36 lines
1.1 KiB
JavaScript
36 lines
1.1 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import dotenv from "dotenv";
|
|
|
|
dotenv.config();
|
|
|
|
const secret = process.env.SECRET_KEY;
|
|
|
|
const auth = async (req, res, next) => {
|
|
try {
|
|
// Check if the authorization header exists
|
|
if (!req.headers.authorization) {
|
|
return res.status(401).json({ message: "Authorization header missing" });
|
|
}
|
|
|
|
const token = req.headers.authorization.split(" ")[1]; // Extract the token from 'Bearer <token>'
|
|
const isCustomAuth = token.length < 500; // Check if it's a custom JWT or a third-party auth
|
|
|
|
let decodedData;
|
|
|
|
if (token && isCustomAuth) {
|
|
decodedData = jwt.verify(token, secret); // Verify the custom JWT
|
|
req.userId = decodedData?.id; // Set the user ID to request object
|
|
} else {
|
|
decodedData = jwt.decode(token); // Decode third-party tokens (e.g., Google OAuth)
|
|
req.userId = decodedData?.sub; // Usually for third-party tokens, user ID is in `sub`
|
|
}
|
|
|
|
next(); // Continue to the next middleware or route handler
|
|
} catch (error) {
|
|
console.log(error);
|
|
res.status(403).json({ message: "Authentication failed" });
|
|
}
|
|
};
|
|
|
|
export default auth;
|