added auth middleware

2025-07-13 23:45:00 +02:00 · 2024-10-02 23:54:14 -04:00 · 2024-10-02 23:54:14 -04:00 · 942dbd8e56
commit 942dbd8e56
parent 7dbf4307e7
4 changed files with 44 additions and 0 deletions
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@ -1,3 +1,4 @@
 export * from "./notFound";
 export * from "./rateLimit";
 export * from "./formatError";
+export * from "./verifySession";
--- a/server/middlewares/verifySession.ts
+++ b/server/middlewares/verifySession.ts
@ -0,0 +1,33 @@
+import { NextFunction, Response, Request } from "express";
+import ErrorResponse from "@server/types/ErrorResponse";
+import { unauthorized, verifySession } from "@server/auth";
+import { db } from "@server/db";
+import { users } from "@server/db/schema";
+import { eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export const verifySessionMiddleware = async (
+    req: any,
+    res: Response<ErrorResponse>,
+    next: NextFunction,
+) => {
+    const { session, user } = await verifySession(req);
+    if (!session || !user) {
+        return next(unauthorized());
+    }
+
+    const existingUser = await db
+        .select()
+        .from(users)
+        .where(eq(users.id, user.id));
+
+    if (!existingUser || !existingUser[0]) {
+        return next(
+            createHttpError(HttpCode.BAD_REQUEST, "User does not exist"),
+        );
+    }
+
+    req.user = existingUser[0];
+    req.session = session;
+};
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@ -6,6 +6,7 @@ import * as target from "./target";
 import * as user from "./user";
 import * as auth from "./auth";
 import HttpCode from "@server/types/HttpCode";
+import { verifySessionMiddleware } from "@server/middlewares";

 // Root routes
 export const unauthenticated = Router();
@ -16,6 +17,7 @@ unauthenticated.get("/", (_, res) => {

 // Authenticated Root routes
 export const authenticated = Router();
+authenticated.use(verifySessionMiddleware);

 authenticated.put("/org", org.createOrg);
 authenticated.get("/orgs", org.listOrgs);
--- a/server/types/Auth.ts
+++ b/server/types/Auth.ts
@ -0,0 +1,8 @@
+import { Request } from "express";
+import { User } from "@server/db/schema";
+import { Session } from "lucia";
+
+export interface AuthenticatedRequest extends Request {
+    user: User;
+    session: Session;
+}