"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.sendUnauthorized = sendUnauthorized; exports.getCookie = getCookie; exports.getBearerToken = getBearerToken; exports.getAuthToken = getAuthToken; exports.sendForbidden = sendForbidden; exports.sendPaymentRequired = sendPaymentRequired; /** * Sends a uniform auth-error JSON response. * All auth middleware must go through this function so the shape is identical * to what the errorMiddleware produces for AppError instances. */ function sendUnauthorized(res, error, message) { return res.status(401).json({ error, message, statusCode: 401 }); } function getCookie(req, name) { const cookieHeader = req.headers.cookie; if (!cookieHeader) return null; for (const chunk of cookieHeader.split(';')) { const [rawName, ...rawValue] = chunk.trim().split('='); if (rawName === name) { return decodeURIComponent(rawValue.join('=')); } } return null; } function getBearerToken(req) { const authHeader = req.headers.authorization; if (!authHeader?.startsWith('Bearer ')) return null; const token = authHeader.slice(7).trim(); return token.length > 0 ? token : null; } function getAuthToken(req, cookieName) { // Prefer HttpOnly cookies over bearer tokens so stale script-readable tokens // cannot shadow a valid server-managed session during migration. return (cookieName ? getCookie(req, cookieName) : null) ?? getBearerToken(req); } function sendForbidden(res, error, message, extra) { return res.status(403).json({ error, message, statusCode: 403, ...extra }); } function sendPaymentRequired(res, error, message, extra) { return res.status(402).json({ error, message, statusCode: 402, ...extra }); } //# sourceMappingURL=authHelpers.js.map