"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.requireOrgAccess = exports.requireRole = exports.optionalAuth = exports.requireAuth = exports.authMiddleware = exports.AuthMiddleware = void 0; const auth_service_1 = require("../services/auth.service"); const logger_1 = require("../lib/logger"); class AuthMiddleware { authService = new auth_service_1.AuthService(); extractToken(req) { const authHeader = req.headers.authorization; if (authHeader && authHeader.startsWith('Bearer ')) { return authHeader.substring(7); } const cookieToken = req.cookies?.auth_token; if (cookieToken) { return cookieToken; } return null; } requireAuth = async (req, res, next) => { try { const token = this.extractToken(req); if (!token) { logger_1.logger.warn('Authentication required but no token provided'); return res.status(401).json({ success: false, error: 'Authentication required', message: 'Please provide a valid authentication token' }); } const decoded = this.authService.verifyToken(token); const user = await this.authService.getUserById(decoded.userId); if (!user) { logger_1.logger.warn(`Token valid but user not found: ${decoded.userId}`); return res.status(401).json({ success: false, error: 'User not found', message: 'The authenticated user no longer exists' }); } req.user = user; logger_1.logger.debug(`User authenticated: ${user.email}`); next(); } catch (error) { logger_1.logger.warn('Authentication failed:', error); return res.status(401).json({ success: false, error: 'Invalid token', message: 'Please provide a valid authentication token' }); } }; optionalAuth = async (req, res, next) => { try { const token = this.extractToken(req); if (!token) { return next(); } const decoded = this.authService.verifyToken(token); const user = await this.authService.getUserById(decoded.userId); if (user) { req.user = user; logger_1.logger.debug(`Optional auth successful: ${user.email}`); } } catch (error) { logger_1.logger.debug('Optional auth failed (continuing):', error); } next(); }; requireRole = (orgIdParam, requiredRole) => { return async (req, res, next) => { if (!req.user) { return res.status(401).json({ success: false, error: 'Authentication required' }); } const orgId = req.params[orgIdParam] || req.body[orgIdParam]; if (!orgId) { return res.status(400).json({ success: false, error: 'Organization ID required' }); } const userRole = await this.authService.getUserRole(req.user.id, orgId); if (!userRole) { return res.status(403).json({ success: false, error: 'Access denied', message: 'You are not a member of this organization' }); } const roleHierarchy = { 'MEMBER': 1, 'ADMIN': 2, 'OWNER': 3, }; const userRoleLevel = roleHierarchy[userRole] || 0; const requiredRoleLevel = roleHierarchy[requiredRole] || 999; if (userRoleLevel < requiredRoleLevel) { return res.status(403).json({ success: false, error: 'Insufficient permissions', message: `This action requires ${requiredRole} role or higher` }); } next(); }; }; requireOrgAccess = (orgIdParam) => { return async (req, res, next) => { if (!req.user) { return res.status(401).json({ success: false, error: 'Authentication required' }); } const orgId = req.params[orgIdParam] || req.body[orgIdParam]; if (!orgId) { return res.status(400).json({ success: false, error: 'Organization ID required' }); } const hasAccess = await this.authService.hasOrgAccess(req.user.id, orgId); if (!hasAccess) { return res.status(403).json({ success: false, error: 'Access denied', message: 'You do not have access to this organization' }); } next(); }; }; } exports.AuthMiddleware = AuthMiddleware; exports.authMiddleware = new AuthMiddleware(); exports.requireAuth = exports.authMiddleware.requireAuth; exports.optionalAuth = exports.authMiddleware.optionalAuth; exports.requireRole = exports.authMiddleware.requireRole; exports.requireOrgAccess = exports.authMiddleware.requireOrgAccess; //# sourceMappingURL=auth.middleware.js.map