theis.gaedigk
b249c73aa4
Also restructured the project a bit - created a service folder for the database script and the token script.
29 lines
788 B
JavaScript
29 lines
788 B
JavaScript
import cookieParser from "cookie-parser";
|
|
import bodyParser from "body-parser";
|
|
import { SignJWT, jwtVerify } from "jose";
|
|
import env from "dotenv";
|
|
env.config();
|
|
const secret = new TextEncoder().encode(process.env.SECRET_KEY);
|
|
|
|
export async function generateToken(payload) {
|
|
return await new SignJWT(payload)
|
|
.setProtectedHeader({ alg: "HS256" })
|
|
.setIssuedAt()
|
|
.setExpirationTime("2h") // Token valid for 2 hours
|
|
.sign(secret);
|
|
}
|
|
|
|
export async function authenticate(req, res, next) {
|
|
const token = req.cookies.token;
|
|
|
|
if (!token) return res.status(401).send("No token provided");
|
|
|
|
try {
|
|
const { payload } = await jwtVerify(token, secret);
|
|
req.user = payload;
|
|
next();
|
|
} catch (e) {
|
|
return res.status(403).send("Invalid or expired token");
|
|
}
|
|
}
|