initial commit
This commit is contained in:
Kar k1
75
lib/admin-middleware.ts
Normal file
75
lib/admin-middleware.ts
Normal file
@@ -0,0 +1,75 @@
|
||||
import { NextRequest, NextResponse } from 'next/server'
|
||||
import jwt from 'jsonwebtoken'
|
||||
import { connectDB } from './mongodb'
|
||||
import { User } from '@/models/user'
|
||||
|
||||
export interface AdminUser {
|
||||
id: string
|
||||
email: string
|
||||
name: string
|
||||
role: 'admin'
|
||||
siliconId: string
|
||||
}
|
||||
|
||||
export async function verifyAdminToken(request: NextRequest): Promise<AdminUser | null> {
|
||||
try {
|
||||
const authHeader = request.headers.get('authorization')
|
||||
const cookieToken = request.cookies.get('accessToken')?.value
|
||||
|
||||
// Extract token from auth header, but only if it's not "Bearer undefined"
|
||||
let headerToken = null
|
||||
if (authHeader && authHeader !== 'Bearer undefined' && authHeader.startsWith('Bearer ')) {
|
||||
headerToken = authHeader.replace('Bearer ', '')
|
||||
}
|
||||
|
||||
const token = headerToken || cookieToken
|
||||
|
||||
if (!token) {
|
||||
return null
|
||||
}
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'your-jwt-secret-change-in-production'
|
||||
const decoded = jwt.verify(token, JWT_SECRET) as any
|
||||
|
||||
await connectDB()
|
||||
const user = await User.findById(decoded.userId).select('-password -refreshToken')
|
||||
|
||||
if (!user || user.role !== 'admin') {
|
||||
return null
|
||||
}
|
||||
|
||||
return {
|
||||
id: user._id.toString(),
|
||||
email: user.email,
|
||||
name: user.name,
|
||||
role: user.role,
|
||||
siliconId: user.siliconId,
|
||||
}
|
||||
} catch (error) {
|
||||
console.error('Admin token verification failed:', error)
|
||||
return null
|
||||
}
|
||||
}
|
||||
|
||||
export function createAdminResponse(message: string, status: number = 403) {
|
||||
return NextResponse.json(
|
||||
{
|
||||
error: message,
|
||||
code: 'ADMIN_ACCESS_REQUIRED',
|
||||
},
|
||||
{ status }
|
||||
)
|
||||
}
|
||||
|
||||
export async function withAdminAuth(
|
||||
request: NextRequest,
|
||||
handler: (request: NextRequest, admin: AdminUser) => Promise<NextResponse>
|
||||
): Promise<NextResponse> {
|
||||
const admin = await verifyAdminToken(request)
|
||||
|
||||
if (!admin) {
|
||||
return createAdminResponse('Admin access required')
|
||||
}
|
||||
|
||||
return handler(request, admin)
|
||||
}
|
||||
Reference in New Issue
Block a user