32 lines
987 B
JavaScript
32 lines
987 B
JavaScript
import MongoStore from "connect-mongo";
|
|
import session from "express-session";
|
|
import { mongooseDbName, mongoURI } from "../database/mongoose.js";
|
|
import userModel from "../schemas/userModel.js";
|
|
const sessionConf = {
|
|
secret: process.env.SESSION_SECRET || "super duper secret string.",
|
|
cookie: {
|
|
expires: process.env.SESSION_TIMEOUT || 300000,
|
|
httpOnly: true,
|
|
},
|
|
saveUninitialized: false,
|
|
resave: false,
|
|
};
|
|
if (process.env.NODE_ENV === "production") {
|
|
sessionConf.cookie.secure = true;
|
|
sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });
|
|
}
|
|
export const userSession = session(sessionConf);
|
|
|
|
export async function authenticationGuard(req, res, next) {
|
|
if (req.session.userId) {
|
|
req.user = await userModel.findById(req.session.userId);
|
|
next();
|
|
} else {
|
|
res.status(401).send("Not authorized.");
|
|
return;
|
|
}
|
|
}
|
|
|
|
// TODO: Authentication
|
|
// TODO: Identity
|
|
// TODO: Authority
|