Crowmate/Nest
Archived
7
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature : Connect front to backend #1

Merged
BoxOfPandor merged 25 commits from feat/connect-front-to-backend into main 2026-03-19 14:56:19 +01:00
Conversation 1 Commits 25 Files Changed 34 +17 -2
1 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit e7d1cda356 - Show all commits

19
nest-backend/src/middleware/auth.ts
View File

@@ -1,5 +1,6 @@
import { Request, Response, NextFunction } from 'express'; import { Request, Response, NextFunction } from 'express';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import prisma from '../lib/prisma.js';
export interface JwtPayload { export interface JwtPayload {
userId: string; userId: string;
@@ -15,7 +16,7 @@ declare global {
} }
} }
export function authenticate(req: Request, res: Response, next: NextFunction): void { export async function authenticate(req: Request, res: Response, next: NextFunction): Promise<void> {
const header = req.headers.authorization; const header = req.headers.authorization;
if (!header?.startsWith('Bearer ')) { if (!header?.startsWith('Bearer ')) {
res.status(401).json({ error: 'Missing or invalid Authorization header' }); res.status(401).json({ error: 'Missing or invalid Authorization header' });
@@ -25,7 +26,21 @@ export function authenticate(req: Request, res: Response, next: NextFunction): v
const token = header.slice(7); const token = header.slice(7);
try { try {
const payload = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload; const payload = jwt.verify(token, process.env.JWT_SECRET!) as JwtPayload;
req.user = payload; const user = await prisma.user.findUnique({
where: { id: payload.userId },
select: { id: true, role: true, isAdmin: true, isBanned: true },
});
if (!user || user.isBanned) {
res.status(401).json({ error: 'Token user no longer exists or is banned. Please login again.' });
return;
}
req.user = {
userId: user.id,
role: user.role,
isAdmin: user.isAdmin,
};
next(); next();
} catch { } catch {
res.status(401).json({ error: 'Token expired or invalid' }); res.status(401).json({ error: 'Token expired or invalid' });