`auth.middleware.ts`

The app sends: Authorization: Bearer plus the access token string.
This file checks:

Header exists and starts with Bearer
Token verifies as a valid JWT (TokenService)
User still exists in MongoDB

If OK, it puts userId and user on the context so routes can do c.get('user').

Success → route sees


c.get('userId')  // string
c.get('user')    // { id, email, name, avatar, isOnboarded, isAdmin, adminRole }

Failure → 401 JSON

Missing header
Bad/expired token
User deleted from DB

Friends

services/token.service.ts — sign/verify JWT
models/user.model.ts — load user row
types/index.ts — HonoEnv types for c.get

Used on most /api/v1/users/* and many authenticated routes.

Last updated on May 19, 2026

Overview admin.middleware.ts