Add Authentication checks for AGRO-rent services

backend/middleware/authMiddleware.js

@@ -1,15 +1,31 @@
-const jwt = require('jsonwebtoken');
+const jwt = require("jsonwebtoken");
 
 const authMiddleware = (req, res, next) => {
-    const token = req.headers.authorization?.split(' ')[1];
-    if (!token) return res.status(403).json({ message: "No token provided" });
+  const token = req.headers.authorization?.split(" ")[1];
 
-    jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
-        if (err) return res.status(401).json({ message: "Unauthorized" });
+  if (!token) {
+    console.error("Authorization token missing from request headers");
+    return res.status(403).json({ message: "No token provided" });
+  }
 
-        req.user = decoded;
-        next();
-    });
+  jwt.verify(token, process.env.JWT_SECRET, (err, decoded) => {
+    if (err) {
+      console.error(`JWT verification failed: ${err.message}`, { token });
+
+      if (err.name === "TokenExpiredError") {
+        return res.status(401).json({ message: "Token has expired" });
+      }
+      if (err.name === "JsonWebTokenError") {
+        return res.status(401).json({ message: "Invalid token" });
+      }
+
+      return res.status(401).json({ message: "Unauthorized" });
+    }
+
+    req.user = decoded;
+
+    next();
+  });
 };
 
 module.exports = authMiddleware;

backend/routes/rent/rentCartRoutes.js

@@ -2,16 +2,17 @@
 
 const express = require('express');
 const { addToCart, viewCart, removeFromCart } = require('../../controllers/rent/RentCartController');
+const authMiddleware = require('../../middleware/authMiddleware');
 
 const router = express.Router();
 
 // Add to cart
-router.post('/addtoCart', addToCart);
+router.post('/addtoCart',authMiddleware, addToCart);
 
 // View cart
-router.get('/getCart/:userId', viewCart);
+router.get('/getCart/:userId',authMiddleware, viewCart);
 
 // Remove from cart
-router.delete('/remove/:productId', removeFromCart);
+router.delete('/remove/:productId',authMiddleware, removeFromCart);
 
 module.exports = router;

backend/routes/rent/rentProductRoutes.js

@@ -3,25 +3,26 @@
 const express = require('express');
 const router = express.Router();
 const productController = require('../../controllers/rent/RentProductController');
+const authMiddleware = require('../../middleware/authMiddleware');
 
 // Create a new product
-router.post('/rent-products', productController.createProduct);
+router.post('/rent-products',authMiddleware, productController.createProduct);
 
 // Get all products
-router.get('/rent-products', productController.getAllProducts);
+router.get('/rent-products',authMiddleware, productController.getAllProducts);
 
 // Get a single product by ID
-router.get('/rent-products/:id', productController.getProductById);
+router.get('/rent-products/:id',authMiddleware, productController.getProductById);
 
 // Update a product by ID
-router.put('/rent-products/:id', productController.updateProduct);
+router.put('/rent-products/:id',authMiddleware, productController.updateProduct);
 
 // Delete a product by ID
-router.delete('/rent-products/:id', productController.deleteProduct);
+router.delete('/rent-products/:id',authMiddleware, productController.deleteProduct);
 
 
 
-router.get('/filtered-rent-products', productController.getFilteredProducts );
+router.get('/filtered-rent-products',authMiddleware, productController.getFilteredProducts );
 
 
 

backend/routes/rent/rentWishlistRoutes.js

@@ -2,17 +2,18 @@
 
 const express = require('express');
 const wishlistController = require('../../controllers/rent/RentWishlistController');
+const authMiddleware = require('../../middleware/authMiddleware');
 
 
 const router = express.Router();
 
 // Add to Wishlist
-router.post('/wishlist/add/:productId',  wishlistController.addToWishlist);
+router.post('/wishlist/add/:productId',authMiddleware,   wishlistController.addToWishlist);
 
 // Remove from Wishlist
-router.delete('/wishlist/remove/:productId',  wishlistController.removeFromWishlist);
+router.delete('/wishlist/remove/:productId',authMiddleware,   wishlistController.removeFromWishlist);
 
 // Get Wishlist
-router.get('/wishlist',wishlistController.getWishlist);
+router.get('/wishlist',authMiddleware, wishlistController.getWishlist);
 
 module.exports = router;