"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireRenterAuth = requireRenterAuth; exports.optionalRenterAuth = optionalRenterAuth; const prisma_1 = require("../lib/prisma"); const authHelpers_1 = require("./authHelpers"); const tokens_1 = require("../security/tokens"); const sessionCookies_1 = require("../security/sessionCookies"); const rateLimiter_1 = require("./rateLimiter"); /** * Requires a valid renter Bearer token. * * Guarantees on success: * req.renterId — the authenticated renter's id */ async function requireRenterAuth(req, res, next) { const token = (0, authHelpers_1.getAuthToken)(req, (0, sessionCookies_1.getSessionCookieName)('renter')); if (!token) return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Renter authentication required'); let payload; try { payload = (0, tokens_1.verifyActorToken)(token, 'renter'); } catch { return (0, authHelpers_1.sendUnauthorized)(res, 'invalid_token', 'Invalid or expired token'); } const renter = await prisma_1.prisma.renter.findUnique({ where: { id: payload.sub } }); if (!renter || !renter.isActive) { return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Renter account not found or inactive'); } req.renterId = renter.id; return (0, rateLimiter_1.actorLimiter)(req, res, next); } /** * Optionally extracts renter identity from a Bearer token. * Never blocks the request — invalid or absent tokens are silently ignored. * * Sets on success: * req.renterId — the authenticated renter's id (if token is valid) */ async function optionalRenterAuth(req, _res, next) { const token = (0, authHelpers_1.getAuthToken)(req, (0, sessionCookies_1.getSessionCookieName)('renter')); if (!token) return next(); try { const payload = (0, tokens_1.verifyActorToken)(token, 'renter'); req.renterId = payload.sub; } catch { // Optional — silently ignore invalid tokens } next(); } //# sourceMappingURL=requireRenterAuth.js.map