added auth middleware

2025-07-14 07:55:02 +02:00 · 2024-10-02 23:54:14 -04:00 · 2024-10-02 23:54:14 -04:00 · 942dbd8e56
commit 942dbd8e56
parent 7dbf4307e7
4 changed files with 44 additions and 0 deletions
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@ -1,3 +1,4 @@
 export * from "./notFound";
 export * from "./rateLimit";
 export * from "./formatError";
 export * from "./verifySession";
--- a/server/middlewares/verifySession.ts
+++ b/server/middlewares/verifySession.ts
@ -0,0 +1,33 @@
 import { NextFunction, Response, Request } from "express";
 import ErrorResponse from "@server/types/ErrorResponse";
 import { unauthorized, verifySession } from "@server/auth";
 import { db } from "@server/db";
 import { users } from "@server/db/schema";
 import { eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 export const verifySessionMiddleware = async (
    req: any,
    res: Response<ErrorResponse>,
    next: NextFunction,
 ) => {
    const { session, user } = await verifySession(req);
    if (!session || !user) {
        return next(unauthorized());
    }
    const existingUser = await db
        .select()
        .from(users)
        .where(eq(users.id, user.id));
    if (!existingUser || !existingUser[0]) {
        return next(
            createHttpError(HttpCode.BAD_REQUEST, "User does not exist"),
        );
    }
    req.user = existingUser[0];
    req.session = session;
 };
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -6,6 +6,7 @@ import * as target from "./target";
 import * as user from "./user";
 import * as auth from "./auth";
 import HttpCode from "@server/types/HttpCode";
 import { verifySessionMiddleware } from "@server/middlewares";
 // Root routes
 export const unauthenticated = Router();
@ -16,6 +17,7 @@ unauthenticated.get("/", (_, res) => {
 // Authenticated Root routes
 export const authenticated = Router();
 authenticated.use(verifySessionMiddleware);
 authenticated.put("/org", org.createOrg);
 authenticated.get("/orgs", org.listOrgs);
--- a/server/types/Auth.ts
+++ b/server/types/Auth.ts
@ -0,0 +1,8 @@
 import { Request } from "express";
 import { User } from "@server/db/schema";
 import { Session } from "lucia";
 export interface AuthenticatedRequest extends Request {
    user: User;
    session: Session;
 }