| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- import User from "./models/User.js";
- import {HttpError, catchError} from "./HttpError.js";
- import jwt from "jsonwebtoken";
- const userAuth = async (req, res, next)=>{
- try{
- const userData = jwt.verify(req.signedCookies.userToken, process.env.JWT_SECRET);
-
- const user = await User.findOne({_id: userData.id});
- if(!user || user.uuid !== userData.token){
- throw new HttpError(401, "Unauthorized");
- }
- res.locals.user = user;
- next();
- }catch(e){
- if(e.message === "Cannot read properties of undefined (reading 'split')"){
- const error = new HttpError(400, "Must provide authorization token");
- catchError(error, req, res, next);
- return;
- }
- if(e.message === "jwt malformed"){
- const error = new HttpError(400, "Invalid JWT");
- catchError(error, req, res, next);
- return;
- }
- if(e.message === "jwt must be provided"){
- const error = new HttpError(400, "No auth");
- catchError(error, req, res, next);
- return;
- }
- catchError(e, req, res, next);
- }
- }
- export {userAuth}
|