16 lines
508 B
JavaScript
16 lines
508 B
JavaScript
import jwt from "jsonwebtoken";
|
|
|
|
export function authMiddleware(req, res, next) {
|
|
const authHeader = req.headers.authorization || "";
|
|
const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7) : null;
|
|
|
|
if (!token) return res.status(401).json({ error: "Token mancante" });
|
|
|
|
try {
|
|
const payload = jwt.verify(token, process.env.JWT_SECRET || "devsecret");
|
|
req.userId = payload.userId;
|
|
next();
|
|
} catch (err) {
|
|
return res.status(401).json({ error: "Token non valido" });
|
|
}
|
|
}
|