53 lines
1.9 KiB
JavaScript
53 lines
1.9 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.jwtService = void 0;
|
|
exports.authRequired = authRequired;
|
|
exports.adminRequired = adminRequired;
|
|
const JWTService_1 = require("./JWTService");
|
|
const Logger_1 = require("./Logger");
|
|
exports.jwtService = new JWTService_1.JWTService();
|
|
function authRequired(req, res, next) {
|
|
const payload = exports.jwtService.verify(req);
|
|
if (!payload) {
|
|
(0, Logger_1.logAuth)('Authentication failed - No valid token', undefined, {
|
|
ip: req.ip,
|
|
userAgent: req.get ? req.get('User-Agent') : 'unknown',
|
|
path: req.path
|
|
}, req);
|
|
return res.status(401).json({ error: 'Unauthorized' });
|
|
}
|
|
(0, Logger_1.logAuth)('Authentication successful', payload.userId, {
|
|
authLevel: payload.authLevel,
|
|
orgId: payload.orgId
|
|
}, req);
|
|
const refreshed = exports.jwtService.refreshIfNeeded(payload, res);
|
|
if (refreshed) {
|
|
(0, Logger_1.logAuth)('Token refreshed', payload.userId, undefined, req);
|
|
}
|
|
req.user = payload;
|
|
next();
|
|
}
|
|
function adminRequired(req, res, next) {
|
|
const payload = exports.jwtService.verify(req);
|
|
if (!payload || payload.authLevel !== 1) {
|
|
(0, Logger_1.logWarning)('Admin access denied', {
|
|
hasPayload: !!payload,
|
|
authLevel: payload?.authLevel,
|
|
userId: payload?.userId,
|
|
ip: req.ip,
|
|
path: req.path
|
|
}, req);
|
|
return res.status(403).json({ error: 'Forbidden' });
|
|
}
|
|
(0, Logger_1.logAuth)('Admin authentication successful', payload.userId, {
|
|
authLevel: payload.authLevel,
|
|
orgId: payload.orgId
|
|
}, req);
|
|
const refreshed = exports.jwtService.refreshIfNeeded(payload, res);
|
|
if (refreshed) {
|
|
(0, Logger_1.logAuth)('Admin token refreshed', payload.userId, undefined, req);
|
|
}
|
|
req.user = payload;
|
|
next();
|
|
}
|
|
//# sourceMappingURL=AuthMiddleware.js.map
|