module.exports = auth;
|