import MongoStore from "connect-mongo"; import session from "express-session"; import { mongooseDbName, mongoURI } from "../database/mongoose.js"; import userModel from "../schemas/userModel.js"; const sessionConf = { secret: process.env.SESSION_SECRET || "super duper secret string.", cookie: { expires: process.env.SESSION_TIMEOUT || 300000, httpOnly: true, }, saveUninitialized: false, resave: false, }; if (process.env.NODE_ENV === "production") { sessionConf.cookie.secure = true; sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName }); } export const userSession = session(sessionConf); export async function authenticationGuard(req, res, next) { if (req.session.userId) { req.user = await userModel.findById(req.session.userId); next(); } else { res.status(401).send("Not authorized."); return; } } // TODO: Authentication // TODO: Identity // TODO: Authority