UNPKG

get-express-starter

Version:

Get production ready express boilerplate with a single command

51 lines (41 loc) 1.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
import { env } from '@/config'; import { tokenTypes } from '@/config/tokens'; import { userService } from '@/services'; import type { AppJwtPayload, AuthedReq } from '@/types'; import { ApiError } from '@/utils/api-error'; import type { NextFunction, Request, Response } from 'express'; import httpStatus from 'http-status'; import jwt from 'jsonwebtoken'; /** * Middleware to authenticate a JWT token and attach the user to the request object. */ const authenticateToken = async (req: Request): Promise<void> => { const authHeader = req.headers.authorization; const token = authHeader?.split(' ')[1]; if (!token) { throw new ApiError(httpStatus.UNAUTHORIZED, 'No token provided'); } let decoded: AppJwtPayload; try { decoded = jwt.verify(token, env.jwt.secret) as AppJwtPayload; } catch { throw new ApiError(httpStatus.UNAUTHORIZED, 'Invalid or expired token'); } if (decoded.type !== tokenTypes.ACCESS) { throw new ApiError(httpStatus.UNAUTHORIZED, 'Invalid token type'); } const user = await userService.getUserById(decoded.sub); (req as AuthedReq).user = user; }; /** * Authorization middleware that checks if the authenticated user has the required role. */ const auth = (requiredRoles?: string[]) => async (req: Request, _res: Response, next: NextFunction) => { await authenticateToken(req); const { role } = (req as AuthedReq).user; if (requiredRoles?.length && !requiredRoles.includes(role)) { throw new ApiError(httpStatus.FORBIDDEN, 'Access denied'); } next(); }; export default auth;