61 lines
1.6 KiB
JavaScript
61 lines
1.6 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import models from "../models/index.js";
|
|
|
|
export const verifyLoginUser = async (req, res, next) => {
|
|
const { accessToken } = req.cookies;
|
|
|
|
if (!accessToken) {
|
|
return res
|
|
.status(401)
|
|
.json({ message: "Please log in to your account first!" });
|
|
}
|
|
|
|
try {
|
|
// Verifikasi token dan dapatkan payload yang didekode
|
|
const decoded = jwt.verify(accessToken, process.env.ACCESS_TOKEN_SECRET);
|
|
|
|
// Cari user berdasarkan id yang ada di token
|
|
const user = await models.User.findByPk(decoded.id);
|
|
|
|
if (!user) {
|
|
return res.status(404).json({ message: "User not found!" });
|
|
}
|
|
|
|
// Simpan informasi user di req.user untuk penggunaan selanjutnya
|
|
req.user = user;
|
|
|
|
// Lanjutkan ke route handler berikutnya
|
|
next();
|
|
} catch (error) {
|
|
if (error.name === "JsonWebTokenError") {
|
|
return res.status(403).json({ message: "Invalid token!" });
|
|
} else {
|
|
return res
|
|
.status(500)
|
|
.json({ message: "An error occurred on the server!" });
|
|
}
|
|
}
|
|
};
|
|
|
|
// Middleware untuk memverifikasi apakah pengguna adalah admin
|
|
export const adminOnly = (req, res, next) => {
|
|
if (!req.user || req.user.roles !== "admin") {
|
|
return res.status(403).json({
|
|
message:
|
|
"Access denied! You do not have admin access.",
|
|
});
|
|
}
|
|
next();
|
|
};
|
|
|
|
// Middleware untuk memverifikasi apakah pengguna adalah teacher
|
|
export const teacherOnly = (req, res, next) => {
|
|
if (!req.user || req.user.roles !== "teacher") {
|
|
return res.status(403).json({
|
|
message:
|
|
"Access denied! You do not have teacher access.",
|
|
});
|
|
}
|
|
next();
|
|
};
|