Harrison Deng
8f96a2e5c9
All responses are now in their own object with context name. Added limit to user based recent results for matches. Moved all code in endpoints inside try and catch. Renamed authentication guard function.
29 lines
927 B
JavaScript
29 lines
927 B
JavaScript
import MongoStore from "connect-mongo";
|
|
import session from "express-session";
|
|
import { mongooseDbName, mongoURI } from "../database/mongoose.js";
|
|
import userModel from "../schemas/userModel.js";
|
|
const sessionConf = {
|
|
secret: process.env.SESSION_SECRET || "super duper secret string.",
|
|
cookie: {
|
|
expires: process.env.SESSION_TIMEOUT || 300000,
|
|
httpOnly: true,
|
|
},
|
|
saveUninitialized: false,
|
|
resave: false,
|
|
};
|
|
if (process.env.NODE_ENV === "production") {
|
|
sessionConf.cookie.secure = true;
|
|
sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });
|
|
}
|
|
export const userSession = session(sessionConf);
|
|
|
|
export async function requireAuthenticated(req, res, next) {
|
|
if (req.session.userId) {
|
|
req.user = await userModel.findById(req.session.userId);
|
|
next();
|
|
} else {
|
|
res.status(401).send("Not authorized.");
|
|
return;
|
|
}
|
|
}
|