src/middleware/auth.js

import jwt from "jsonwebtoken";
import { User } from "../models/User.js";
import { JWT_CONFIG } from "../config/security.js";

export async function auth(req, res, next) {
  const token = req.headers.authorization?.split(" ")[1];
  if (!token) return res.sendStatus(401);

  try {
    const payload = jwt.verify(token, process.env.JWT_SECRET, JWT_CONFIG);
    const user = await User.findById(payload.id);
    if (!user || user.deletedAt) return res.sendStatus(401);
    req.user = user;
    next();
  } catch {
    res.sendStatus(401);
  }
}