import MongoStore from "connect-mongo"; import session from "express-session"; import { mongooseDbName, mongoURI } from "../database/mongoose.js"; import userModel from "../schemas/userModel.js"; import { checkDatabaseConnection } from "./database.js"; const sessionConf = { secret: process.env.SESSION_SECRET || "super duper secret string.", cookie: { expires: process.env.SESSION_TIMEOUT || 300000, httpOnly: true, }, saveUninitialized: false, resave: false, }; if (process.env.NODE_ENV === "production") { sessionConf.cookie.secure = true; sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName }); } export const userSession = session(sessionConf); export async function requireAuthenticated(req, res, next) { if (!checkDatabaseConnection()) { req.status(500).send("Internal server error."); return; } if (req.session.userId) { req.user = await userModel.findById(req.session.userId); next(); } else { res.status(401).send("Not authorized."); return; } } export async function requireAdmin(req, res, next) { if (!checkDatabaseConnection()) { req.status(500).send("Internal server error."); return; } if (req.session.userId) { req.user = await userModel.findById(req.session.userId); if (req.user.accessLevel < 3) { res.status(401).send("Not authorized"); return; } next(); } else { res.status(401).send("Not authorized."); return; } }