41 lines
997 B
JavaScript
41 lines
997 B
JavaScript
const { AuthTokens } = require("../models/index.js");
|
|
|
|
const verifyToken = async (req, res, next) => {
|
|
const authHeader = req.headers["authorization"];
|
|
|
|
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
|
return res.status(401).json({ error: "Unauthorized" });
|
|
}
|
|
|
|
const authToken = authHeader.split(" ")[1];
|
|
|
|
try {
|
|
const tokenRecord = await AuthTokens.findOne({ authToken });
|
|
|
|
if (!tokenRecord) {
|
|
return res.status(401).json({ error: "Unauthorized" });
|
|
}
|
|
|
|
req.tokenRecord = tokenRecord;
|
|
next();
|
|
} catch (err) {
|
|
res.status(500).json({ error: "Internal server error" });
|
|
}
|
|
};
|
|
|
|
const editProfile = async (req, res, next) => {
|
|
const { walletAddress } = req.body;
|
|
const { tokenRecord } = req;
|
|
|
|
if (tokenRecord.walletAddress !== walletAddress) {
|
|
return res.status(403).json({
|
|
error:
|
|
"Forbidden: You are not allowed to edit this account's information.",
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
|
|
module.exports = { verifyToken, editProfile };
|