From d770621ec8ff9ef9ffb690d935f8348c9a3679b8 Mon Sep 17 00:00:00 2001
From: jessikitty <jess.rogerson.29@outlook.com>
Date: Wed, 3 Jun 2026 09:49:47 +1000
Subject: [PATCH] Add JWT issue/verify and auth middleware

---
 server/auth.js | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 server/auth.js

diff --git a/server/auth.js b/server/auth.js
new file mode 100644
index 0000000..189c316
--- /dev/null
+++ b/server/auth.js
@@ -0,0 +1,26 @@
+import jwt from "jsonwebtoken";
+
+const SECRET = process.env.JWT_SECRET;
+if (!SECRET) {
+  console.error("FATAL: JWT_SECRET is not set. Create a .env file (see .env.example).");
+  process.exit(1);
+}
+
+const TOKEN_TTL = "8h";
+
+export function issueToken(admin) {
+  return jwt.sign({ sub: admin.id, username: admin.username }, SECRET, { expiresIn: TOKEN_TTL });
+}
+
+// Express middleware: requires a valid Bearer token
+export function requireAuth(req, res, next) {
+  const header = req.get("authorization") || "";
+  const match = header.match(/^Bearer (.+)$/i);
+  if (!match) return res.status(401).json({ error: "Missing token" });
+  try {
+    req.admin = jwt.verify(match[1], SECRET);
+    next();
+  } catch {
+    return res.status(401).json({ error: "Invalid or expired token" });
+  }
+}