@@ -1,24 +0,0 @@
|
||||
import * as jwt from "jsonwebtoken";
|
||||
import {
|
||||
ExpressMiddlewareInterface
|
||||
} from "routing-controllers";
|
||||
|
||||
export class JWTAuth implements ExpressMiddlewareInterface {
|
||||
use(request: any, response: any, next?: (err?: any) => any): any {
|
||||
const token = <string>request.headers["auth"];
|
||||
try {
|
||||
/**
|
||||
TODO: idk if we should always check the db if refreshtokencount is valid?
|
||||
seems like a lot of db overhead
|
||||
at the same time it's basically our only option to support proper logouts
|
||||
*/
|
||||
const jwtPayload = <any>jwt.verify(token, "secretjwtsecret");
|
||||
// const jwtPayload = <any>jwt.verify(token, process.env.JWT_SECRET);
|
||||
response.locals.jwtPayload = jwtPayload;
|
||||
} catch (error) {
|
||||
console.log(error);
|
||||
return response.status(401).send();
|
||||
}
|
||||
next();
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user