20 lines
543 B
JavaScript
20 lines
543 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
|
|
function auth(req, res, next) {
|
|
const header = req.headers.authorization;
|
|
if (!header) return res.status(401).json({ message: "Missing token" });
|
|
|
|
const token = header.split(" ")[1];
|
|
if (!token) return res.status(401).json({ message: "Invalid token format" });
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = decoded; // id + role
|
|
next();
|
|
} catch (err) {
|
|
res.status(401).json({ message: "Invalid or expired token" });
|
|
}
|
|
}
|
|
|
|
module.exports = auth;
|