51 lines
1.5 KiB
JavaScript
51 lines
1.5 KiB
JavaScript
import User from "../models/userModel.js";
|
|
import jwt from "jsonwebtoken";
|
|
import ErrorHander from "../utils/errorhander.js"
|
|
|
|
export const isAuthenticatedUser = async (req, res, next) => {
|
|
try {
|
|
const { token } = req.cookies;
|
|
//const getToken = req.headers;
|
|
// // console.log(getToken.authorization)
|
|
// console.log(token)
|
|
|
|
// //remove Bearer from token
|
|
// const token = getToken.authorization.slice(7);
|
|
// // console.log(token)
|
|
|
|
if (!token) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
message: "Login to Access this resource",
|
|
});
|
|
}
|
|
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
// console.log(decoded)
|
|
const user = await User.findById(decoded.id);
|
|
// console.log(user)
|
|
req.user = user;
|
|
// console.log(req.user)
|
|
|
|
next();
|
|
} catch (error) {
|
|
return res.status(400).json({
|
|
success: false,
|
|
message: error.message,
|
|
});
|
|
}
|
|
};
|
|
export const authorizeRoles = (...roles) => {//pass admin
|
|
return (req, res, next) => {
|
|
if (!roles.includes(req.user.role)) {
|
|
return next(
|
|
new ErrorHander(
|
|
`Role: ${req.user.role} is not allowed to access this resouce `,
|
|
403
|
|
)
|
|
);
|
|
}
|
|
|
|
next();
|
|
};
|
|
}; |