Add JWT auth middleware
This commit is contained in:
@@ -0,0 +1,29 @@
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
const SECRET = process.env.JWT_SECRET || 'change-me-to-a-long-random-string';
|
||||
const EXPIRY = '8h';
|
||||
|
||||
export function signToken(user) {
|
||||
return jwt.sign({ id: user.id, username: user.username, role: user.role }, SECRET, {
|
||||
expiresIn: EXPIRY,
|
||||
});
|
||||
}
|
||||
|
||||
export function verifyToken(token) {
|
||||
try {
|
||||
return jwt.verify(token, SECRET);
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// Accepts token from Authorization: Bearer <t> or the `nn_token` cookie.
|
||||
export function requireAuth(req, res, next) {
|
||||
const header = req.get('authorization') || '';
|
||||
const bearer = header.startsWith('Bearer ') ? header.slice(7) : null;
|
||||
const token = bearer || req.cookies?.nn_token;
|
||||
const payload = token && verifyToken(token);
|
||||
if (!payload) return res.status(401).json({ error: 'unauthorized' });
|
||||
req.user = payload;
|
||||
next();
|
||||
}
|
||||
Reference in New Issue
Block a user