1import { Request, Response } from 'express'
2import { verify } from 'jsonwebtoken'
3
4export async function authenticate(req: Request) {
5 const token = req.headers.authorization
6 if (!token) throw new Error('Unauthorized')
7
8 const decoded = verify(token, process.env.JWT_SECRET!)
9 const user = await db.findUser(decoded.id)
10 if (!user || user.status !== 'active')
11 throw new Error('Forbidden')
12 return user
13}
AI Assistant