24 lines
757 B
TypeScript
24 lines
757 B
TypeScript
import type { NextFunction, Request, Response } from "express";
|
|
import jwt from "jsonwebtoken";
|
|
|
|
export interface AuthenticatedRequest extends Request {
|
|
user?: { id: string; email: string; role?: string };
|
|
}
|
|
|
|
export function requireAuth(req: AuthenticatedRequest, res: Response, next: NextFunction) {
|
|
const auth = req.headers.authorization?.split(" ");
|
|
const token = auth?.[1];
|
|
|
|
if (!token) {
|
|
return res.status(401).json({ error: "Missing Authorization header" });
|
|
}
|
|
|
|
try {
|
|
const payload = jwt.verify(token, process.env.JWT_SECRET ?? "change-me") as { sub: string; email: string };
|
|
req.user = { id: payload.sub, email: payload.email };
|
|
next();
|
|
} catch (err) {
|
|
return res.status(401).json({ error: "Invalid token" });
|
|
}
|
|
}
|