HEX
Server: Apache
System: Linux srv4.garantili.com.tr 4.18.0-477.21.1.lve.1.el8.x86_64 #1 SMP Tue Sep 5 23:08:35 UTC 2023 x86_64
User: ekspardev (1006)
PHP: 7.4.33
Disabled: exec,passthru,shell_exec,system
$ pwd: /home/ekspardev/ekspar-katalog-backend/src/app/user/middleware/
Upload Files
File: /home/ekspardev/ekspar-katalog-backend/src/app/user/middleware/user.middleware.js
const jwt = require('jsonwebtoken');
const { User } = require('../model/user.model');
const rateLimit = require('express-rate-limit');

exports.authMiddleware = async (req, res, next) => {
    try {
        const token = req.header('Authorization').replace('Bearer ', '');
        const decoded = jwt.verify(token, process.env.JWT_SECRET);
        const user = await User.findByPk(decoded.id);

        if (!user) {
            throw new Error();
        }

        req.token = token;
        req.user = user;
        next();
    } catch (error) {
        res.status(401).send({ error: 'Please authenticate.' });
    }
};

exports.adminMiddleware = async (req, res, next) => {
    if (req.user.role !== 'admin') {
        return res.status(403).send({ error: 'Access denied. Admin privileges required.' });
    }
    next();
};

exports.rateLimitMiddleware = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 dakika
    max: (req, res) => {
        if (req.ip === '212.125.8.54') {
            return 0; // Sınırsız istek
        }
        return 100; // Diğer IP'ler için 15 dakikada maksimum 100 istek
    },
    standardHeaders: true,
    legacyHeaders: false,
    message: 'Çok fazla istek gönderdiniz, lütfen daha sonra tekrar deneyin.',
    skip: (req, res) => req.ip === '212.125.8.54', // Bu IP'yi tamamen atla
});

exports.validateRegistrationInput = (req, res, next) => {
    const { username, email, password } = req.body;
    if (!username || !email || !password) {
        return res.status(400).send({ error: 'Username, email, and password are required.' });
    }
    // Add more validation as needed (e.g., password strength, email format)
    next();
};

exports.validateLoginInput = (req, res, next) => {
    const { username, password } = req.body;
    if (!username || !password) {
        return res.status(400).send({ error: 'Username and password are required.' });
    }
    next();
};

exports.checkUserExists = async (req, res, next) => {
    try {
        const user = await User.findOne({ where: { id: req.params.id } });
        if (!user) {
            return res.status(404).send({ error: 'User not found.' });
        }
        req.targetUser = user;
        next();
    } catch (error) {
        res.status(500).send({ error: 'Error checking user existence.' });
    }
};

exports.validatePasswordResetToken = async (req, res, next) => {
    try {
        const { token } = req.body;
        const user = await User.findOne({
            where: {
                passwordResetToken: token,
                passwordResetExpires: { [Op.gt]: Date.now() }
            }
        });
        if (!user) {
            return res.status(400).send({ error: 'Invalid or expired password reset token.' });
        }
        req.resetUser = user;
        next();
    } catch (error) {
        res.status(500).send({ error: 'Error validating password reset token.' });
    }
};

exports.checkTwoFactorEnabled = async (req, res, next) => {
    if (!req.user.isTwoFactorEnabled) {
        return res.status(400).send({ error: 'Two-factor authentication is not enabled for this user.' });
    }
    next();
};
@ Telegram