Initial Push to GIT

backend/src/middleware/auth.js

@@ -0,0 +1,31 @@
+const jwt = require('jsonwebtoken');
+const { getDb } = require('../models/db');
+
+const JWT_SECRET = process.env.JWT_SECRET || 'changeme_super_secret';
+
+function authMiddleware(req, res, next) {
+  const token = req.headers.authorization?.split(' ')[1] || req.cookies?.token;
+  if (!token) return res.status(401).json({ error: 'Unauthorized' });
+
+  try {
+    const decoded = jwt.verify(token, JWT_SECRET);
+    const db = getDb();
+    const user = db.prepare('SELECT * FROM users WHERE id = ? AND status = ?').get(decoded.id, 'active');
+    if (!user) return res.status(401).json({ error: 'User not found or suspended' });
+    req.user = user;
+    next();
+  } catch (e) {
+    return res.status(401).json({ error: 'Invalid token' });
+  }
+}
+
+function adminMiddleware(req, res, next) {
+  if (req.user?.role !== 'admin') return res.status(403).json({ error: 'Admin only' });
+  next();
+}
+
+function generateToken(userId) {
+  return jwt.sign({ id: userId }, JWT_SECRET, { expiresIn: '30d' });
+}
+
+module.exports = { authMiddleware, adminMiddleware, generateToken };