meb/OLD-server-architecture
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: reorganize auth routes by separating view and API endpoints. Added some layer security to the most private apis

Browse Source
This commit is contained in:
Giuseppe Raffa
2026-04-04 19:21:12 +02:00
parent 07673586c2
commit a07abbfeea
6 changed files with 265 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
auth/src/middlewares/user.security.js
View File

@@ -1,10 +1,21 @@
const jwt = require('../tools/jwt');
/**
* Middleware di autenticazione per utenti finali.
* Verifica il JWT dal cookie 'auth_token' o dall'header 'Authorization: Bearer <token>'.
*
* Se valido, inietta req.user con { user_id, username, session_id }.
*/
const userAuth = (req, res, next) => {
const token = (req.cookies && req.cookies.auth_token) || jwt.getToken(req.headers['authorization']);
if (!token) {
return res.status(401).json({ error: 'Accesso negato: Token utente mancante' });
if (!token || typeof token !== 'string') {
return res.status(401).json({ error: 'Accesso negato: token mancante' });
}
// Limite ragionevole sulla lunghezza del token per evitare abusi
if (token.length > 2048) {
return res.status(400).json({ error: 'Token non valido' });
}
const verified = jwt.verifyToken(token);