Authentication and Authorization
This commit is contained in:
Justin xzHome
35
api/src/middlewares/authMiddleware.ts
Normal file
35
api/src/middlewares/authMiddleware.ts
Normal file
@@ -0,0 +1,35 @@
|
||||
import { Request, Response, NextFunction } from 'express';
|
||||
import jwt from 'jsonwebtoken';
|
||||
|
||||
export function verifyToken(req: Request, res: Response, next: NextFunction) {
|
||||
const token = req.header('Authorization');
|
||||
|
||||
if (!token) {
|
||||
res.status(401).json({error: "Access denied"});
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
const decoded = jwt.verify(token, 'your-secret');
|
||||
if (typeof decoded !== 'object' || !decoded?.userId) {
|
||||
res.status(401).json({error: "Access denied"});
|
||||
return;
|
||||
}
|
||||
req.role = decoded.role;
|
||||
req.userId = decoded.userId;
|
||||
console.log(decoded);
|
||||
next();
|
||||
} catch (e) {
|
||||
res.status(401).json({error: "Access denied"});
|
||||
|
||||
}
|
||||
};
|
||||
|
||||
export function verifySeller(req: Request, res: Response, next: NextFunction) {
|
||||
const role = req.role;
|
||||
if (role !== 'seller') {
|
||||
res.status(401).json({error: "Access denied"});
|
||||
return;
|
||||
}
|
||||
next();
|
||||
};
|
||||
@@ -8,6 +8,7 @@ import { listProducts,
|
||||
import { validateData } from "../../middlewares/validationMiddleware";
|
||||
import { z, ZodObject, ZodTypeAny } from 'zod/v4';
|
||||
import { productsTable, createProductSchema, updateProductSchema } from "../../db/productsSchema";
|
||||
import { verifySeller, verifyToken } from "../../middlewares/authMiddleware";
|
||||
|
||||
|
||||
type ProductType = z.infer<typeof createProductSchema>;
|
||||
@@ -17,8 +18,8 @@ const router = Router();
|
||||
// products endpoints where validator can be added later
|
||||
router.get('/', listProducts);
|
||||
router.get('/:id', getProductById);
|
||||
router.post('/', validateData(createProductSchema), createProduct);
|
||||
router.put('/:id', validateData(updateProductSchema), updateProduct);
|
||||
router.delete('/:id', deleteProduct);
|
||||
router.post('/', verifyToken, verifySeller, validateData(createProductSchema), createProduct);
|
||||
router.put('/:id', verifyToken, verifySeller, validateData(updateProductSchema), updateProduct);
|
||||
router.delete('/:id', verifyToken, verifySeller, deleteProduct);
|
||||
|
||||
export default router;
|
||||
@@ -36,7 +36,7 @@ export async function getProductById(req: Request, res: Response) {
|
||||
|
||||
export async function createProduct(req: Request, res: Response) {
|
||||
try{
|
||||
|
||||
console.log("req.userID = " + req.userId);
|
||||
const productId = await db
|
||||
.insert(productsTable)
|
||||
.values(req.cleanBody)
|
||||
|
||||
3
api/src/type/express/index.d.ts
vendored
3
api/src/type/express/index.d.ts
vendored
@@ -5,7 +5,8 @@ declare global {
|
||||
namespace Express {
|
||||
export interface Request {
|
||||
userId?: Number;
|
||||
cleanBody?: any
|
||||
cleanBody?: any;
|
||||
role: string;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user