From 1b79f5c6c69144b5812610fd9433126e07f35c0b Mon Sep 17 00:00:00 2001
From: Wind-Explorer <windexplorer@outlook.com>
Date: Sun, 23 Jun 2024 22:13:15 +0800
Subject: [PATCH] jsonwebtoken authorization

---
 server/middlewares/auth.js | 18 ++++++++++++++++++
 server/routes/users.js     |  8 +++++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 server/middlewares/auth.js

diff --git a/server/middlewares/auth.js b/server/middlewares/auth.js
new file mode 100644
index 0000000..ecce3b5
--- /dev/null
+++ b/server/middlewares/auth.js
@@ -0,0 +1,18 @@
+const { verify } = require("jsonwebtoken");
+require("dotenv").config();
+
+const validateToken = (req, res, next) => {
+  try {
+    const accessToken = req.header("Authorization").split(" ")[1];
+    if (!accessToken) {
+      return res.sendStatus(401);
+    }
+    const payload = verify(accessToken, process.env.APP_SECRET);
+    req.user = payload;
+    return next();
+  } catch (err) {
+    return res.sendStatus(401);
+  }
+};
+
+module.exports = { validateToken };
diff --git a/server/routes/users.js b/server/routes/users.js
index 5939f24..dd61a80 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -2,6 +2,7 @@ const express = require("express");
 const yup = require("yup");
 const { Op } = require("sequelize");
 const { User } = require("../models");
+const { validateToken } = require("../middlewares/auth");
 const argon2 = require("argon2");
 const router = express.Router();
 const { v4: uuidV4 } = require("uuid");
@@ -165,7 +166,12 @@ router.post("/login", async (req, res) => {
 
   res.json({
     accessToken: accessToken,
-    user: userInfo,
+  });
+});
+
+router.get("/auth", validateToken, (req, res) => {
+  res.json({
+    id: req.user.id,
   });
 });