37 lines
1.3 KiB
JavaScript
37 lines
1.3 KiB
JavaScript
const { getSupabaseServiceClient } = require('../utils/supabase');
|
|
|
|
async function requireAuth(req, res, next) {
|
|
const authHeader = req.headers.authorization;
|
|
if (!authHeader || !authHeader.startsWith('Bearer ')) {
|
|
return res.status(401).json({ error: 'Authentication required' });
|
|
}
|
|
|
|
const token = authHeader.slice(7);
|
|
const supabase = getSupabaseServiceClient();
|
|
|
|
const { data: { user }, error } = await supabase.auth.getUser(token);
|
|
if (error || !user) {
|
|
return res.status(401).json({ error: 'Invalid or expired token' });
|
|
}
|
|
|
|
// Fetch user profile from our users table. Session 9 added
|
|
// `grace_period_until` + `stripe_customer_id` to the select so the
|
|
// grace-period middleware can read them off `req.user` without a
|
|
// second round-trip. Both fields default to null when absent so
|
|
// pre-Stripe users behave identically to before.
|
|
const { data: profile, error: profileError } = await supabase
|
|
.from('users')
|
|
.select('id, email, tier, scan_count, scan_reset_date, founder_status, grace_period_until, stripe_customer_id')
|
|
.eq('id', user.id)
|
|
.single();
|
|
|
|
if (profileError || !profile) {
|
|
return res.status(401).json({ error: 'User profile not found' });
|
|
}
|
|
|
|
req.user = profile;
|
|
next();
|
|
}
|
|
|
|
module.exports = { requireAuth };
|