Install Middleware – Step 4
Step 4: -Install Middleware
Middleware=>auth.js
const jwt = require('jsonwebtoken');
const asyncHandler = require('./async');
const ErrorResponse = require('../util/errorResponse');
const user = require('../models/login');
//Protect routes
exports.protect = asyncHandler(async(req,res,next)=>{
let token;
if(
req.headers.authorization &&
req.headers.authorization.startsWith('Bearer'))
{
token = req.headers.authorization.split(' ')[1];
}
// else if(req.cookies.token)
// {
// token =req.cookies.token
// }
//MAke sure token exists
if(!token){
return next(new ErrorResponse('Not authorize to access ',401))
}
try{
//verify Token
const decoded = jwt.verify(token,process.env.JWT_SECRET)
console.log(decoded);
req.user = await user.findById(decoded.id);
next();
}
catch(err)
{
return next(new ErrorResponse('Not authorize to access ',401))
}
});
//Grant access to specific role
exports.authorize = (...roles)=>{
return(req,res,next)=>{
if(!roles.includes(req.user.role))
{
return next(new ErrorResponse(`user role${req.user.role} is not authorize tp access the route`,403))
}
next();
}
}