we have auth. now

2024-10-06 15:33:45 +03:00
parent 9b6b10327a
commit ee5aaa65e6
5 changed files with 189 additions and 135 deletions
--- a/middlewares/auth.middleware.js
+++ b/middlewares/auth.middleware.js
@@ -0,0 +1,40 @@
+const { AuthTokens } = require("../models/index.js");
+
+const verifyToken = async (req, res, next) => {
+  const authHeader = req.headers["authorization"];
+
+  if (!authHeader || !authHeader.startsWith("Bearer ")) {
+    return res.status(401).json({ error: "Unauthorized" });
+  }
+
+  const authToken = authHeader.split(" ")[1];
+
+  try {
+    const tokenRecord = await AuthTokens.findOne({ authToken });
+
+    if (!tokenRecord) {
+      return res.status(401).json({ error: "Unauthorized" });
+    }
+
+    req.tokenRecord = tokenRecord;
+    next();
+  } catch (err) {
+    res.status(500).json({ error: "Internal server error" });
+  }
+};
+
+const editProfile = async (req, res, next) => {
+  const { walletAddress } = req.body;
+  const { tokenRecord } = req;
+
+  if (tokenRecord.walletAddress !== walletAddress) {
+    return res.status(403).json({
+      error:
+        "Forbidden: You are not allowed to edit this account's information.",
+    });
+  }
+
+  next();
+};
+
+module.exports = { verifyToken, editProfile };