| import jwt from 'jsonwebtoken'; | |
| import { JWT_SECRET } from '../config/users.js'; | |
| export const authenticateToken = (req, res, next) => { | |
| const authHeader = req.headers['authorization']; | |
| const token = authHeader && authHeader.split(' ')[1]; | |
| if (!token) { | |
| return res.status(401).json({ error: 'Access token required' }); | |
| } | |
| jwt.verify(token, JWT_SECRET, (err, user) => { | |
| if (err) { | |
| return res.status(403).json({ error: 'Invalid or expired token' }); | |
| } | |
| req.user = user; | |
| next(); | |
| }); | |
| }; |