Autonomous-Bug-Explorer/dist/modules/auth/application/middleware/AuthMiddleware.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.createAuthMiddleware = createAuthMiddleware;
const crypto_1 = require("crypto");
function createAuthMiddleware(userRepository, sessionRepository, apiKeyRepository) {
    return async function authMiddleware(req, res, next) {
        try {
            // 1. Check session cookie
            const sessionToken = req.cookies?.['abe_session'];
            if (sessionToken) {
                const session = await sessionRepository.findByToken(sessionToken);
                if (session && session.expiresAt > new Date()) {
                    const user = await userRepository.findById(session.userId);
                    if (user) {
                        req.user = {
                            id: user.id.toString(),
                            email: user.email.value,
                            name: user.name,
                            role: user.role.value,
                            orgId: user.orgId,
                        };
                        return next();
                    }
                }
            }
            // 2. Check Bearer JWT (session token in header)
            const authHeader = req.headers.authorization;
            if (authHeader?.startsWith('Bearer ')) {
                const token = authHeader.substring(7);
                const session = await sessionRepository.findByToken(token);
                if (session && session.expiresAt > new Date()) {
                    const user = await userRepository.findById(session.userId);
                    if (user) {
                        req.user = {
                            id: user.id.toString(),
                            email: user.email.value,
                            name: user.name,
                            role: user.role.value,
                            orgId: user.orgId,
                        };
                        return next();
                    }
                }
            }
            // 3. Check API key
            const apiKeyHeader = req.headers['x-abe-api-key'];
            if (apiKeyHeader && typeof apiKeyHeader === 'string') {
                const keyHash = (0, crypto_1.createHash)('sha256').update(apiKeyHeader).digest('hex');
                const apiKey = await apiKeyRepository.findByHash(keyHash);
                if (apiKey && !apiKey.isExpired()) {
                    const user = await userRepository.findById(apiKey.userId);
                    if (user) {
                        await apiKeyRepository.updateLastUsed(apiKey.id.toString(), new Date());
                        req.user = {
                            id: user.id.toString(),
                            email: user.email.value,
                            name: user.name,
                            role: user.role.value,
                            orgId: user.orgId,
                        };
                        return next();
                    }
                }
            }
            res.status(401).json({ error: 'Unauthorized' });
        }
        catch {
            res.status(401).json({ error: 'Unauthorized' });
        }
    };
}