diff --git a/backend/middleware/verifyToken.js b/backend/middleware/verifyToken.js index 9231f62..ed744d3 100644 --- a/backend/middleware/verifyToken.js +++ b/backend/middleware/verifyToken.js @@ -15,6 +15,7 @@ // ============================================================= const jwt = require('jsonwebtoken'); +const JWT_SECRET = process.env.JWT_SECRET || 'cinebook_dev_secret_change_me'; module.exports = function verifyToken(req, res, next) { // Expect: Authorization: Bearer @@ -26,10 +27,10 @@ module.exports = function verifyToken(req, res, next) { } try { - const decoded = jwt.verify(token, process.env.JWT_SECRET); + const decoded = jwt.verify(token, JWT_SECRET); req.user = decoded; // Attach decoded payload to req so routes can read it next(); } catch (err) { return res.status(401).json({ error: 'Invalid or expired token. Please log in again.' }); } -}; \ No newline at end of file +};