f8cd37ac8c
Includes: API (Express/TypeScript), Astro site, Python workers, document generators, FCC compliance tools, Canada CRTC formation, Ansible infrastructure, and deployment scripts. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
41 lines
1.1 KiB
TypeScript
41 lines
1.1 KiB
TypeScript
import type { Request, Response, NextFunction } from "express";
|
|
import jwt from "jsonwebtoken";
|
|
import { config } from "../config.js";
|
|
|
|
const JWT_SECRET = process.env.ADMIN_JWT_SECRET || "change-this-in-production";
|
|
|
|
export interface AdminPayload {
|
|
id: number;
|
|
username: string;
|
|
}
|
|
|
|
declare global {
|
|
namespace Express {
|
|
interface Request {
|
|
admin?: AdminPayload;
|
|
}
|
|
}
|
|
}
|
|
|
|
/** Sign a JWT for an admin user. */
|
|
export function signAdminToken(payload: AdminPayload): string {
|
|
return jwt.sign(payload, JWT_SECRET, { expiresIn: "8h" });
|
|
}
|
|
|
|
/** Verify admin JWT from Authorization: Bearer <token> header. */
|
|
export function requireAdmin(req: Request, res: Response, next: NextFunction): void {
|
|
const header = req.headers.authorization;
|
|
if (!header || !header.startsWith("Bearer ")) {
|
|
res.status(401).json({ error: "Authentication required." });
|
|
return;
|
|
}
|
|
|
|
const token = header.slice(7);
|
|
try {
|
|
const decoded = jwt.verify(token, JWT_SECRET) as AdminPayload;
|
|
req.admin = decoded;
|
|
next();
|
|
} catch {
|
|
res.status(401).json({ error: "Invalid or expired token." });
|
|
}
|
|
}
|