to much to say

auth/middleware.js

@@ -0,0 +1,50 @@
+const {verifyToken, generateAccesToken, generateRefreshToken} = require("./auth");
+
+const auth = (req, res, next) => {
+    const refreshToken = req.cookies.refreshToken;
+    const accessToken = req.cookies.accessToken;
+    const permtoken = req.cookies.permtoken;
+    if(!refreshToken && !accessToken && !permtoken) return res.status(401).json({error: "Unauthorized"});
+
+    if(accessToken){
+        const result = verifyToken(accessToken);
+        if(result.user){
+            req.user = result.user;
+            return next();
+        }
+    }
+
+    else if(refreshToken && !accessToken){
+        const result = verifyToken(refreshToken);
+        if(result != false){
+            //create new access token
+            const newAccessToken = generateAccesToken(result.user);
+            res.cookie("accessToken", newAccessToken, {httpOnly: true});
+        }
+        if(result.user){
+            req.user = result.user;
+            return next();
+        }
+    }
+
+    else if(permtoken){
+        const result = verifyToken(permtoken);
+        if(result != false){
+            //create new access token
+            const newAccessToken = generateAccesToken(result.user);
+            res.cookie("accessToken", newAccessToken, {httpOnly: true});
+
+            //create new refresh token
+            const newRefreshToken = generateRefreshToken(result.user);
+            res.cookie("refreshToken", newRefreshToken, {httpOnly: true});
+        }
+        if(result.user){
+            req.user = result.user;
+            return next();
+        }
+    }
+
+    return res.status(401).json({error: "Unauthorized"});
+}
+
+module.exports = auth;