auth.js
Wed Sep 08 2021 15:44:41 GMT+0000 (Coordinated Universal Time)
Saved by
@devdave
// [1] IMPORT SECT.
// -
const jwt = require("jsonwebtoken");
// [=>] EXPORT middleware
module.exports = (req, res, next) => {
try {
// targets headers => authorization
// split and select [1]
// => [0] = [bearer] & [1] = [token]
const token = req.headers.authorization.split(" ")[1];
// verify token
const decodedToken = jwt.verify(token, process.env.SECRET_TOKEN);
// targets userId in decodedToken
const userId = decodedToken.userId;
if (req.body.userId && req.body.userId !== userId) {
throw "User ID non valable !";
} else {
// if all good => to next middleware !
next();
}
} catch (error) {
res.status(401).json({ error: error | "Requête non authentifiée !" });
}
};
content_copyCOPY
Comments