| import { Request, Response, NextFunction } from 'express'; | |
| import jwt from 'jsonwebtoken'; | |
| // Default secret key - in production, use an environment variable | |
| const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-this'; | |
| // Middleware to authenticate JWT token | |
| export const auth = (req: Request, res: Response, next: NextFunction): void => { | |
| // Get token from header or query parameter | |
| const headerToken = req.header('x-auth-token'); | |
| const queryToken = req.query.token as string; | |
| const token = headerToken || queryToken; | |
| // Check if no token | |
| if (!token) { | |
| res.status(401).json({ success: false, message: 'No token, authorization denied' }); | |
| return; | |
| } | |
| // Verify token | |
| try { | |
| const decoded = jwt.verify(token, JWT_SECRET); | |
| // Add user from payload to request | |
| (req as any).user = (decoded as any).user; | |
| next(); | |
| } catch (error) { | |
| res.status(401).json({ success: false, message: 'Token is not valid' }); | |
| } | |
| }; |