-
Notifications
You must be signed in to change notification settings - Fork 17
/
withProtect.js
50 lines (42 loc) · 1.17 KB
/
withProtect.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
import { promisify } from 'util';
import jwt from 'jsonwebtoken';
import User from '../models/userModel';
const withProtect = (handler) => {
return async (req, res) => {
// Get token and check if it exists
let token;
if (req.cookies && req.cookies.app_accessToken) {
token = req.cookies.app_accessToken;
}
if (!token) {
return res.status(401).json({
success: false,
message: 'Please log in to get access.',
});
}
try {
// Verify token
const decoded = await promisify(jwt.verify)(
token,
process.env.JWT_SECRET
);
// Check if user exists with refresh token
const currentUser = await User.findById(decoded.id);
if (!currentUser) {
return res.status(401).json({
success: false,
message: 'The user belonging to this token no longer exist.',
});
}
// Grant access to protected route
req.user = currentUser;
return handler(req, res);
} catch (error) {
return res.status(401).json({
success: false,
message: 'Please log in to get access.',
});
}
};
};
export default withProtect;