Files
scoreodonto.com/backend/dist/shared/middlewares/auth.middleware.js
T

28 lines
1.1 KiB
JavaScript

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.authMiddleware = authMiddleware;
const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
const env_1 = require("../../config/env");
function authMiddleware(req, res, next) {
const header = req.headers.authorization;
// Aceita token via query string para uso em <img src="...?token=...">
const queryToken = typeof req.query['token'] === 'string' ? req.query['token'] : null;
if (!header?.startsWith('Bearer ') && !queryToken) {
res.status(401).json({ error: 'Token não fornecido' });
return;
}
const token = header?.startsWith('Bearer ') ? header.slice(7) : queryToken;
try {
const payload = jsonwebtoken_1.default.verify(token, env_1.env.JWT_SECRET);
req.tenantId = payload.sub;
req.userRole = payload.role;
next();
}
catch {
res.status(401).json({ error: 'Token inválido ou expirado' });
}
}