xigmaz/FullstackEcommerce
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Authentication and Authorization

Browse Source
This commit is contained in:
Justin xzHome
2025-07-14 23:17:49 +09:00
parent 346e79622d
commit ba998eb401
4 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
api/src/middlewares/authMiddleware.ts Normal file
View File

@@ -0,0 +1,35 @@
import { Request, Response, NextFunction } from 'express';
import jwt from 'jsonwebtoken';
export function verifyToken(req: Request, res: Response, next: NextFunction) {
const token = req.header('Authorization');
if (!token) {
res.status(401).json({error: "Access denied"});
return;
}
try {
const decoded = jwt.verify(token, 'your-secret');
if (typeof decoded !== 'object' || !decoded?.userId) {
res.status(401).json({error: "Access denied"});
return;
}
req.role = decoded.role;
req.userId = decoded.userId;
console.log(decoded);
next();
} catch (e) {
res.status(401).json({error: "Access denied"});
}
};
export function verifySeller(req: Request, res: Response, next: NextFunction) {
const role = req.role;
if (role !== 'seller') {
res.status(401).json({error: "Access denied"});
return;
}
next();
};

7
api/src/routes/products/index.ts
View File

@@ -8,6 +8,7 @@ import { listProducts,
import { validateData } from "../../middlewares/validationMiddleware"; import { validateData } from "../../middlewares/validationMiddleware";
import { z, ZodObject, ZodTypeAny } from 'zod/v4'; import { z, ZodObject, ZodTypeAny } from 'zod/v4';
import { productsTable, createProductSchema, updateProductSchema } from "../../db/productsSchema"; import { productsTable, createProductSchema, updateProductSchema } from "../../db/productsSchema";
import { verifySeller, verifyToken } from "../../middlewares/authMiddleware";
type ProductType = z.infer<typeof createProductSchema>; type ProductType = z.infer<typeof createProductSchema>;
@@ -17,8 +18,8 @@ const router = Router();
// products endpoints where validator can be added later // products endpoints where validator can be added later
router.get('/', listProducts); router.get('/', listProducts);
router.get('/:id', getProductById); router.get('/:id', getProductById);
router.post('/', validateData(createProductSchema), createProduct); router.post('/', verifyToken, verifySeller, validateData(createProductSchema), createProduct);
router.put('/:id', validateData(updateProductSchema), updateProduct); router.put('/:id', verifyToken, verifySeller, validateData(updateProductSchema), updateProduct);
router.delete('/:id', deleteProduct); router.delete('/:id', verifyToken, verifySeller, deleteProduct);
export default router; export default router;

2
api/src/routes/products/productsController.ts
View File

@@ -36,7 +36,7 @@ export async function getProductById(req: Request, res: Response) {
export async function createProduct(req: Request, res: Response) { export async function createProduct(req: Request, res: Response) {
try{ try{
console.log("req.userID = " + req.userId);
const productId = await db const productId = await db
.insert(productsTable) .insert(productsTable)
.values(req.cleanBody) .values(req.cleanBody)

3
api/src/type/express/index.d.ts vendored
View File

@@ -5,7 +5,8 @@ declare global {
namespace Express { namespace Express {
export interface Request { export interface Request {
userId?: Number; userId?: Number;
cleanBody?: any cleanBody?: any;
role: string;
} }
} }
} }