@wennals/common/build/middleware/authorization.middleware.js

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.auth = void 0;
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const authentication_error_1 = require("../errors/authentication-error");
const restricted_access_1 = require("../errors/restricted-access");
const auth = (req, res, next) => {
    const accessToken = req.cookies['accessToken'];
    let token;
    try {
        token = jsonwebtoken_1.default.verify(accessToken, process.env.ACCESS_TOKEN_SECRET);
    }
    catch (e) {
        throw new authentication_error_1.AuthenticationError();
    }
    if (!token.isAdmin) {
        throw new restricted_access_1.RestrictedAccessError('Access Denied. You do not have permission to access the requested content.');
    }
    next();
};
exports.auth = auth;