Spaces:
Runtime error
Runtime error
| const jwt = require('jsonwebtoken'); | |
| const env = require('../config/env'); | |
| function authenticate(req, res, next) { | |
| const authHeader = req.headers.authorization || ''; | |
| const [scheme, token] = authHeader.split(' '); | |
| if (scheme !== 'Bearer' || !token) { | |
| return res.status(401).json({ message: 'Unauthorized' }); | |
| } | |
| try { | |
| const payload = jwt.verify(token, env.jwtSecret); | |
| req.user = payload; | |
| return next(); | |
| } catch (_err) { | |
| return res.status(401).json({ message: 'Invalid or expired token' }); | |
| } | |
| } | |
| function authorize(...roles) { | |
| return (req, res, next) => { | |
| if (!req.user || !roles.includes(req.user.role)) { | |
| return res.status(403).json({ message: 'Forbidden' }); | |
| } | |
| return next(); | |
| }; | |
| } | |
| module.exports = { authenticate, authorize }; | |