Spaces:
Running
Running
| import { JwtPayload, verify } from "jsonwebtoken"; | |
| import { Request } from "express"; | |
| import { Role } from "@common/enums/role.enum"; | |
| import { HttpError } from "@lib/error-handling/http-error"; | |
| import { config } from "@configs/config"; | |
| import { IJwtLoginPayload } from "@common/interfaces/jwt-payload.interface"; | |
| type AdminGuardMiddlewareProps = { | |
| roles?: Role[]; | |
| }; | |
| export const AdminGuardMiddleware = | |
| (props?: AdminGuardMiddlewareProps) => (req: Request, res, next) => { | |
| // get token from cookie | |
| const token = req.headers.authorization?.split(" ")[1]; | |
| let payload: IJwtLoginPayload; | |
| // validate token | |
| if (!token) { | |
| throw new HttpError(401, "Unauthorized"); | |
| } | |
| try { | |
| payload = verify(token, config.jwt.secret); | |
| } catch (err) { | |
| throw new HttpError(401, "Unauthorized"); | |
| } | |
| if (payload.type !== "admin") { | |
| throw new HttpError(401, "Unauthorized"); | |
| } | |
| // check roles | |
| if (props?.roles && props?.roles.length > 0) { | |
| if (!props.roles.includes(payload.role)) { | |
| throw new HttpError(401, "Unauthorized"); | |
| } | |
| } | |
| // inject payload in request | |
| (req as unknown as { jwtPayload: JwtPayload }).jwtPayload = payload; | |
| // go on | |
| next(); | |
| }; | |