backend middleware

backend/src/middleware/authMiddleware.js

@@ -0,0 +1,41 @@
+const jwt = require('jsonwebtoken');
+const { User } = require('../models/User');
+
+module.exports = async (req, res, next) => {
+  try {
+    // Get token from header
+    const authHeader = req.headers.authorization;
+    
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+      return res.status(401).json({ message: 'Authorization token required' });
+    }
+    
+    const token = authHeader.split(' ')[1];
+    
+    // Verify token
+    const decoded = jwt.verify(token, process.env.JWT_SECRET);
+    
+    // Find user
+    const user = await User.findByPk(decoded.id);
+    
+    if (!user) {
+      return res.status(401).json({ message: 'User not found' });
+    }
+    
+    // Attach user to request
+    req.user = user;
+    next();
+  } catch (error) {
+    console.error('Authentication error:', error);
+    
+    if (error.name === 'JsonWebTokenError') {
+      return res.status(401).json({ message: 'Invalid token' });
+    }
+    
+    if (error.name === 'TokenExpiredError') {
+      return res.status(401).json({ message: 'Token expired' });
+    }
+    
+    res.status(500).json({ message: 'Server error during authentication' });
+  }
+};

backend/src/routes/authRoutes.js

@@ -0,0 +1,9 @@
+const express = require('express');
+const authController = require('../controllers/authController');
+
+const router = express.Router();
+
+router.post('/register', authController.register);
+router.post('/login', authController.login);
+
+module.exports = router;

backend/src/routes/collectionRoutes.js

@@ -0,0 +1,15 @@
+const express = require('express');
+const collectionController = require('../controllers/collectionController');
+const authMiddleware = require('../middleware/authMiddleware');
+
+const router = express.Router();
+
+// All collection routes require authentication
+router.use(authMiddleware);
+
+router.get('/', collectionController.getUserCollection);
+router.post('/', collectionController.addToCollection);
+router.put('/:id', collectionController.updateCollectionEntry);
+router.delete('/:id', collectionController.removeFromCollection);
+
+module.exports = router;

backend/src/routes/ratingRoutes.js

@@ -0,0 +1,16 @@
+const express = require('express');
+const ratingController = require('../controllers/ratingController');
+const authMiddleware = require('../middleware/authMiddleware');
+
+const router = express.Router();
+
+// Public route
+router.get('/whiskey/:whiskeyId', ratingController.getWhiskeyRatings);
+
+// Protected routes
+router.use(authMiddleware);
+router.get('/user', ratingController.getUserRatings);
+router.post('/whiskey/:whiskeyId', ratingController.rateWhiskey);
+router.delete('/:id', ratingController.deleteRating);
+
+module.exports = router;

backend/src/routes/whiskeyRoutes.js

@@ -0,0 +1,14 @@
+const express = require('express');
+const whiskeyController = require('../controllers/whiskeyController');
+const authMiddleware = require('../middleware/authMiddleware');
+
+const router = express.Router();
+
+router.get('/', whiskeyController.getAllWhiskies);
+router.get('/search', whiskeyController.searchWhiskies);
+router.get('/:id', whiskeyController.getWhiskeyById);
+router.post('/', authMiddleware, whiskeyController.createWhiskey);
+router.put('/:id', authMiddleware, whiskeyController.updateWhiskey);
+router.delete('/:id', authMiddleware, whiskeyController.deleteWhiskey);
+
+module.exports = router;