Michi
0ebe7fa13d
Some checks failed
🚀 Continuous Integration / 🔧 Backend Tests (18.x) (push) Has been cancelled
🚀 Continuous Integration / 🔧 Backend Tests (20.x) (push) Has been cancelled
🚀 Continuous Integration / 🎨 Frontend Tests (18.x) (push) Has been cancelled
🚀 Continuous Integration / 🎨 Frontend Tests (20.x) (push) Has been cancelled
🚀 Continuous Integration / 🔍 Code Quality (push) Has been cancelled
🚀 Continuous Integration / 🔒 Security Checks (push) Has been cancelled
🚀 Continuous Integration / 🎨 Theme Tests (push) Has been cancelled
🚀 Continuous Integration / ♿ Accessibility Tests (push) Has been cancelled
🚀 Continuous Integration / 📱 Cross-Browser Tests (push) Has been cancelled
🚀 Continuous Integration / 🏗️ Build Tests (push) Has been cancelled
🚀 Continuous Integration / 📊 Performance Tests (push) Has been cancelled
🚀 Continuous Integration / 🎯 Integration Tests (push) Has been cancelled
🚀 Continuous Integration / ✅ All Tests Passed (push) Has been cancelled
112 lines
2.9 KiB
JavaScript
112 lines
2.9 KiB
JavaScript
const jwt = require('jsonwebtoken');
|
|
const User = require('../models/User');
|
|
|
|
// Authentifizierungs-Middleware
|
|
const auth = async (req, res, next) => {
|
|
try {
|
|
// Token aus Header extrahieren
|
|
const token = req.header('Authorization')?.replace('Bearer ', '');
|
|
|
|
if (!token) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Kein Token gefunden. Zugriff verweigert.'
|
|
});
|
|
}
|
|
|
|
// Token verifizieren
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
|
|
// Benutzer aus Datenbank abrufen
|
|
const user = await User.findById(decoded.user.id).select('-password');
|
|
|
|
if (!user || !user.isActive) {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Token ungültig. Benutzer nicht gefunden oder deaktiviert.'
|
|
});
|
|
}
|
|
|
|
// Benutzer zu Request hinzufügen
|
|
req.user = user;
|
|
next();
|
|
} catch (error) {
|
|
console.error('Auth-Middleware-Fehler:', error.message);
|
|
|
|
if (error.name === 'JsonWebTokenError') {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Token ungültig.'
|
|
});
|
|
}
|
|
|
|
if (error.name === 'TokenExpiredError') {
|
|
return res.status(401).json({
|
|
success: false,
|
|
message: 'Token abgelaufen. Bitte melde dich erneut an.'
|
|
});
|
|
}
|
|
|
|
res.status(500).json({
|
|
success: false,
|
|
message: 'Server-Fehler bei der Authentifizierung'
|
|
});
|
|
}
|
|
};
|
|
|
|
// Admin-Middleware (für zukünftige Erweiterungen)
|
|
const adminAuth = async (req, res, next) => {
|
|
try {
|
|
// Erst normale Authentifizierung
|
|
await auth(req, res, () => {});
|
|
|
|
// Dann Admin-Berechtigung prüfen
|
|
if (req.user.role !== 'admin') {
|
|
return res.status(403).json({
|
|
success: false,
|
|
message: 'Zugriff verweigert. Admin-Berechtigung erforderlich.'
|
|
});
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error('Admin-Auth-Middleware-Fehler:', error.message);
|
|
res.status(500).json({
|
|
success: false,
|
|
message: 'Server-Fehler bei der Admin-Authentifizierung'
|
|
});
|
|
}
|
|
};
|
|
|
|
// Optionale Authentifizierung (für öffentliche Endpunkte mit optionalen Benutzerdaten)
|
|
const optionalAuth = async (req, res, next) => {
|
|
try {
|
|
const token = req.header('Authorization')?.replace('Bearer ', '');
|
|
|
|
if (token) {
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
const user = await User.findById(decoded.user.id).select('-password');
|
|
|
|
if (user && user.isActive) {
|
|
req.user = user;
|
|
}
|
|
} catch (error) {
|
|
// Token ungültig, aber das ist okay für optionale Auth
|
|
console.log('Optionale Auth: Token ungültig, fortfahren ohne Benutzer');
|
|
}
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error('Optional-Auth-Middleware-Fehler:', error.message);
|
|
// Bei optionaler Auth trotzdem fortfahren
|
|
next();
|
|
}
|
|
};
|
|
|
|
module.exports = {
|
|
auth,
|
|
adminAuth,
|
|
optionalAuth
|
|
}; |