backend/middleware/auth.js

const logger = require("../config/logger");
const { sendUnauthorized, sendForbidden } = require("../utils/responseHelpers");

const isAuthenticated = (req) => {
  return req.session?.user?.id;
};

const requireAuth = (req, res, next) => {
  if (isAuthenticated(req)) {
    return next();
  }

  logger.warn("Unauthorized access attempt", {
    path: req.path,
    ip: req.ip,
  });
  sendUnauthorized(res);
};

const requireRole = (allowedRoles) => {
  const roles = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];

  return (req, res, next) => {
    if (!isAuthenticated(req)) {
      logger.warn("Unauthorized access attempt", {
        path: req.path,
        ip: req.ip,
      });
      return sendUnauthorized(res);
    }

    const userRole = req.session.user.role_id || "role-admin";

    if (roles.includes(userRole)) {
      return next();
    }

    logger.warn("Forbidden access attempt", {
      path: req.path,
      ip: req.ip,
      userRole,
      requiredRoles: roles,
    });

    sendForbidden(res, "Access denied. Insufficient permissions.");
  };
};

module.exports = { requireAuth, requireRole };
Updatweb 2025-12-19 20:44:46 -06:00			`const logger = require("../config/logger");`
			`const { sendUnauthorized, sendForbidden } = require("../utils/responseHelpers");`

			`const isAuthenticated = (req) => {`
			`return req.session?.user?.id;`
			`};`

Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`const requireAuth = (req, res, next) => {`
Updatweb 2025-12-19 20:44:46 -06:00			`if (isAuthenticated(req)) {`
Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`return next();`
			`}`
Updatweb 2025-12-19 20:44:46 -06:00
			`logger.warn("Unauthorized access attempt", {`
			`path: req.path,`
			`ip: req.ip,`
			`});`
			`sendUnauthorized(res);`
Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`};`

			`const requireRole = (allowedRoles) => {`
Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00			`const roles = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];`

Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`return (req, res, next) => {`
Updatweb 2025-12-19 20:44:46 -06:00			`if (!isAuthenticated(req)) {`
			`logger.warn("Unauthorized access attempt", {`
			`path: req.path,`
			`ip: req.ip,`
			`});`
			`return sendUnauthorized(res);`
Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`}`
Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00
			`const userRole = req.session.user.role_id \|\| "role-admin";`

			`if (roles.includes(userRole)) {`
Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`return next();`
			`}`

Updatweb 2025-12-19 20:44:46 -06:00			`logger.warn("Forbidden access attempt", {`
			`path: req.path,`
			`ip: req.ip,`
			`userRole,`
			`requiredRoles: roles,`
Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00			`});`
Updatweb 2025-12-19 20:44:46 -06:00
			`sendForbidden(res, "Access denied. Insufficient permissions.");`
Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00			`};`
Website restoration: Node.js backend, restored design, GitHub sync disabled - Replaced broken .NET backend with Node.js/Express - Restored original website design with purple gradient hero - Updated homepage and shop pages with Bootstrap 5 responsive design - Disabled GitHub remote sync - all code now stored locally only - Created backup scripts and documentation - All changes saved on Ubuntu server at /var/www/SkyArtShop 2025-12-13 17:53:34 -06:00			`};`

Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00			`module.exports = { requireAuth, requireRole };`