2025-12-13 17:53:34 -06:00
|
|
|
const requireAuth = (req, res, next) => {
|
2025-12-13 22:34:11 -06:00
|
|
|
if (req.session && req.session.user && req.session.user.id) {
|
2025-12-13 17:53:34 -06:00
|
|
|
return next();
|
|
|
|
|
}
|
2025-12-13 22:34:11 -06:00
|
|
|
res.status(401).json({ success: false, message: "Authentication required" });
|
2025-12-13 17:53:34 -06:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const requireRole = (allowedRoles) => {
|
2025-12-13 22:34:11 -06:00
|
|
|
// Allow single role or array of roles
|
|
|
|
|
const roles = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];
|
|
|
|
|
|
2025-12-13 17:53:34 -06:00
|
|
|
return (req, res, next) => {
|
2025-12-13 22:34:11 -06:00
|
|
|
if (!req.session || !req.session.user || !req.session.user.id) {
|
|
|
|
|
return res
|
|
|
|
|
.status(401)
|
|
|
|
|
.json({ success: false, message: "Authentication required" });
|
2025-12-13 17:53:34 -06:00
|
|
|
}
|
2025-12-13 22:34:11 -06:00
|
|
|
|
|
|
|
|
const userRole = req.session.user.role_id || "role-admin";
|
|
|
|
|
|
|
|
|
|
if (roles.includes(userRole)) {
|
2025-12-13 17:53:34 -06:00
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
|
2025-12-13 22:34:11 -06:00
|
|
|
res.status(403).json({
|
|
|
|
|
success: false,
|
|
|
|
|
message: "Access denied. Insufficient permissions.",
|
|
|
|
|
required_role: roles,
|
|
|
|
|
your_role: userRole,
|
|
|
|
|
});
|
|
|
|
|
};
|
2025-12-13 17:53:34 -06:00
|
|
|
};
|
|
|
|
|
|
2025-12-13 22:34:11 -06:00
|
|
|
module.exports = { requireAuth, requireRole };
|
