first commit

backend/src/middleware/auth.js

@@ -0,0 +1,22 @@
+import jwt from "jsonwebtoken";
+import { config } from "../config/index.js";
+
+export function authenticate(req, res, next) {
+  const header = req.headers.authorization;
+  if (!header?.startsWith("Bearer ")) {
+    return res.status(401).json({ error: "Niet ingelogd." });
+  }
+  try {
+    req.user = jwt.verify(header.slice(7), config.JWT_SECRET);
+    next();
+  } catch {
+    res.status(401).json({ error: "Sessie verlopen. Log opnieuw in." });
+  }
+}
+
+export function requireAdmin(req, res, next) {
+  if (req.user?.rol !== "Admin") {
+    return res.status(403).json({ error: "Geen toegang." });
+  }
+  next();
+}

backend/src/middleware/errorHandler.js

@@ -0,0 +1,6 @@
+export function errorHandler(err, _req, res, _next) {
+  const status  = err.status || err.statusCode || 500;
+  const message = status < 500 ? err.message : "Er is een interne fout opgetreden.";
+  if (status >= 500) console.error("[ERROR]", err);
+  res.status(status).json({ error: message });
+}