66 lines
2.2 KiB
JavaScript
66 lines
2.2 KiB
JavaScript
"use strict";
|
|
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
};
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.generateToken = generateToken;
|
|
exports.verifyToken = verifyToken;
|
|
exports.authenticateUser = authenticateUser;
|
|
exports.authMiddleware = authMiddleware;
|
|
exports.requireRole = requireRole;
|
|
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
|
|
const bcrypt_1 = __importDefault(require("bcrypt"));
|
|
const migrate_1 = require("../db/migrate");
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'change_this_in_production';
|
|
function generateToken(user) {
|
|
return jsonwebtoken_1.default.sign({ id: user.id, email: user.email, role: user.role }, JWT_SECRET, { expiresIn: '7d' });
|
|
}
|
|
function verifyToken(token) {
|
|
try {
|
|
return jsonwebtoken_1.default.verify(token, JWT_SECRET);
|
|
}
|
|
catch (error) {
|
|
return null;
|
|
}
|
|
}
|
|
async function authenticateUser(email, password) {
|
|
const result = await migrate_1.pool.query('SELECT id, email, password_hash, role FROM users WHERE email = $1', [email]);
|
|
if (result.rows.length === 0) {
|
|
return null;
|
|
}
|
|
const user = result.rows[0];
|
|
const isValid = await bcrypt_1.default.compare(password, user.password_hash);
|
|
if (!isValid) {
|
|
return null;
|
|
}
|
|
return {
|
|
id: user.id,
|
|
email: user.email,
|
|
role: user.role
|
|
};
|
|
}
|
|
function authMiddleware(req, res, next) {
|
|
const authHeader = req.headers.authorization;
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res.status(401).json({ error: 'No token provided' });
|
|
}
|
|
const token = authHeader.substring(7);
|
|
const user = verifyToken(token);
|
|
if (!user) {
|
|
return res.status(401).json({ error: 'Invalid token' });
|
|
}
|
|
req.user = user;
|
|
next();
|
|
}
|
|
function requireRole(...roles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: 'Not authenticated' });
|
|
}
|
|
if (!roles.includes(req.user.role)) {
|
|
return res.status(403).json({ error: 'Insufficient permissions' });
|
|
}
|
|
next();
|
|
};
|
|
}
|