Initial commit

2025-08-19 09:55:57 -04:00
commit dae1a31b4c
69 changed files with 8243 additions and 0 deletions
--- a/server/middleware/AuthHandler.js
+++ b/server/middleware/AuthHandler.js
@ -0,0 +1,65 @@
+import jwt from "jsonwebtoken";
+/** @typedef {import("@types/express").Request} Request */
+/** @typedef {import("@types/express").Response} Response */
+/** @typedef {import("@types/express").NextFunction} NextFunction */
+
+export default {
+    /**
+     * Express middleware to verify JWT and check for the admin role.
+     * @param {Request} req
+     * @param {Response} res
+     * @param {NextFunction} next
+     * @returns {Promise<e.Response<any, Record<string, any>> | void>}
+     */
+    authenticateAdmin: async (req, res, next) => {
+        const token = req.headers.authorization;
+
+        if (!token) return res.status(401).send({data: null, error: "Token missing"});
+        try {
+            const payload = await new Promise((resolve, reject) => {
+                jwt.verify(token, process.env.JWT_SECRET || "super-secret-key", (err, decoded) => {
+                    if (err) return reject(err);
+                    return resolve(decoded);
+                });
+            });
+            // Check if payload has id and role and if the role is admin
+            if (!payload || !payload.id || !payload.role) return res.status(401).json({data: null, error: "Invalid token"});
+            if (payload.role !== "admin") return res.status(403).json({data: null, error: "admins only"});
+            next();
+        } catch (err) {
+            if (err instanceof Error && err.message === 'jwt expired') return res.status(401).json({data: null, message: "Token expired", error: err});
+            res.status(401).json({data: null, message: "Invalid token", error: err});
+        }
+    },
+    /**
+     * Express middleware to verify JWT and check for the user role.
+     * @param {Request} req
+     * @param {Response} res
+     * @param {NextFunction} next
+     * @returns {Promise<e.Response<any, Record<string, any>> | void>}
+     */
+    authenticateUser: async (req, res, next) => {
+        const token = req.headers.authorization;
+
+        if (!token) {
+            return res.status(401).send({data: null, error: "Token missing"});
+        }
+        try {
+            const payload = jwt.verify(token, process.env.JWT_SECRET || "super-secret-key");
+            // Check if payload has id and role
+            if (!payload || !payload.id || !payload.role) {
+                return res.status(401).json({data: null, error: "Invalid token"});
+            }
+            // check if the user id matches the id in the token
+            else if (payload.role !== "admin" && req.params.id && req.params.id !== payload.id.toString()) {
+                return res.status(403).json({data: null, error: "Forbidden"});
+            }
+            next();
+        } catch (err) {
+            if (err instanceof Error && err.message === 'jwt expired') {
+                return res.status(401).json({data: null, message: "Token expired", error: err});
+            }
+            res.status(401).json({data: null, message: "Invalid token", error: err});
+        }
+    }
+}