Login, delete user

author: Rory& <root@rory.gay> 2025-06-01 08:30:09 +0200
committer: Rory& <root@rory.gay> 2025-06-01 08:30:09 +0200
commit: 9c90f22c5c68e2320054b99c7e69677f7e778f6b (patch)
tree: 525fd42a7e398bacddd6b878b3c1ca7435b35393 /src/api/middlewares/authMiddleware.js
parent: Register works, part of login and auth middleware (diff)
download: nodejs-final-assignment-9c90f22c5c68e2320054b99c7e69677f7e778f6b.tar.xz
1 files changed, 7 insertions, 4 deletions
diff --git a/src/api/middlewares/authMiddleware.js b/src/api/middlewares/authMiddleware.js
index 4cdbb51..a1ba498 100644
--- a/src/api/middlewares/authMiddleware.js
+++ b/src/api/middlewares/authMiddleware.js
@@ -7,16 +7,19 @@ import { DbUser } from '#db/schemas/index.js';
  */
 export function validateAuth(options) {
     return async function (req, res, next) {
-        var auth = validateJwtToken(req.headers.authorization);
+        const auth = (req.auth = validateJwtToken(req.headers.authorization));
         if (!auth) {
             res.status(401).send('Unauthorized');
             return;
         }
 
-        req.user = await DbUser.findById(auth.id).exec();
+        const user = (req.user = await DbUser.findById(auth.id).exec());
 
-        req.auth = auth;
-        req = next();
+        if (options.roles && !options.roles.includes(user.type)) {
+            return;
+        }
+
+        next();
     };
 }
author	Rory& <root@rory.gay>	2025-06-01 08:30:09 +0200
committer	Rory& <root@rory.gay>	2025-06-01 08:30:09 +0200
commit	9c90f22c5c68e2320054b99c7e69677f7e778f6b (patch)
tree	525fd42a7e398bacddd6b878b3c1ca7435b35393 /src/api/middlewares/authMiddleware.js
parent	Register works, part of login and auth middleware (diff)
download	nodejs-final-assignment-9c90f22c5c68e2320054b99c7e69677f7e778f6b.tar.xz