fix: verify token
This commit is contained in:
@@ -1,47 +1,57 @@
|
|||||||
const jwt = require("jsonwebtoken");
|
const JWTService = require('../utils/jwt');
|
||||||
const { ErrorHandler } = require("../helpers/error");
|
const { ErrorHandler } = require('../helpers/error');
|
||||||
|
|
||||||
const verifyToken = (req, res, next) => {
|
function setUser(req, decoded) {
|
||||||
const authHeader = req.header("Authorization");
|
req.user = {
|
||||||
// console.log("authHeader", authHeader)
|
userId: decoded.user_id,
|
||||||
|
fullname: decoded.user_fullname,
|
||||||
// Pastikan header Authorization ada dan berisi token
|
username: decoded.user_name,
|
||||||
if (!authHeader || !authHeader.startsWith("Bearer ")) {
|
email: decoded.user_email,
|
||||||
throw new ErrorHandler(401, "Token missing or invalid");
|
roleId: decoded.role_id,
|
||||||
|
roleName: decoded.role_name
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ambil token dari header Authorization
|
function verifyAccessToken(req, res, next) {
|
||||||
const token = authHeader.split(" ")[1];
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// const decoded = jwt.decode(token, { complete: true });
|
let token = req.cookies?.accessToken;
|
||||||
// console.log("decoded", decoded)
|
|
||||||
// console.log("==============================")
|
|
||||||
// console.log("token", token)
|
|
||||||
// console.log("process.env.SECRET", process.env.SECRET)
|
|
||||||
// // console.log("==============================> ", jwt.verify(token, process.env.SECRET))
|
|
||||||
// jwt.verify(token, process.env.SECRET, (err, decoded) => {
|
|
||||||
// if (err) {
|
|
||||||
// console.error('Error verifying token: ==============================>', err.message);
|
|
||||||
// } else {
|
|
||||||
// console.log('Decoded payload: ==============================>', decoded);
|
|
||||||
// }
|
|
||||||
// });
|
|
||||||
|
|
||||||
const verified = jwt.verify(token, process.env.SECRET);
|
if (!token) {
|
||||||
req.tokenExtract = verified;
|
const authHeader = req.headers.authorization;
|
||||||
// console.log(req.tokenExtract);
|
if (!authHeader || !authHeader.startsWith('Bearer')) {
|
||||||
|
throw new ErrorHandler(401, 'Access Token is required');
|
||||||
|
}
|
||||||
|
token = authHeader.split(' ')[1];
|
||||||
|
}
|
||||||
|
|
||||||
req.userID = req.tokenExtract.user_id
|
const decoded = JWTService.verifyToken(token);
|
||||||
req.tenantID = req.tokenExtract.tenant_id
|
setUser(req, decoded);
|
||||||
req.roleID = req.tokenExtract.role_id
|
|
||||||
req.body.userID = req.tokenExtract.user_id
|
|
||||||
req.body.tenantID = req.tokenExtract.tenant_id
|
|
||||||
req.query.tenantID = req.tokenExtract.tenant_id
|
|
||||||
next();
|
next();
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
throw new ErrorHandler(401, error.message || "Invalid Token");
|
if (error.name === 'TokenExpiredError' || error.name === 'JsonWebTokenError') {
|
||||||
|
return next(new ErrorHandler(401, error.message));
|
||||||
|
}
|
||||||
|
next(new ErrorHandler(500, 'Authenticate verification failed'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
|
||||||
|
|
||||||
module.exports = verifyToken;
|
function verifyRefreshToken(req, res, next) {
|
||||||
|
try {
|
||||||
|
const refreshToken = req.cookies?.refreshToken;
|
||||||
|
|
||||||
|
if (!refreshToken) {
|
||||||
|
throw new ErrorHandler(401, 'Refresh Token is required');
|
||||||
|
}
|
||||||
|
|
||||||
|
const decoded = JWTService.verifyRefreshToken(refreshToken);
|
||||||
|
setUser(req, decoded);
|
||||||
|
next();
|
||||||
|
} catch (error) {
|
||||||
|
next(new ErrorHandler(500, 'Refresh token verification failed'));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
module.exports = {
|
||||||
|
verifyAccessToken,
|
||||||
|
verifyRefreshToken,
|
||||||
|
};
|
||||||
Reference in New Issue
Block a user