32 lines
682 B
JavaScript
32 lines
682 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
|
|
module.exports = (req, res, next) => {
|
|
const authHeader = req.headers.authorization;
|
|
|
|
// token yoksa normal devam
|
|
if (!authHeader) {
|
|
req.user = null;
|
|
return next();
|
|
}
|
|
|
|
const parts = authHeader.split(" ");
|
|
const token = parts.length === 2 ? parts[1] : null;
|
|
|
|
if (!token) {
|
|
req.user = null;
|
|
return next();
|
|
}
|
|
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
req.user = {
|
|
...decoded,
|
|
userId: Number(decoded.userId),
|
|
};
|
|
return next();
|
|
} catch (err) {
|
|
// token varsa ama bozuksa => 401 (tercih)
|
|
return res.status(401).json({ error: "Token geçersiz" });
|
|
}
|
|
};
|