api/middleware/RequireAuthMiddleware.ts

import { NextFunction, Response } from "express";
import jwt from "jsonwebtoken";
import type Client from "../../core/Client";
import { log } from "../../utils/logger";
import Request from "../Request";

export default async function RequireAuthMiddleware(
    client: Client,
    fetchUser: boolean = true,
    request: Request,
    response: Response,
    next: NextFunction
) {
    if (!request.headers.authorization) {
        response.status(401).json({
            error: "No authorization header found in the request"
        });

        return;
    }

    const [type, token] = request.headers.authorization.split(/\s+/);

    if (type.toLowerCase() !== "bearer") {
        response.status(401).json({
            error: "Only bearer tokens are supported"
        });

        return;
    }

    try {
        const info = jwt.verify(token, process.env.JWT_SECRET!, {
            issuer: process.env.JWT_ISSUER ?? "SudoBot",
            subject: "Temporary API token for authenticated user",
            complete: true
        });

        const payload = info.payload as {
            userId: number;
        };

        log(info, payload);

        if (!payload?.userId) {
            throw new Error("ID not found");
        }

        if (!fetchUser) {
            request.userId = payload.userId;
            next();
            return;
        }

        const user = await client.prisma.user.findFirst({
            where: {
                id: payload.userId,
                token
            }
        });

        if (!user) {
            throw new Error();
        }

        request.userId = user.id;
        request.user = user;
        next();
    } catch (e) {
        log(e);

        response.status(401).json({
            error: "Invalid API token"
        });

        return;
    }
}
1	rakinar2	577	import { NextFunction, Response } from "express";
2			import jwt from "jsonwebtoken";
3			import type Client from "../../core/Client";
4			import { log } from "../../utils/logger";
5			import Request from "../Request";
6
7			export default async function RequireAuthMiddleware(
8			client: Client,
9			fetchUser: boolean = true,
10			request: Request,
11			response: Response,
12			next: NextFunction
13			) {
14			if (!request.headers.authorization) {
15			response.status(401).json({
16			error: "No authorization header found in the request"
17			});
18
19			return;
20			}
21
22			const [type, token] = request.headers.authorization.split(/\s+/);
23
24			if (type.toLowerCase() !== "bearer") {
25			response.status(401).json({
26			error: "Only bearer tokens are supported"
27			});
28
29			return;
30			}
31
32			try {
33			const info = jwt.verify(token, process.env.JWT_SECRET!, {
34			issuer: process.env.JWT_ISSUER ?? "SudoBot",
35			subject: "Temporary API token for authenticated user",
36			complete: true
37			});
38
39			const payload = info.payload as {
40			userId: number;
41			};
42
43			log(info, payload);
44
45			if (!payload?.userId) {
46			throw new Error("ID not found");
47			}
48
49			if (!fetchUser) {
50			request.userId = payload.userId;
51			next();
52			return;
53			}
54
55			const user = await client.prisma.user.findFirst({
56			where: {
57			id: payload.userId,
58			token
59			}
60			});
61
62			if (!user) {
63			throw new Error();
64			}
65
66			request.userId = user.id;
67			request.user = user;
68			next();
69			} catch (e) {
70			log(e);
71
72			response.status(401).json({
73			error: "Invalid API token"
74			});
75
76			return;
77			}
78			}