| const jwt = require('jsonwebtoken'); |
| const db = require('../config/db'); |
|
|
| async function requireAuth(req, res, next) { |
| const header = req.headers.authorization; |
| if (!header?.startsWith('Bearer ')) { |
| return res.status(401).json({ error: 'Authentication required' }); |
| } |
| try { |
| const payload = jwt.verify(header.slice(7), process.env.JWT_SECRET); |
|
|
| |
| const client = await db.queryOne( |
| 'SELECT id, is_active FROM clients WHERE id = ? LIMIT 1', |
| [payload.id] |
| ); |
| if (!client || !client.is_active) { |
| return res.status(401).json({ error: 'Account is inactive' }); |
| } |
|
|
| req.client = payload; |
| next(); |
| } catch { |
| return res.status(401).json({ error: 'Invalid or expired token' }); |
| } |
| } |
|
|
| function requireAdmin(req, res, next) { |
| const header = req.headers.authorization; |
| if (!header?.startsWith('Bearer ')) { |
| return res.status(401).json({ error: 'Admin authentication required' }); |
| } |
| const token = header.slice(7); |
| if (token === process.env.ADMIN_TOKEN) { |
| req.isAdmin = true; |
| return next(); |
| } |
| return res.status(401).json({ error: 'Invalid admin token' }); |
| } |
|
|
| function signToken(client) { |
| return jwt.sign( |
| { id: client.id, email: client.email, business_name: client.business_name }, |
| process.env.JWT_SECRET, |
| { expiresIn: '30d' } |
| ); |
| } |
|
|
| module.exports = { requireAuth, requireAdmin, signToken }; |
|
|
