27 lines
783 B
JavaScript
27 lines
783 B
JavaScript
import jwt from "jsonwebtoken";
|
|
|
|
const SECRET = process.env.JWT_SECRET;
|
|
if (!SECRET) {
|
|
console.error("FATAL: JWT_SECRET is not set. Create a .env file (see .env.example).");
|
|
process.exit(1);
|
|
}
|
|
|
|
const TOKEN_TTL = "8h";
|
|
|
|
export function issueToken(admin) {
|
|
return jwt.sign({ sub: admin.id, username: admin.username }, SECRET, { expiresIn: TOKEN_TTL });
|
|
}
|
|
|
|
// Express middleware: requires a valid Bearer token
|
|
export function requireAuth(req, res, next) {
|
|
const header = req.get("authorization") || "";
|
|
const match = header.match(/^Bearer (.+)$/i);
|
|
if (!match) return res.status(401).json({ error: "Missing token" });
|
|
try {
|
|
req.admin = jwt.verify(match[1], SECRET);
|
|
next();
|
|
} catch {
|
|
return res.status(401).json({ error: "Invalid or expired token" });
|
|
}
|
|
}
|