add athorization to all calls except auth
This commit is contained in:
Anika Raemer
parent
8fb48f7243
commit
5dd79374c1
5 changed files with 41 additions and 12 deletions
|
|
@ -1,9 +1,11 @@
|
|||
import { NextFunction, Request, Response } from "express";
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import * as dotenv from "dotenv";
|
||||
import jwt from "jsonwebtoken";
|
||||
import dotenv from "dotenv";
|
||||
import { authBasicRoute } from "../endpoints/AuthPoint.js";
|
||||
|
||||
dotenv.config();
|
||||
|
||||
//@todo this seems to be clumsy... We need some propper session handling as we'll have multiple users accessing the app
|
||||
declare global {
|
||||
namespace Express {
|
||||
interface Request {
|
||||
|
|
@ -12,11 +14,22 @@ declare global {
|
|||
}
|
||||
}
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET;
|
||||
|
||||
if (!JWT_SECRET) {
|
||||
throw new Error("JWT_SECRET not defined");
|
||||
}
|
||||
|
||||
export const authentication = (
|
||||
req: Request,
|
||||
res: Response,
|
||||
next: NextFunction
|
||||
) => {
|
||||
// allow unauthenticated access to auth routes
|
||||
if (req.path.startsWith(authBasicRoute)) {
|
||||
return next();
|
||||
}
|
||||
|
||||
const header = req.headers.authorization;
|
||||
if (!header) {
|
||||
return res.status(401).json({ message: "Unauthorized" });
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue