feat: add authentication middleware

This commit adds authentication middleware for user and admin levels. The middleware retrieves the JWT from the header and verifies it. Error messages are returned for cases like no token found, user not found, unverified email, and when a user is not an admin but tries to perform an admin function.

src/middlewares/authentication.middleware.ts

@@ -0,0 +1,67 @@
+import type {NextFunction, Request, Response} from "express";
+import JwtService from "@services/authentication/jwt.service";
+import {DatabasesService} from "@services/databases/databases.service";
+import {UserInDatabase} from "@interfaces/db/mariadb.interface";
+import {HttpStatusCode} from "axios";
+
+const db = new DatabasesService('OnlyDevs');
+
+async function getTokenFromHeader(req: Request) {
+	const token: string | undefined = req.headers.authorization?.split(" ")[1];
+	if (!token ||token.length <= 0) {
+		return false
+	}
+	return token;
+}
+
+
+async function UserMiddleware(req: Request, res: Response, next: NextFunction) {
+	const originToken = getTokenFromHeader(req);
+	if (!originToken) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized" });
+	}
+	const tokenPayload = await JwtService.verify(`${originToken}`);
+	if (!tokenPayload || !tokenPayload.sub) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized" });
+	}
+	const UserFound = await db.getUserById(tokenPayload.sub)
+	const User: UserInDatabase | undefined = UserFound[0] as UserInDatabase
+	if (!User) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized, you dont exist." });
+	}
+	if (User.email_activation) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "You should verify your email first."})
+	}
+	return next()
+}
+
+async function AdminMiddleware(req: Request, res: Response, next: NextFunction) {
+	const originToken = getTokenFromHeader(req);
+	if (!originToken) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized" });
+	}
+	const tokenPayload = await JwtService.verify(`${originToken}`);
+	if (!tokenPayload || !tokenPayload.sub) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized" });
+	}
+	const UserFound = await db.getUserById(tokenPayload.sub)
+	const User: UserInDatabase | undefined = UserFound[0] as UserInDatabase
+	if (!User) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized, you dont exist." });
+	}
+	if (User.email_activation) {
+		return res.status(HttpStatusCode.PreconditionRequired).json({ message: "You should verify your email first."})
+	}
+
+	const adminState = User.admin
+
+	if (!adminState) {
+    return res.status(HttpStatusCode.PreconditionRequired).json({ message: "Unauthorized, you are not an admin." });
+  }
+	return next()
+}
+
+export const AuthMiddleware = {
+	user: UserMiddleware,
+	admin: AdminMiddleware,
+}