dannystocker/navidocs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
navidocs/server/middleware/auth.js
Claude d8c54221ef
[PRODUCTION] Code quality and security hardening 
Code Quality Improvements:
- Replace console.log() with proper logger in server/routes/upload.js
- Remove console.log() from client/src/main.js (service worker)
- Remove console.log() from server/middleware/auth.js
- Remove all TODO/FIXME comments from production code
- Add authenticateToken middleware to upload route

Security Enhancements:
- Enforce JWT_SECRET environment variable (no fallback)
- Add XSS protection to search snippet rendering
- Implement comprehensive health checks (database + Meilisearch)
- Verify all database queries use prepared statements (SQL injection prevention)
- Confirm .env.production has 64+ char secrets

Changes:
- server/routes/upload.js: Added logger, authenticateToken middleware
- server/middleware/auth.js: Removed fallback secret, added logger
- server/index.js: Enhanced /health endpoint with service checks
- client/src/main.js: Silent service worker registration
- client/src/views/SearchView.vue: Added HTML escaping to formatSnippet()

All PRE_DEPLOYMENT_CHECKLIST.md security items verified ✓
2025-11-14 08:33:45 +00:00

64 lines
1.6 KiB
JavaScript
Raw Blame History

/**
* Authentication Middleware
* JWT token verification and user authentication
*/
import jwt from 'jsonwebtoken';
import logger from '../utils/logger.js';
const JWT_SECRET = process.env.JWT_SECRET;
if (!JWT_SECRET) {
throw new Error('JWT_SECRET must be set in environment variables');
}
/**
* Verify JWT token and attach user to request
* @param {Request} req - Express request
* @param {Response} res - Express response
* @param {Function} next - Next middleware
*/
export function authenticateToken(req, res, next) {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
if (!token) {
return res.status(401).json({ error: 'Authentication required' });
}
try {
const user = jwt.verify(token, JWT_SECRET);
req.user = user;
next();
} catch (error) {
return res.status(403).json({ error: 'Invalid or expired token' });
}
}
/**
* Optional authentication - attaches user if token present
* @param {Request} req - Express request
* @param {Response} res - Express response
* @param {Function} next - Next middleware
*/
export function optionalAuth(req, res, next) {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (token) {
try {
const user = jwt.verify(token, JWT_SECRET);
req.user = user;
} catch (error) {
// Token invalid, but don't fail - continue without user
logger.debug('AUTH_TOKEN_INVALID', { error: error.message });
}
}
next();
}
export default {
authenticateToken,
optionalAuth
};
Reference in a new issue View git blame Copy permalink