32 lines
933 B
TypeScript
32 lines
933 B
TypeScript
import type { Response, NextFunction } from "express";
|
|
import jwt from "jsonwebtoken";
|
|
import type { AppRequest, AuthPayload } from "../types/context.js";
|
|
|
|
export function requireAuth(req: AppRequest, res: Response, next: NextFunction): void {
|
|
const token = req.cookies?.token as string | undefined;
|
|
|
|
if (!token) {
|
|
res.status(401).json({ message: "Non authentifié." });
|
|
return;
|
|
}
|
|
|
|
try {
|
|
const secret = process.env.JWT_SECRET as string;
|
|
const payload = jwt.verify(token, secret) as AuthPayload;
|
|
req.user = payload;
|
|
next();
|
|
} catch {
|
|
res.status(401).json({ message: "Token invalide ou expiré." });
|
|
}
|
|
}
|
|
|
|
export function requireRole(...roles: AuthPayload["role"][]) {
|
|
return (req: AppRequest, res: Response, next: NextFunction): void => {
|
|
if (!req.user || !roles.includes(req.user.role)) {
|
|
res.status(403).json({ message: "Accès refusé." });
|
|
return;
|
|
}
|
|
next();
|
|
};
|
|
}
|