Matthias-Claudius-Schule/borrow-system
4
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

completed userDataMgmt

Browse Source
This commit is contained in:
Theis Gaedigk
2025-11-08 16:59:07 +01:00
parent 20d22d6ce4
commit 12277abb9e
7 changed files with 240 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
backendV2/services/authentication.js
View File

@@ -17,6 +17,29 @@ export async function generateToken(payload) {
.sign(secret);
}
export async function authenticateAdmin(req, res, next) {
const authHeader = req.headers["authorization"];
if (!authHeader) {
return res.status(401).json({ message: "Unauthorized" });
}
const [scheme, token] = authHeader.split(" ");
if (!/^Bearer$/i.test(scheme) || !token) {
return res.status(401).json({ message: "Unauthorized" });
}
try {
const payload = await verifyToken(token);
if (!payload?.admin) {
return res.status(403).json({ message: "Forbidden: admin only" });
}
req.user = payload;
return next();
} catch {
return res.status(403).json({ message: "Forbidden" });
}
}
export async function authenticate(req, res, next) {
const authHeader = req.headers["authorization"];
const apiKey = req.params.apiKey;