csc309-team58/sports-matcher/server/middleware/authority.js

import MongoStore from "connect-mongo";
import session from "express-session";
import { mongooseDbName, mongoURI } from "../database/mongoose.js";
import userModel from "../schemas/userModel.js";
import { checkDatabaseConnection } from "./database.js";
const sessionConf = {
    secret: process.env.SESSION_SECRET || "super duper secret string.",
    cookie: {
        expires: process.env.SESSION_TIMEOUT || 300000,
        httpOnly: true,
    },
    saveUninitialized: false,
    resave: false,
};
if (process.env.NODE_ENV === "production") {
    sessionConf.cookie.secure = true;
    sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: mongooseDbName });
}
export const userSession = session(sessionConf);

export async function requireAuthenticated(req, res, next) {
    if (!checkDatabaseConnection()) {
        req.status(500).send("Internal server error.");
        return;
    }
    if (req.session.userId) {
        req.user = await userModel.findById(req.session.userId);
        next();
    } else {
        res.status(401).send("Not authorized.");
        return;
    }
}


export async function requireAdmin(req, res, next) {
    if (!checkDatabaseConnection()) {
        req.status(500).send("Internal server error.");
        return;
    }
    if (req.session.userId) {
        req.user = await userModel.findById(req.session.userId);
        if (req.user.accessLevel < 3) {
            res.status(401).send("Not authorized");
            return;
        }
        next();
    } else {
        res.status(401).send("Not authorized.");
        return;
    }
}