35 lines
951 B
JavaScript
35 lines
951 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
const { User } = require("../models"); // Import from models/index.js to get models with associations
|
|
|
|
const authenticateToken = async (req, res, next) => {
|
|
const authHeader = req.headers["authorization"];
|
|
const token = authHeader && authHeader.split(" ")[1];
|
|
|
|
if (!token) {
|
|
return res.status(401).json({ error: "Access token required" });
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
const userId = decoded.id;
|
|
|
|
if (!userId) {
|
|
return res.status(401).json({ error: "Invalid token format" });
|
|
}
|
|
|
|
const user = await User.findByPk(userId);
|
|
|
|
if (!user) {
|
|
return res.status(401).json({ error: "User not found" });
|
|
}
|
|
|
|
req.user = user;
|
|
next();
|
|
} catch (error) {
|
|
console.error("Auth middleware error:", error);
|
|
return res.status(403).json({ error: "Invalid or expired token" });
|
|
}
|
|
};
|
|
|
|
module.exports = { authenticateToken };
|