Created authorization related middleware.
This commit is contained in:
30
server/middleware/Authority.js
Normal file
30
server/middleware/Authority.js
Normal file
@@ -0,0 +1,30 @@
|
|||||||
|
import MongoStore from "connect-mongo";
|
||||||
|
import session from "express-session";
|
||||||
|
import { dbName, mongoURI } from "../database/mongoose.js";
|
||||||
|
const sessionConf = {
|
||||||
|
secret: process.env.SESSION_SECRET || "super duper secret string.",
|
||||||
|
cookie: {
|
||||||
|
expires: process.env.SESSION_TIMEOUT || 300000,
|
||||||
|
httpOnly: true,
|
||||||
|
},
|
||||||
|
saveUninitialized: false,
|
||||||
|
resave: false,
|
||||||
|
};
|
||||||
|
if (process.env.NODE_ENV === "production") {
|
||||||
|
sessionConf.cookie.secure = true;
|
||||||
|
sessionConf.store = MongoStore.create({ mongoUrl: mongoURI, dbName: dbName });
|
||||||
|
}
|
||||||
|
export const userSession = session(sessionConf);
|
||||||
|
|
||||||
|
export function authenticationGuard(req, res, next) {
|
||||||
|
if (req.session.userId) {
|
||||||
|
next();
|
||||||
|
} else {
|
||||||
|
res.sendStatus(401);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Authentication
|
||||||
|
// TODO: Identity
|
||||||
|
// TODO: Authority
|
||||||
Reference in New Issue
Block a user