enterprise_assest_management_app/node_api/middleware/auth.js

// node_api/middleware/auth.js
const jwt = require('jsonwebtoken');
const axios = require('axios');

const DIRECTUS_URL = process.env.DIRECTUS_URL || 'http://localhost:8055';

/**
 * Middleware to validate Directus JWT tokens
 */
const authMiddleware = async (req, res, next) => {
  try {
    const authHeader = req.headers.authorization;
    
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
      return res.status(401).json({ error: 'No token provided' });
    }
    
    const token = authHeader.substring(7);
    
    // Validate token with Directus
    try {
      const response = await axios.get(`${DIRECTUS_URL}/users/me`, {
        headers: {
          Authorization: `Bearer ${token}`
        }
      });
      
      // Attach user info to request
      req.user = response.data.data;
      req.token = token;
      
      console.log(`✅ Authenticated user: ${req.user.email} (${req.user.role?.name || 'Unknown Role'})`);
      next();
      
    } catch (directusError) {
      console.error('Directus token validation failed:', directusError.response?.data);
      return res.status(401).json({ error: 'Invalid or expired token' });
    }
    
  } catch (error) {
    console.error('Auth middleware error:', error);
    return res.status(500).json({ error: 'Authentication service error' });
  }
};

/**
 * Middleware to check user permissions
 */
const requirePermission = (action, collection = 'assets') => {
  return async (req, res, next) => {
    try {
      // For now, allow all authenticated users
      // TODO: Implement proper permission checking with Directus policies
      
      if (!req.user) {
        return res.status(401).json({ error: 'User not authenticated' });
      }
      
      // Check if user is admin (always allowed)
      if (req.user.role?.admin_access) {
        return next();
      }
      
      // TODO: Check specific permissions against Directus policies
      // For now, allow all authenticated users
      console.log(`🔐 Permission check: ${req.user.email} → ${action} on ${collection}`);
      next();
      
    } catch (error) {
      console.error('Permission check error:', error);
      return res.status(500).json({ error: 'Permission service error' });
    }
  };
};

module.exports = {
  authMiddleware,
  requirePermission
};