-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathauth.middleware.js
40 lines (30 loc) · 997 Bytes
/
auth.middleware.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
const { AuthTokens } = require("../models/index.js");
const verifyToken = async (req, res, next) => {
const authHeader = req.headers["authorization"];
if (!authHeader || !authHeader.startsWith("Bearer ")) {
return res.status(401).json({ error: "Unauthorized" });
}
const authToken = authHeader.split(" ")[1];
try {
const tokenRecord = await AuthTokens.findOne({ authToken });
if (!tokenRecord) {
return res.status(401).json({ error: "Unauthorized" });
}
req.tokenRecord = tokenRecord;
next();
} catch (err) {
res.status(500).json({ error: "Internal server error" });
}
};
const editProfile = async (req, res, next) => {
const { walletAddress } = req.body;
const { tokenRecord } = req;
if (tokenRecord.walletAddress !== walletAddress) {
return res.status(403).json({
error:
"Forbidden: You are not allowed to edit this account's information.",
});
}
next();
};
module.exports = { verifyToken, editProfile };