initial commit
This commit is contained in:
root
@@ -0,0 +1,33 @@
|
||||
import { env } from '../config/env.js';
|
||||
import { verifyAccessToken } from '../services/token.service.js';
|
||||
|
||||
export async function authRequired(req, res, next) {
|
||||
try {
|
||||
let token = req.cookies?.[env.COOKIE_ACCESS_NAME];
|
||||
|
||||
// Если нет cookie — пробуем Authorization: Bearer <token>
|
||||
if (!token) {
|
||||
const auth = req.headers['authorization'];
|
||||
if (auth && auth.startsWith('Bearer ')) {
|
||||
token = auth.slice(7);
|
||||
}
|
||||
}
|
||||
|
||||
if (!token) {
|
||||
return res.status(401).json({ error: 'UNAUTHORIZED', message: 'Access token is missing' });
|
||||
}
|
||||
|
||||
const payload = await verifyAccessToken(token);
|
||||
|
||||
req.user = {
|
||||
id: payload.sub,
|
||||
role: payload.role,
|
||||
email: payload.email,
|
||||
sessionId: payload.sid,
|
||||
};
|
||||
|
||||
next();
|
||||
} catch (err) {
|
||||
return res.status(401).json({ error: 'UNAUTHORIZED', message: 'Invalid access token' });
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user