forked from tdjsnelling/sqtracker
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.js
More file actions
38 lines (36 loc) · 982 Bytes
/
Copy pathauth.js
File metadata and controls
38 lines (36 loc) · 982 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import jwt from "jsonwebtoken";
import User from "../schema/user";
const auth = async (req, res, next) => {
if (req.headers.authorization) {
const token = req.headers.authorization.replace("Bearer ", "");
try {
const decoded = jwt.verify(token, process.env.SQ_JWT_SECRET);
if (decoded) {
const user = await User.findOne({ _id: decoded.id });
if (user) {
if (user.banned) {
res.status(403).send("User is banned");
return;
}
req.userId = user._id;
req.userRole = user.role;
next();
} else {
res.sendStatus(404);
}
} else {
res.sendStatus(500);
}
} catch (err) {
res.status(500).send(err);
}
} else if (
req.headers["x-sq-public-access"] === "true" &&
req.headers["x-sq-server-secret"] === process.env.SQ_SERVER_SECRET
) {
next();
} else {
res.sendStatus(401);
}
};
export default auth;