71 lines
2.1 KiB
JavaScript
71 lines
2.1 KiB
JavaScript
// Authentication Middleware
|
|
|
|
// Require authenticated user
|
|
function requireAuth(db) {
|
|
return async (req, res, next) => {
|
|
const sessionId = req.cookies?.session_id;
|
|
|
|
if (!sessionId) {
|
|
return res.status(401).json({ error: 'Authentication required' });
|
|
}
|
|
|
|
try {
|
|
const session = await new Promise((resolve, reject) => {
|
|
db.get(
|
|
`SELECT s.*, u.id as user_id, u.username, u.email, u.role, u.is_active
|
|
FROM sessions s
|
|
JOIN users u ON s.user_id = u.id
|
|
WHERE s.session_id = ? AND s.expires_at > datetime('now')`,
|
|
[sessionId],
|
|
(err, row) => {
|
|
if (err) reject(err);
|
|
else resolve(row);
|
|
}
|
|
);
|
|
});
|
|
|
|
if (!session) {
|
|
return res.status(401).json({ error: 'Session expired or invalid' });
|
|
}
|
|
|
|
if (!session.is_active) {
|
|
return res.status(401).json({ error: 'Account is disabled' });
|
|
}
|
|
|
|
// Attach user to request
|
|
req.user = {
|
|
id: session.user_id,
|
|
username: session.username,
|
|
email: session.email,
|
|
role: session.role
|
|
};
|
|
|
|
next();
|
|
} catch (err) {
|
|
console.error('Auth middleware error:', err);
|
|
return res.status(500).json({ error: 'Authentication error' });
|
|
}
|
|
};
|
|
}
|
|
|
|
// Require specific role(s)
|
|
function requireRole(...allowedRoles) {
|
|
return (req, res, next) => {
|
|
if (!req.user) {
|
|
return res.status(401).json({ error: 'Authentication required' });
|
|
}
|
|
|
|
if (!allowedRoles.includes(req.user.role)) {
|
|
return res.status(403).json({
|
|
error: 'Insufficient permissions',
|
|
required: allowedRoles,
|
|
current: req.user.role
|
|
});
|
|
}
|
|
|
|
next();
|
|
};
|
|
}
|
|
|
|
module.exports = { requireAuth, requireRole };
|