feat: implement authentication middleware for route protection

Author: pokhrelgopal

src/app.ts

@@ -10,8 +10,6 @@ import documentRoutes from "./routes/document.routes";
 import projectMemberRoutes from "./routes/project-member.routes";
 import documentPermissions from "./routes/document-permission.routes";
 
-import { auth } from "./middleware/auth.middleware";
-
 const app = express();
 
 app.use(express.json());
@@ -29,8 +27,6 @@ app.get("/", (req, res) => {
   res.send("Welcome to the API");
 });
 
-app.use(auth);
-
 app.use("/api/users", userRoutes);
 app.use("/api/projects", projectRoutes);
 app.use("/api/document-categories", documentCategoryRoutes);

src/controllers/user.controller.ts

@@ -4,6 +4,7 @@ import * as generator from "../utils/generator";
 import { nodeEnv } from "../config";
 import prisma from "../db/prisma";
 import * as response from "../utils/response";
+import { ZodError } from "zod";
 
 export const register = async (
   req: Request,
@@ -65,21 +66,13 @@ export const login = async (
 
     const token = generator.generateJwt(user.email, user.id);
 
-    res.cookie("token", token, {
-      httpOnly: true,
-      secure: nodeEnv === "production",
-      sameSite: "lax",
-      path: "/",
-      expires: new Date(Date.now() + 1000 * 60 * 60 * 24),
-    });
-
     return response.successResponse(res, "Logged in successfully.", {
-      id: user.id,
-      email: user.email,
-      fullName: user.fullName,
+      token,
     });
   } catch (error) {
-    console.error(error);
+    if (error instanceof ZodError) {
+      return response.zodErrorResponse(res, error);
+    }
     return response.errorResponse(res, "Internal server error.");
   }
 };

src/middleware/auth.middleware.ts

@@ -3,13 +3,22 @@ import { Request, Response, NextFunction } from "express";
 
 export const auth = (req: Request, res: Response, next: NextFunction): void => {
   try {
-    const token = req.cookies?.token;
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+      res.status(401).json({ error: "Authentication token missing" });
+      return;
+    }
+
+    const token = authHeader.split(" ")[1];
     if (!token) {
       res.status(401).json({ error: "Authentication token missing" });
       return;
     }
+
     const decoded = jwt.verify(token, process.env.JWT_SECRET as string);
+
     (req as JwtPayload).user = decoded;
+
     next();
   } catch (error) {
     res.status(401).json({ error: "Invalid or expired token" });

src/routes/document-category.routes.ts

@@ -1,26 +1,32 @@
 import { Router } from "express";
 import * as documentCategoryController from "../controllers/document-category.controller";
+import { auth } from "../middleware/auth.middleware";
 
 const router = Router();
 
 router.post(
   "/document-categories",
+  auth,
   documentCategoryController.createDocumentCategory
 );
 router.get(
   "/document-categories/project/:projectId",
+  auth,
   documentCategoryController.getDocumentCategoriesByProject
 );
 router.get(
   "/document-categories/:id",
+  auth,
   documentCategoryController.getDocumentCategoryById
 );
 router.put(
   "/document-categories/:id",
+  auth,
   documentCategoryController.updateDocumentCategory
 );
 router.delete(
   "/document-categories/:id",
+  auth,
   documentCategoryController.deleteDocumentCategory
 );
 

src/routes/document-permission.routes.ts

@@ -4,13 +4,15 @@ import {
   getDocumentPermissions,
   removeDocumentPermission,
 } from "../controllers/document-permission.controller";
+import { auth } from "../middleware/auth.middleware";
 
 const router = express.Router();
 
-router.post("/document-permissions", addDocumentPermission);
-router.get("/document-permissions/:documentId", getDocumentPermissions);
+router.post("/document-permissions", auth, addDocumentPermission);
+router.get("/document-permissions/:documentId", auth, getDocumentPermissions);
 router.delete(
   "/document-permissions/:documentId/:userId",
+  auth,
   removeDocumentPermission
 );
 

src/routes/document.routes.ts

@@ -6,13 +6,14 @@ import {
   updateDocument,
   deleteDocument,
 } from "../controllers/document.controller";
+import { auth } from "../middleware/auth.middleware";
 
 const router = express.Router();
 
-router.post("/documents", createDocument);
-router.get("/documents/category/:categoryId", getDocumentsByCategory);
-router.get("/documents/:id", getDocumentById);
-router.put("/documents/:id", updateDocument);
-router.delete("/documents/:id", deleteDocument);
+router.post("/documents", auth, createDocument);
+router.get("/documents/category/:categoryId", auth, getDocumentsByCategory);
+router.get("/documents/:id", auth, getDocumentById);
+router.put("/documents/:id", auth, updateDocument);
+router.delete("/documents/:id", auth, deleteDocument);
 
 export default router;

src/routes/project-member.routes.ts

@@ -4,11 +4,12 @@ import {
   getProjectMembers,
   removeProjectMember,
 } from "../controllers/project-member.controller";
+import { auth } from "../middleware/auth.middleware";
 
 const router = express.Router();
 
-router.post("/project-members", addProjectMember);
-router.get("/project-members/:projectId", getProjectMembers);
-router.delete("/project-members/:projectId/:userId", removeProjectMember);
+router.post("/project-members", auth, addProjectMember);
+router.get("/project-members/:projectId", auth, getProjectMembers);
+router.delete("/project-members/:projectId/:userId", auth, removeProjectMember);
 
 export default router;

src/routes/project.routes.ts

@@ -6,13 +6,14 @@ import {
   updateProject,
   deleteProject,
 } from "../controllers/project.controller";
+import { auth } from "../middleware/auth.middleware";
 
 const router = Router();
 
-router.post("/", createProject);
-router.get("/", getProjects);
-router.get("/:id", getProjectById);
-router.put("/:id", updateProject);
-router.delete("/:id", deleteProject);
+router.post("/", auth, createProject);
+router.get("/", auth, getProjects);
+router.get("/:id", auth, getProjectById);
+router.put("/:id", auth, updateProject);
+router.delete("/:id", auth, deleteProject);
 
 export default router;

src/routes/user.routes.ts

@@ -9,5 +9,4 @@ router.post("/register", uc.register);
 router.post("/me", uc.getMe);
 router.post("/logout", auth, uc.logout);
 
-
-export default router;
+export default router;