34 lines
1.1 KiB
JavaScript
34 lines
1.1 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import { JWT_SECRET } from "../lib/config.js";
|
|
import { getUserById } from "../lib/userService.js";
|
|
|
|
export async function requireAuth(req, res, next) {
|
|
const authHeader = req.headers.authorization || "";
|
|
const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : null;
|
|
if (!token) {
|
|
return res.status(401).json({ error: "Inloggen vereist." });
|
|
}
|
|
try {
|
|
const payload = jwt.verify(token, JWT_SECRET);
|
|
const user = await getUserById(payload.sub);
|
|
if (!user) {
|
|
return res.status(401).json({ error: "Gebruiker niet gevonden." });
|
|
}
|
|
req.user = user;
|
|
req.token = token;
|
|
next();
|
|
} catch (error) {
|
|
return res.status(401).json({ error: "Ongeldige of verlopen token." });
|
|
}
|
|
}
|
|
|
|
export function requireAdmin(req, res, next) {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: "Inloggen vereist." });
|
|
}
|
|
if (!req.user.isAdmin) {
|
|
return res.status(403).json({ error: "Administratorrechten vereist." });
|
|
}
|
|
next();
|
|
}
|