auth middleware works now

BU-Spark · Oct 1, 2024 · 78d8f42 · 78d8f42
1 parent b9e5fab
commit 78d8f42
Show file tree

Hide file tree

Showing 2 changed files with 133 additions and 144 deletions.
diff --git a/backend/authMiddleware.ts b/backend/authMiddleware.ts
@@ -1,10 +1,8 @@
 // This middleware handles authentication for protected routes
 // It checks if the user is logged in and has a valid token
-
 // Import necessary modules and dependencies
 import jwt from 'jsonwebtoken';
 import { Request, Response, NextFunction } from 'express';
-
 // Define the authentication middleware function
 export const authMiddleware = (req: Request, res: Response, next: NextFunction) => {
   // Retrieve the public key from environment variables
@@ -13,18 +11,15 @@ export const authMiddleware = (req: Request, res: Response, next: NextFunction)
     console.error("CLERK_PEM_PUBLIC_KEY is not set in the environment variables");
     throw new Error("Internal Server Error");
   }
-
   // Extract the token and organization token from request headers
-  const token = req.headers.authorization?.split('Bearer ')[1];
-  const orgToken = req.headers['x-org-token'];
-
+  const token = req.headers['x-org-token'];
+  // const orgToken = req.headers['x-org-token'];
   // Check if token or organization token is missing
-  if (!token || !orgToken) {
+  if (!token) {
     const error = new Error("Unauthorized");
     (error as any).code = 401;
     throw error;
   }
-
   try {
     // Verify the authentication token using the public key
     const decodedAuthToken: any = jwt.verify(token, publicKey, { algorithms: ['RS256'] });
@@ -34,23 +29,15 @@ export const authMiddleware = (req: Request, res: Response, next: NextFunction)
       throw error;
     }
 
-    // Decode the org token without verifying it
-    const decodedOrgToken: any = jwt.decode(orgToken);
-    if (!decodedOrgToken) {
-      const error = new Error("Forbidden");
-      (error as any).code = 403;
-      throw error;
-    }
-
     // Check if the user is part of the required organization
-    const userOrgs = decodedOrgToken.orgs; // Assuming `orgs` contains the user's organization IDs
+    const userOrgs = decodedAuthToken.orgs
+   // console.log("userOrgs",userOrgs)
     const allowedOrgs = ["org_2bHDzl2Zax0nILIzDhui2DLWdH6", "org_2ZN4MA41LAA9l4j0rZBC5Olsr3Y"];
     if (!allowedOrgs.includes(userOrgs)) {
       const error = new Error("Forbidden: Not part of the organization");
       (error as any).code = 403;
       throw error;
     }
-
     // Store the decoded token in the request headers
     req.headers.user = JSON.stringify(decodedAuthToken); // Store the decoded token in the request headers
     next(); // Proceed to the next middleware or route handler
@@ -60,4 +47,4 @@ export const authMiddleware = (req: Request, res: Response, next: NextFunction)
       return res.status((error as any).code || 403).json({ message: (error as any).message });
     }
   }
-};
+};