forked from CSI-KJSCE/appointment_to_examiner
26 lines
741 B
JavaScript
26 lines
741 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
|
|
const verifyAdmin = (req, res, next) => {
|
|
try {
|
|
const token = req.cookies.token; // Ensure you are using cookies for auth
|
|
if (!token) {
|
|
return res
|
|
.status(401)
|
|
.json({ message: "Access denied. No token provided." });
|
|
}
|
|
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
// Check if user is admin based on the 'isAdmin' boolean in the token
|
|
if (!decoded.isAdmin) {
|
|
return res.status(403).json({ message: "Access denied. Admins only." });
|
|
}
|
|
|
|
req.user = decoded; // Attach user data to the request
|
|
next();
|
|
} catch (error) {
|
|
res.status(401).json({ message: "Invalid or expired token" });
|
|
}
|
|
};
|
|
|
|
module.exports = verifyAdmin;
|