feat: auth middleware

server/src/index.ts

@@ -18,8 +18,8 @@ app.get("/api/health", (req: Request, res: Response) => {
   res.json({ status: "OK" });
 });
 
-app.use('/api/transactions', transactionsRouter);
 app.use('/api/auth', authRouter);
+app.use('/api/transactions', transactionsRouter);
 
 const PORT: number = parseInt(process.env.FM_PORT as string) || 3000;
 

server/src/routes/auth.ts

@@ -1,7 +1,7 @@
 import express from 'express';
 import { logger } from '../util/logging';
 import User from '../model/user';
-import { getJWT, checkJWT } from '../util/auth';
+import { getJWT, requireAuth } from '../util/auth';
 
 const router = express.Router();
 
@@ -35,11 +35,8 @@ router.post('/logout', (req, res) => {
   res.json({ message: 'Logged out successfully' });
 });
 
-router.get('/status', async (req, res) => {
+router.get('/status',requireAuth , async (req, res) => {
-  if (await checkJWT(req)){
     return res.status(200).json({authenticated: true});
-  }
-  return res.status(401).json({authenticated: false});
 })
 
 export default router;

server/src/util/auth.ts

@@ -1,4 +1,4 @@
-import { Request } from "express"
+import { NextFunction, Request, Response } from "express";
 import User from "../model/user"
 import { importJWK, SignJWT, jwtVerify } from "jose";
 
@@ -9,16 +9,6 @@ async function setKeyFromEnv() {
     key = await importJWK(JSON.parse(process.env.FM_PRIVATE_KEY));
 }
 
-async function checkJWT(req: Request){
-    try {
-        let jwt= await jwtVerify(req.cookies.jwt, key);
-        const user = await User.findOne({where: { userID: jwt.payload.sub}});
-        return user
-    } catch (error) {
-        return null
-    }
-}
-
 async function getJWT(user: User){
     let jwt = await new SignJWT()
         .setSubject(user.userID)
@@ -28,4 +18,35 @@ async function getJWT(user: User){
 
     return jwt
 }
-export {getJWT, checkJWT, setKeyFromEnv}
+
+async function requireAuth(req: Request, res: Response, next: NextFunction) {
+  try {
+    const token = req.cookies.jwt; // Or req.headers.authorization
+    if (!token) {
+      return res.status(401).json({ error: 'Unauthorized: No token provided' });
+    }
+    const jwt= await jwtVerify(token, key);
+    const user = await User.findOne({where: { userID: jwt.payload.sub}});
+    if (!user) {
+      return res.status(401).json({ error: 'Unauthorized: User not found' });
+    }
+    res.locals.user = user;
+    next();
+  } catch (err) {
+    return res.status(401).json({ error: 'Unauthorized: Invalid token' });
+  }
+}
+
+function requireRole(role: string) {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    // First, run requireAuth to ensure the user is authenticated
+    await requireAuth(req, res, () => {
+      if (res.locals.role !== role) {
+        return res.status(403).json({ error: 'Forbidden: Insufficient permissions' });
+      }
+      next(); // User is authenticated and has the required role
+    });
+  };
+}
+
+export {getJWT, setKeyFromEnv, requireAuth}