50 lines
1.1 KiB
JavaScript
50 lines
1.1 KiB
JavaScript
const logger = require("../config/logger");
|
|
const { sendUnauthorized, sendForbidden } = require("../utils/responseHelpers");
|
|
|
|
const isAuthenticated = (req) => {
|
|
return req.session?.user?.id;
|
|
};
|
|
|
|
const requireAuth = (req, res, next) => {
|
|
if (isAuthenticated(req)) {
|
|
return next();
|
|
}
|
|
|
|
logger.warn("Unauthorized access attempt", {
|
|
path: req.path,
|
|
ip: req.ip,
|
|
});
|
|
sendUnauthorized(res);
|
|
};
|
|
|
|
const requireRole = (allowedRoles) => {
|
|
const roles = Array.isArray(allowedRoles) ? allowedRoles : [allowedRoles];
|
|
|
|
return (req, res, next) => {
|
|
if (!isAuthenticated(req)) {
|
|
logger.warn("Unauthorized access attempt", {
|
|
path: req.path,
|
|
ip: req.ip,
|
|
});
|
|
return sendUnauthorized(res);
|
|
}
|
|
|
|
const userRole = req.session.user.role_id || "role-admin";
|
|
|
|
if (roles.includes(userRole)) {
|
|
return next();
|
|
}
|
|
|
|
logger.warn("Forbidden access attempt", {
|
|
path: req.path,
|
|
ip: req.ip,
|
|
userRole,
|
|
requiredRoles: roles,
|
|
});
|
|
|
|
sendForbidden(res, "Access denied. Insufficient permissions.");
|
|
};
|
|
};
|
|
|
|
module.exports = { requireAuth, requireRole };
|