// src/middleware/auth.js
const jwt = require('jsonwebtoken');
module.exports = async (req, res, next) => {
const header = req.headers.authorization || '';
const token = header.replace('Bearer ', '');
if (!token) return res.status(401).json({ error: 'No token provided' });
try {
const decoded = jwt.verify(token, process.env.JWT_SECRET);
req.user = decoded; // attach user info to request
next();
} catch (err) {
return res.status(403).json({ error: 'Invalid token' });
}
};
