josh/TicketingSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
21771623005fc96fe64762c996d0e4681f2b4873
TicketingSystem/server/src/middleware/auth.ts
T
josh d8785a964d
Build & Push / Test (client) (push) Successful in 31s
Details
Build & Push / Test (server) (push) Successful in 38s
Details
Build & Push / Build Client (push) Successful in 1m17s
Details
Build & Push / Build Server (push) Successful in 1m18s
Details
Merge SERVICE role into AGENT 
Every AGENT now gets an auto-generated API key on creation, shown once
in a modal. AGENTs log in with password and authenticate to the API
with X-Api-Key. pre-push.sql defensively migrates any residual SERVICE
rows to AGENT before Prisma rewrites the enum. Goddard is no longer
baked into the seed — create agents via Admin → Users.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 22:44:32 -04:00

58 lines
1.6 KiB
TypeScript
Raw Blame History

import { Request, Response, NextFunction } from 'express';
import jwt from 'jsonwebtoken';
import prisma from '../lib/prisma';
export interface AuthRequest extends Request {
user?: {
id: string;
role: string;
username: string;
};
}
export const authenticate = async (req: AuthRequest, res: Response, next: NextFunction) => {
const apiKey = req.headers['x-api-key'] as string | undefined;
if (apiKey) {
const user = await prisma.user.findUnique({ where: { apiKey } });
if (!user) {
return res.status(401).json({ error: 'Invalid API key' });
}
req.user = { id: user.id, role: user.role, username: user.username };
return next();
}
const authHeader = req.headers.authorization;
if (!authHeader?.startsWith('Bearer ')) {
return res.status(401).json({ error: 'Unauthorized' });
}
const token = authHeader.split(' ')[1];
try {
const payload = jwt.verify(token, process.env.JWT_SECRET!) as {
id: string;
role: string;
username: string;
};
req.user = payload;
next();
} catch {
return res.status(401).json({ error: 'Invalid or expired token' });
}
};
export const requireAdmin = (req: AuthRequest, res: Response, next: NextFunction) => {
if (req.user?.role !== 'ADMIN') {
return res.status(403).json({ error: 'Admin access required' });
}
next();
};
// Blocks USER role — allows ADMIN and AGENT
export const requireAgent = (req: AuthRequest, res: Response, next: NextFunction) => {
if (req.user?.role === 'USER') {
return res.status(403).json({ error: 'Insufficient permissions' });
}
next();
};
Reference in New Issue View Git Blame Copy Permalink