nbd-app
Version:
🚀 CLI tool to scaffold full-stack authentication starter projects with React, Node.js, and multiple auth providers (Email, Google, and more)
25 lines (24 loc) • 844 B
JavaScript
const jwt = require('jsonwebtoken');
const User = require('../models/User');
const config = require('../config');
/**
* Middleware to protect routes that require authentication.
* Verifies the JWT token from cookies and attaches the user to the request.
*/
exports.protect = async (req, res, next) => {
try {
const token = req.cookies[config.jwt.cookieName];
if (!token) {
return res.status(401).json({ success: false, message: 'Not authorized' });
}
const decoded = jwt.verify(token, process.env.JWT_SECRET);
const user = await User.findById(decoded.id).select('-password');
if (!user) {
return res.status(401).json({ success: false, message: 'Not authorized' });
}
req.user = user;
next();
} catch {
return res.status(401).json({ success: false, message: 'Not authorized' });
}
};