csa-backend-test/app/middleware/middleware.js

// ENVIRONMENT
require('dotenv').config();

// LIBRARY
const jwt                       = require("jsonwebtoken");

const { PrismaClient: CMSClient } = require("../../prisma/clients/cms");

// CONSTANT
const { JWT_SECRET_KEY }            = process.env;

// RESPONSES
const { badRequestResponse}     = require("../res/responses");
const {expiredTokenResponse }   = require("../res/responses");
const { invalidTokenResponse }  = require("../res/responses");

// PRISMA
const prisma            = new CMSClient();


// MIDDLEWARE
const validateApiKey = async (req, res, next) => {
    try {
        const apiKey = req.headers['x-api-key'];

        if (!apiKey) {
            return badRequestResponse(res, "API key is required", "Missing x-api-key header");
        }

        const validCredential = await prisma.appCredential.findUnique({
            where: {
                TokenCredential_AC: apiKey
            }
        });

        if (!validCredential) {
            return badRequestResponse(res, "Invalid API key", "Unauthorized access");
        }
        return next();
    } catch (err) {
        return badRequestResponse(res, "Error validating API key", err);
    }
};

const authenticateToken = async (req, res, next) => {
    const authHeader    = req.headers['authorization'];
    let token           = null;

    if (authHeader) {
        token           = authHeader.split(' ')[1];
    }

    if (!authHeader) {
        return badRequestResponse(res, "Unauthorized");
    }

    try {
        const decoded = jwt.verify(token, JWT_SECRET_KEY);

        const isUserExist = await prisma.adminAccount.findFirst({
            where: {
                UUID_AA: decoded.userID,
            }
        });

        if (isUserExist) {
            const currentTime = Math.floor(new Date().getTime() / 1000);
            const tokenIssuedAt = decoded.iat;

            const expiryTime = 60 * 60 * 24 * 7;
            
            if (currentTime - tokenIssuedAt > expiryTime) {
                return expiredTokenResponse(res, "Token expired!");
            }

            req.locals = { user: decoded.userID };
            
            return next();

        } else {
            return invalidTokenResponse(res, "Invalid token!");
        }
        
    } catch (err) {
        return invalidTokenResponse(res, "Invalid token!");
    }
};


module.exports = { validateApiKey, authenticateToken };