54 lines
2.1 KiB
JavaScript
54 lines
2.1 KiB
JavaScript
"use strict";
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.requireRenterAuth = requireRenterAuth;
|
|
exports.optionalRenterAuth = optionalRenterAuth;
|
|
const prisma_1 = require("../lib/prisma");
|
|
const authHelpers_1 = require("./authHelpers");
|
|
const tokens_1 = require("../security/tokens");
|
|
const sessionCookies_1 = require("../security/sessionCookies");
|
|
const rateLimiter_1 = require("./rateLimiter");
|
|
/**
|
|
* Requires a valid renter Bearer token.
|
|
*
|
|
* Guarantees on success:
|
|
* req.renterId — the authenticated renter's id
|
|
*/
|
|
async function requireRenterAuth(req, res, next) {
|
|
const token = (0, authHelpers_1.getAuthToken)(req, (0, sessionCookies_1.getSessionCookieName)('renter'));
|
|
if (!token)
|
|
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Renter authentication required');
|
|
let payload;
|
|
try {
|
|
payload = (0, tokens_1.verifyActorToken)(token, 'renter');
|
|
}
|
|
catch {
|
|
return (0, authHelpers_1.sendUnauthorized)(res, 'invalid_token', 'Invalid or expired token');
|
|
}
|
|
const renter = await prisma_1.prisma.renter.findUnique({ where: { id: payload.sub } });
|
|
if (!renter || !renter.isActive) {
|
|
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'Renter account not found or inactive');
|
|
}
|
|
req.renterId = renter.id;
|
|
return (0, rateLimiter_1.actorLimiter)(req, res, next);
|
|
}
|
|
/**
|
|
* Optionally extracts renter identity from a Bearer token.
|
|
* Never blocks the request — invalid or absent tokens are silently ignored.
|
|
*
|
|
* Sets on success:
|
|
* req.renterId — the authenticated renter's id (if token is valid)
|
|
*/
|
|
async function optionalRenterAuth(req, _res, next) {
|
|
const token = (0, authHelpers_1.getAuthToken)(req, (0, sessionCookies_1.getSessionCookieName)('renter'));
|
|
if (!token)
|
|
return next();
|
|
try {
|
|
const payload = (0, tokens_1.verifyActorToken)(token, 'renter');
|
|
req.renterId = payload.sub;
|
|
}
|
|
catch {
|
|
// Optional — silently ignore invalid tokens
|
|
}
|
|
next();
|
|
}
|
|
//# sourceMappingURL=requireRenterAuth.js.map
|