File: /var/www/myc/enelar-back-web/src/middleware/authenticateToken.middleware.js
import jwt from 'jsonwebtoken'
import axios from 'axios'
import auditController from '../app/auditor/controllers/auditor.controller.js'
import messages from '../shared/messages/messages.js'
const authenticateToken = (req, res, next) => {
const authHeader = req.headers['authorization']
const token = authHeader && authHeader.split(' ')[1]
if (token == null) {
return res.status(401).send({
status: 401,
message: messages.error.tokenNull.message,
error: messages.error.tokenNull.summary,
})
}
jwt.verify(token, process.env.SECRET_KEY, async (err, user) => {
if (err) {
return res.status(401).send({
status: 401,
message: messages.error.token.message,
error: messages.error.token.summary,
})
}
try {
const response = await axios.get(
`${process.env.API_MANAGEMENT}${user.sub}`,
{
headers: {
Authorization: `Bearer ${token}`,
},
},
)
const usuario = response.data.data
req.user = usuario
const containsAdministrador = usuario.roles.some(
(role) => role.nombre === 'Administrador',
)
req.totalAccess = containsAdministrador ? true : false
const info = {
userId: usuario._id,
method: req.method,
url: req.url,
headers: req.headers,
body: req.body,
}
const originalSend = res.send
res.send = function (body) {
info.response = body
auditController.store(info)
return originalSend.apply(this, arguments)
}
next()
} catch (error) {
return res.status(500).send({
status: 500,
message: messages.error.auth.message,
error: messages.error.auth.summary,
})
}
})
}
export default authenticateToken