27 lines
837 B
JavaScript
27 lines
837 B
JavaScript
const jwt = require('jsonwebtoken')
|
|
const JWT_secret = "Cantileverlabs"
|
|
const mongoose = require('mongoose')
|
|
const User = mongoose.model("User")
|
|
module.exports = async (req,res,next)=>{
|
|
const {authorization} = req.headers ;
|
|
//authorization === Bearer Cantileverlabs
|
|
if(!authorization){
|
|
return res.status(401).json({error:"You must be logged in"})
|
|
}
|
|
const token = authorization.replace("Bearer ","")
|
|
jwt.verify(token,JWT_secret,async (err,payload)=>{
|
|
if(err){
|
|
return res.status(401).json({error:"You must be logged in"}) ;
|
|
}
|
|
const {_id} = payload ;
|
|
const user = await User.findById(_id) ;
|
|
if(user.isAdmin)
|
|
{
|
|
next() ;
|
|
}
|
|
else
|
|
{
|
|
return res.status(401).json({error:"Not an admin"}) ;
|
|
}
|
|
})
|
|
} |