adding admin options for pw reset

2026-01-30 22:15:31 -05:00
parent c2a6e1d41f
commit b7b32b4fe6
9 changed files with 678 additions and 1 deletions
@@ -1,4 +1,6 @@
 import jwt from 'jsonwebtoken';
+import { query } from '../db/index.js';
+import { asyncHandler } from './errorHandler.js';

 export const authMiddleware = (req, res, next) => {
  const authHeader = req.headers.authorization;
@@ -17,3 +19,35 @@ export const authMiddleware = (req, res, next) => {
    return res.status(401).json({ error: 'Invalid token' });
  }
 };
+
+// Enhanced version that fetches user data including admin status
+export const verifyToken = asyncHandler(async (req, res, next) => {
+  const authHeader = req.headers.authorization;
+
+  if (!authHeader || !authHeader.startsWith('Bearer ')) {
+    return res.status(401).json({ error: 'No token provided' });
+  }
+
+  const token = authHeader.substring(7);
+  const decoded = jwt.verify(token, process.env.JWT_SECRET);
+
+  // Fetch full user data including admin status
+  const users = await query(
+    'SELECT id, email, username, is_admin FROM users WHERE id = ?',
+    [decoded.userId]
+  );
+
+  if (users.length === 0) {
+    return res.status(401).json({ error: 'User not found' });
+  }
+
+  req.user = {
+    userId: users[0].id,
+    email: users[0].email,
+    username: users[0].username,
+    is_admin: users[0].is_admin
+  };
+  
+  next();
+});
+