import MongoStore from "connect-mongo"; import session from "express-session"; import { mongooseDbName, mongoURI } from "../database/mongoose.js"; const sessionConf = { secret: process.env.SESSION_SECRET || "super duper secret string.", cookie: { expires: process.env.SESSION_TIMEOUT || 300000, httpOnly: true, }, saveUninitialized: false, resave: false, }; if (process.env.NODE_ENV === "production") { sessionConf.cookie.secure = true; sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName }); } export const userSession = session(sessionConf); export function authenticationGuard(req, res, next) { if (req.session.userId) { next(); } else { res.sendStatus(401); return; } } // TODO: Authentication // TODO: Identity // TODO: Authority