35 lines
962 B
JavaScript
35 lines
962 B
JavaScript
import { verify } from "../core/jwt";
|
|
import { query } from "../data/db";
|
|
import { redis } from '../data/redis';
|
|
|
|
const cookieName = process.env.COOKIE_NAME;
|
|
|
|
export async function requireUserAuth(req, res, next) {
|
|
const token = req.cookies?.[cookieName];
|
|
if (!token) return res.status(401).json({ message: 'No token' });
|
|
|
|
let payload;
|
|
try {
|
|
payload = await verify(token);
|
|
} catch (error) {
|
|
return res.status(401).json({ message: 'Invalid token' });
|
|
}
|
|
|
|
// Session
|
|
const { rows } = await query(
|
|
'select id, user_id, expires_at from sessions where id = $1',
|
|
[payload.sessionId]
|
|
);
|
|
if (!rows[0]) return res.status(401).json({ message: 'Invalid session' });
|
|
|
|
await query('update sessions set last_activity = now() where id = $1', [payload.sessionId]).catch(() => { });
|
|
redis.set(`onlineuser:${payload.sub}`, '1', 'EX', 60).catch(() => { });
|
|
|
|
req.user = {
|
|
id: payload.sub,
|
|
name: payload.sessionId,
|
|
}
|
|
next();
|
|
|
|
|
|
} |