server/middleware/auth.js

const jwt = require('jsonwebtoken');
const { User } = require('../models');
const logger = require('../utils/logger');

const authenticate = async (req, res, next) => {
  try {
    const token = req.header('Authorization')?.replace('Bearer ', '');

    if (!token) {
      return res.status(401).json({
        success: false,
        error: 'Access denied. No token provided.'
      });
    }

    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    const user = await User.findByPk(decoded.userId);

    if (!user || !user.is_active) {
      return res.status(401).json({
        success: false,
        error: 'Invalid token or user not found'
      });
    }

    req.user = { userId: user.id, role: user.role };
    next();
  } catch (error) {
    if (error.name === 'JsonWebTokenError') {
      return res.status(401).json({
        success: false,
        error: 'Invalid token'
      });
    }
    if (error.name === 'TokenExpiredError') {
      return res.status(401).json({
        success: false,
        error: 'Token expired'
      });
    }
    
    logger.error('Authentication error:', error);
    res.status(500).json({
      success: false,
      error: 'Internal server error'
    });
  }
};

const authorize = (...roles) => {
  return (req, res, next) => {
    if (!req.user) {
      return res.status(401).json({
        success: false,
        error: 'Access denied. Authentication required.'
      });
    }

    if (!roles.includes(req.user.role)) {
      return res.status(403).json({
        success: false,
        error: 'Access denied. Insufficient permissions.'
      });
    }

    next();
  };
};

module.exports = {
  authenticate,
  authorize
};
first commit 2025-11-06 11:08:59 +01:00			`const jwt = require('jsonwebtoken');`
			`const { User } = require('../models');`
			`const logger = require('../utils/logger');`

			`const authenticate = async (req, res, next) => {`
			`try {`
			`const token = req.header('Authorization')?.replace('Bearer ', '');`

			`if (!token) {`
			`return res.status(401).json({`
			`success: false,`
			`error: 'Access denied. No token provided.'`
			`});`
			`}`

			`const decoded = jwt.verify(token, process.env.JWT_SECRET);`
			`const user = await User.findByPk(decoded.userId);`

			`if (!user \|\| !user.is_active) {`
			`return res.status(401).json({`
			`success: false,`
			`error: 'Invalid token or user not found'`
			`});`
			`}`

			`req.user = { userId: user.id, role: user.role };`
			`next();`
			`} catch (error) {`
			`if (error.name === 'JsonWebTokenError') {`
			`return res.status(401).json({`
			`success: false,`
			`error: 'Invalid token'`
			`});`
			`}`
			`if (error.name === 'TokenExpiredError') {`
			`return res.status(401).json({`
			`success: false,`
			`error: 'Token expired'`
			`});`
			`}`

			`logger.error('Authentication error:', error);`
			`res.status(500).json({`
			`success: false,`
			`error: 'Internal server error'`
			`});`
			`}`
			`};`

			`const authorize = (...roles) => {`
			`return (req, res, next) => {`
			`if (!req.user) {`
			`return res.status(401).json({`
			`success: false,`
			`error: 'Access denied. Authentication required.'`
			`});`
			`}`

			`if (!roles.includes(req.user.role)) {`
			`return res.status(403).json({`
			`success: false,`
			`error: 'Access denied. Insufficient permissions.'`
			`});`
			`}`

			`next();`
			`};`
			`};`

			`module.exports = {`
			`authenticate,`
			`authorize`
			`};`