diff --git a/backend/src/middleware/authenticateJWT.js b/backend/src/middleware/authenticateJWT.js new file mode 100644 index 00000000..0a52567a --- /dev/null +++ b/backend/src/middleware/authenticateJWT.js @@ -0,0 +1,18 @@ +import jwt from 'jsonwebtoken'; + +export const authenticateJWT = (req, res, next) => { + const token = req.header('Authorization')?.replace('Bearer ', ''); + + if (!token) { + return res.status(403).json({ message: 'Access Denied: No Token Provided' }); + } + + jwt.verify(token, process.env.JWT_SECRET, (err, user) => { + if (err) { + return res.status(403).json({ message: 'Invalid Token' }); + } + + req.user = user; + next(); + }); +}; diff --git a/backend/src/routes/channelRouter.js b/backend/src/routes/channelRouter.js index 67b1dcf1..c5ef3549 100644 --- a/backend/src/routes/channelRouter.js +++ b/backend/src/routes/channelRouter.js @@ -8,6 +8,7 @@ import { getUserChannelsController, } from '../controllers/channelController.js'; import { validationMiddleware } from '../middleware/validationMiddleware.js'; +import { authenticateJWT } from '../middleware/authenticateJWT.js'; export const channelRouter = express.Router(); @@ -40,6 +41,7 @@ channelRouter.post( body('name').notEmpty().withMessage('Name is required'), body('host_id').notEmpty().withMessage('Host ID is required'), ], + authenticateJWT, validationMiddleware, createChannelController, ); @@ -77,6 +79,7 @@ channelRouter.post( channelRouter.post( '/:channelId/guests', [body('guests').isArray().withMessage('Guests must be an array')], + authenticateJWT, validationMiddleware, addGuestController, ); @@ -108,6 +111,7 @@ channelRouter.post( channelRouter.get( '/:id', [param('id').notEmpty().withMessage('Channel ID is required')], + authenticateJWT, validationMiddleware, getChannelInfoController, ); @@ -182,6 +186,7 @@ channelRouter.get( channelRouter.get( '/user/:userId', [param('userId').notEmpty().withMessage('User ID is required')], + authenticateJWT, validationMiddleware, getUserChannelsController, );