26 lines
648 B
JavaScript
26 lines
648 B
JavaScript
const { verifyToken } = require('../util/jwt');
|
|
const { logger } = require('../util/logger');
|
|
|
|
function auth(req, res, next) {
|
|
const authHeader = req.headers.authorization;
|
|
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res
|
|
.status(401)
|
|
.json({ error: 'missing or malformed authorization header' });
|
|
}
|
|
|
|
const token = authHeader.split(' ')[1];
|
|
|
|
try {
|
|
const payload = verifyToken(token);
|
|
req.user = payload.customerNo;
|
|
next();
|
|
} catch (err) {
|
|
logger.error(err, 'error verifying token');
|
|
return res.status(401).json({ error: 'invalid or expired token' });
|
|
}
|
|
}
|
|
|
|
module.exports = auth;
|