Michelle
3556aaede7
All checks were successful
Build & Push Docker Image / build (push) Successful in 6m14s
55 lines
1.7 KiB
JavaScript
55 lines
1.7 KiB
JavaScript
import jwt from 'jsonwebtoken';
|
|
import { v4 as uuidv4 } from 'uuid';
|
|
import { getDb } from '../config/database.js';
|
|
import redis from '../config/redis.js';
|
|
|
|
const JWT_SECRET = process.env.JWT_SECRET || 'fallback-secret-change-me';
|
|
|
|
export async function authenticateToken(req, res, next) {
|
|
const authHeader = req.headers.authorization;
|
|
const token = authHeader && authHeader.split(' ')[1];
|
|
|
|
if (!token) {
|
|
return res.status(401).json({ error: 'Authentication required' });
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, JWT_SECRET);
|
|
|
|
// Check JWT blacklist in DragonflyDB (revoked tokens via logout)
|
|
if (decoded.jti) {
|
|
try {
|
|
const revoked = await redis.get(`blacklist:${decoded.jti}`);
|
|
if (revoked) {
|
|
return res.status(401).json({ error: 'Token has been revoked' });
|
|
}
|
|
} catch (redisErr) {
|
|
// Graceful degradation: if Redis is unavailable, allow the request
|
|
console.warn('Redis blacklist check skipped:', redisErr.message);
|
|
}
|
|
}
|
|
|
|
const db = getDb();
|
|
const user = await db.get('SELECT id, name, display_name, email, role, theme, language, avatar_color, avatar_image, email_verified FROM users WHERE id = ?', [decoded.userId]);
|
|
if (!user) {
|
|
return res.status(401).json({ error: 'User not found' });
|
|
}
|
|
req.user = user;
|
|
next();
|
|
} catch (err) {
|
|
return res.status(403).json({ error: 'Invalid token' });
|
|
}
|
|
}
|
|
|
|
export function requireAdmin(req, res, next) {
|
|
if (req.user.role !== 'admin') {
|
|
return res.status(403).json({ error: 'Admin rights required' });
|
|
}
|
|
next();
|
|
}
|
|
|
|
export function generateToken(userId) {
|
|
const jti = uuidv4();
|
|
return jwt.sign({ userId, jti }, JWT_SECRET, { expiresIn: '7d' });
|
|
}
|