Initial commit - Stand 26.04.2026
This commit is contained in:
OpenClaw
@@ -0,0 +1,47 @@
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-change-in-production';
|
||||
|
||||
// Middleware: Prüft ob User eingeloggt ist
|
||||
function authRequired(req, res, next) {
|
||||
try {
|
||||
const authHeader = req.headers.authorization;
|
||||
|
||||
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
||||
return res.status(401).json({ error: 'Kein Token vorhanden' });
|
||||
}
|
||||
|
||||
const token = authHeader.split(' ')[1];
|
||||
const decoded = jwt.verify(token, JWT_SECRET);
|
||||
|
||||
req.user = decoded;
|
||||
next();
|
||||
} catch (error) {
|
||||
if (error.name === 'JsonWebTokenError') {
|
||||
return res.status(401).json({ error: 'Token ungültig' });
|
||||
}
|
||||
if (error.name === 'TokenExpiredError') {
|
||||
return res.status(401).json({ error: 'Token abgelaufen' });
|
||||
}
|
||||
console.error('Auth Middleware Error:', error);
|
||||
return res.status(500).json({ error: 'Server-Fehler' });
|
||||
}
|
||||
}
|
||||
|
||||
// Middleware: Prüft ob User Admin ist
|
||||
function adminRequired(req, res, next) {
|
||||
if (!req.user) {
|
||||
return res.status(401).json({ error: 'Nicht eingeloggt' });
|
||||
}
|
||||
|
||||
if (req.user.role !== 'admin') {
|
||||
return res.status(403).json({ error: 'Zugriff verweigert. Admin-Rechte erforderlich.' });
|
||||
}
|
||||
|
||||
next();
|
||||
}
|
||||
|
||||
module.exports = {
|
||||
authRequired,
|
||||
adminRequired
|
||||
};
|
||||
Reference in New Issue
Block a user