26 lines
826 B
JavaScript
26 lines
826 B
JavaScript
const jwt = require("jsonwebtoken");
|
|
const asyncHandler = require("express-async-handler");
|
|
const { default: mongoose } = require("mongoose");
|
|
const Post = require("../models/post.js");
|
|
|
|
const sameAuthor = asyncHandler(async (req, res, next) => {
|
|
// get token
|
|
const token = req.cookies.JWT_TOKEN;
|
|
// make token with identical user information
|
|
let opts = {
|
|
expiresIn: "1d",
|
|
};
|
|
const post = await Post.findById(req.params.postID).lean().exec();
|
|
const author = post.author;
|
|
const userToken = jwt.sign({ author }, process.env.SECRET_KEY, opts);
|
|
// compare the two, if the token does not match then the action is unauthorized
|
|
if (token != userToken) {
|
|
return res.status(403).json({
|
|
message: "Not authorized!",
|
|
});
|
|
}
|
|
// otherwise all good
|
|
return next();
|
|
});
|
|
|
|
module.exports = sameAuthor;
|