UNPKG

phantomauth

Version:

An authentication library with built-in security features, designed for fast and boilerplate-free backend development. Ideal for quickly building MVPs with a reasonable level of security. Not intended for high-risk or enterprise level use.

27 lines (26 loc) 961 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import { User } from "../models/v1/users.model.js"; import jwt from 'jsonwebtoken'; import bcrypt from 'bcrypt'; import { response } from "../utils/response.js"; export const verifyToken = async (req, res, next) => { const token = req?.cookies?.token; if(!token) return response('Missing token', 400, res); try { const decoded = jwt.verify(token, process.env.JWT_SECRET); const user = await User.findOne({ _id: decoded.userId }); if (!user) return response('Invalid token', 400, res); const isValid = process.env.NODE_ENV === 'test' ? token === user.token : await bcrypt.compare(token, user.token); if (!isValid) return response('Invalid token', 400, res); req.userId = decoded.userId; next(); } catch (err) { if(err.name === 'TokenExpiredError') return response('Expired token', 400, res); return response('Token verification failed', 400, res); } };