32 lines
765 B
JavaScript
32 lines
765 B
JavaScript
var { verify } = require("jsonwebtoken");
|
|
|
|
function isAuthorized(req, res, next) {
|
|
if (!req.headers.authorization)
|
|
return res.status(401).end();
|
|
|
|
if (req.headers.authorization.split(" ")[0] !== "Bearer")
|
|
return res.status(403).end();
|
|
|
|
if (!verify(req.headers.authorization.split(" ")[1], process.env.JWT_SECRET))
|
|
return res.status(403).end();
|
|
|
|
next();
|
|
}
|
|
|
|
function isRelevantUser(req, res, next) {
|
|
let reqId = req.params.id;
|
|
let token = req.headers.authorization.split(" ")[1];
|
|
let decodedToken = verify(token, process.env.JWT_SECRET);
|
|
|
|
if (decodedToken.data.id !== parseInt(reqId)) return res.status(403).end();
|
|
|
|
if (decodedToken.data.exp < Date.now()) return res.status(403).end();
|
|
|
|
next();
|
|
}
|
|
|
|
module.exports = {
|
|
isAuthorized,
|
|
isRelevantUser
|
|
};
|