Merge remote-tracking branch 'origin/main' into backend_complete

2025-09-21 03:49:22 +02:00
parent c9813a7ff4 f216435dd0
commit cf157643d7
1039 changed files with 80635 additions and 19 deletions
@@ -1,5 +1,6 @@
 import { Request, Response, NextFunction } from 'express';
 import { JWTService } from './JWTService';
+<<<<<<< HEAD
 import { RedisService } from './RedisService';
 import { logAuth, logWarning } from './Logger';

@@ -143,4 +144,60 @@ export async function adminRequired(req: Request, res: Response, next: NextFunct
        logWarning('Admin authentication middleware error', { error: (error as Error).message }, req);
        return res.status(500).json({ error: 'Internal server error' });
    }
+=======
+import { logAuth, logWarning } from './Logger';
+
+export const jwtService = new JWTService();
+
+export function authRequired(req: Request, res: Response, next: NextFunction) {
+    const payload = jwtService.verify(req);
+    if (!payload) {
+        logAuth('Authentication failed - No valid token', undefined, {
+            ip: req.ip,
+            userAgent: req.get ? req.get('User-Agent') : 'unknown',
+            path: req.path
+        }, req);
+        return res.status(401).json({ error: 'Unauthorized' });
+    }
+    
+    logAuth('Authentication successful', payload.userId, {
+        authLevel: payload.authLevel,
+        orgId: payload.orgId
+    }, req);
+    
+    const refreshed = jwtService.refreshIfNeeded(payload, res);
+    if (refreshed) {
+        logAuth('Token refreshed', payload.userId, undefined, req);
+    }
+    
+    (req as any).user = payload;
+    next();
+}
+
+export function adminRequired(req: Request, res: Response, next: NextFunction) {
+    const payload = jwtService.verify(req);
+    if (!payload || payload.authLevel !== 1) {
+        logWarning('Admin access denied', {
+            hasPayload: !!payload,
+            authLevel: payload?.authLevel,
+            userId: payload?.userId,
+            ip: req.ip,
+            path: req.path
+        }, req);
+        return res.status(403).json({ error: 'Forbidden' });
+    }
+    
+    logAuth('Admin authentication successful', payload.userId, {
+        authLevel: payload.authLevel,
+        orgId: payload.orgId
+    }, req);
+    
+    const refreshed = jwtService.refreshIfNeeded(payload, res);
+    if (refreshed) {
+        logAuth('Admin token refreshed', payload.userId, undefined, req);
+    }
+    
+    (req as any).user = payload;
+    next();
+>>>>>>> origin/main
 }