zustand auf server wiederhergestellt

gsm-backend/middleware/auth.js

@@ -0,0 +1,57 @@
+import jwt from 'jsonwebtoken';
+
+const ROLE_HIERARCHY = {
+  'user': 1,
+  'moderator': 2,
+  'superadmin': 3
+};
+
+export function authenticateToken(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  
+  if (!token) {
+    return res.status(401).json({ error: 'Token required' });
+  }
+  
+  jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
+    if (err) {
+      return res.status(403).json({ error: 'Invalid token' });
+    }
+    req.user = user;
+    next();
+  });
+}
+
+// Optional authentication - doesn't fail if no token
+export function optionalAuth(req, res, next) {
+  const authHeader = req.headers['authorization'];
+  const token = authHeader && authHeader.split(' ')[1];
+  
+  if (!token) {
+    req.user = null;
+    return next();
+  }
+  
+  jwt.verify(token, process.env.JWT_SECRET, (err, user) => {
+    if (err) {
+      req.user = null;
+    } else {
+      req.user = user;
+    }
+    next();
+  });
+}
+
+export function requireRole(minRole) {
+  return (req, res, next) => {
+    const userRole = req.user?.role || 'user';
+    const userLevel = ROLE_HIERARCHY[userRole] || 0;
+    const requiredLevel = ROLE_HIERARCHY[minRole] || 0;
+    
+    if (userLevel < requiredLevel) {
+      return res.status(403).json({ error: 'Insufficient permissions' });
+    }
+    next();
+  };
+}