q-buffer/apps/server/src/auth/auth.middleware.ts

import { Request, Response, NextFunction } from "express";
import { verifyToken } from "./auth.service"

export const requireAuth = (req: Request, res: Response, next: NextFunction) => {
  const cookieToken = req.cookies?.["qbuffer_token"];
  const authHeader = req.headers.authorization;
  const bearer = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : undefined;
  const token = cookieToken || bearer;
  if (!token) {
    return res.status(401).json({ error: "Unauthorized" });
  }
  try {
    const payload = verifyToken(token);
    req.user = payload;
    return next();
  } catch (error) {
    return res.status(401).json({ error: "Unauthorized" });
  }
};

declare module "express-serve-static-core" {
  interface Request {
    user?: { username: string };
  }
}