This commit is contained in:
2026-06-03 13:58:12 -05:00
commit 2f13b8c590
54 changed files with 5136 additions and 0 deletions

49
server/middleware/auth.js Normal file
View File

@@ -0,0 +1,49 @@
const jwt = require('jsonwebtoken');
const { one } = require('../db');
const JWT_SECRET = process.env.MIXEDASSETS_JWT_SECRET || 'mixedassets-local-development-secret';
function publicUser(user) {
if (!user) return null;
return {
id: user.id,
name: user.name,
email: user.email,
role: user.role,
teamId: user.team_id
};
}
function tokenFor(user) {
return jwt.sign({ sub: user.id, role: user.role, teamId: user.team_id }, JWT_SECRET, { expiresIn: '12h' });
}
function requireAuth(req, res, next) {
const header = req.headers.authorization || '';
const [, token] = header.split(' ');
if (!token) return res.status(401).json({ error: 'Authentication required' });
try {
const payload = jwt.verify(token, JWT_SECRET);
const user = one('SELECT * FROM users WHERE id = ? AND status = ?', [payload.sub, 'active']);
if (!user) return res.status(401).json({ error: 'User is inactive or missing' });
req.user = user;
return next();
} catch {
return res.status(401).json({ error: 'Invalid or expired token' });
}
}
function requireRole(...roles) {
return (req, res, next) => {
if (!roles.includes(req.user.role)) return res.status(403).json({ error: 'Insufficient access' });
return next();
};
}
module.exports = {
publicUser,
requireAuth,
requireRole,
tokenFor
};