// node_api/middleware/auth.js const jwt = require('jsonwebtoken'); const axios = require('axios'); const DIRECTUS_URL = process.env.DIRECTUS_URL || 'http://localhost:8055'; /** * Middleware to validate Directus JWT tokens */ const authMiddleware = async (req, res, next) => { try { const authHeader = req.headers.authorization; if (!authHeader || !authHeader.startsWith('Bearer ')) { return res.status(401).json({ error: 'No token provided' }); } const token = authHeader.substring(7); // Validate token with Directus try { const response = await axios.get(`${DIRECTUS_URL}/users/me`, { headers: { Authorization: `Bearer ${token}` } }); // Attach user info to request req.user = response.data.data; req.token = token; console.log(`✅ Authenticated user: ${req.user.email} (${req.user.role?.name || 'Unknown Role'})`); next(); } catch (directusError) { console.error('Directus token validation failed:', directusError.response?.data); return res.status(401).json({ error: 'Invalid or expired token' }); } } catch (error) { console.error('Auth middleware error:', error); return res.status(500).json({ error: 'Authentication service error' }); } }; /** * Middleware to check user permissions */ const requirePermission = (action, collection = 'assets') => { return async (req, res, next) => { try { // For now, allow all authenticated users // TODO: Implement proper permission checking with Directus policies if (!req.user) { return res.status(401).json({ error: 'User not authenticated' }); } // Check if user is admin (always allowed) if (req.user.role?.admin_access) { return next(); } // TODO: Check specific permissions against Directus policies // For now, allow all authenticated users console.log(`🔐 Permission check: ${req.user.email} → ${action} on ${collection}`); next(); } catch (error) { console.error('Permission check error:', error); return res.status(500).json({ error: 'Permission service error' }); } }; }; module.exports = { authMiddleware, requirePermission };