Working version before modification.
This commit is contained in:
Stan
@@ -0,0 +1,85 @@
|
||||
/*
|
||||
* Authentication middleware for protecting routes.
|
||||
*
|
||||
* Provides middleware functions to:
|
||||
* - requireAdminAuth - Protect admin-only routes
|
||||
* - requireUserAuth - Protect user-only routes
|
||||
* - requireAnyAuth - Protect routes requiring any authenticated user
|
||||
*/
|
||||
|
||||
import { validateSession } from '../services/authService.js';
|
||||
|
||||
/**
|
||||
* Extract auth token from request (cookie or Authorization header).
|
||||
*/
|
||||
function getAuthToken(req) {
|
||||
return req.cookies?.auth_token || req.headers.authorization?.replace('Bearer ', '') || null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Middleware to require admin authentication.
|
||||
* Redirects to login page for HTML requests, returns 401 for API requests.
|
||||
*/
|
||||
export function requireAdminAuth(req, res, next) {
|
||||
const token = getAuthToken(req);
|
||||
const session = token ? validateSession(token) : null;
|
||||
|
||||
if (!session || session.type !== 'admin') {
|
||||
/* Check if this is an API request or page request */
|
||||
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
|
||||
|
||||
if (isApiRequest) {
|
||||
return res.status(401).json({ message: 'Admin authentication required.' });
|
||||
}
|
||||
|
||||
/* Redirect to admin login page */
|
||||
return res.redirect('/login-admin');
|
||||
}
|
||||
|
||||
req.session = session;
|
||||
next();
|
||||
}
|
||||
|
||||
/**
|
||||
* Middleware to require user authentication.
|
||||
* Redirects to login page for HTML requests, returns 401 for API requests.
|
||||
*/
|
||||
export function requireUserAuth(req, res, next) {
|
||||
const token = getAuthToken(req);
|
||||
const session = token ? validateSession(token) : null;
|
||||
|
||||
if (!session || session.type !== 'user') {
|
||||
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
|
||||
|
||||
if (isApiRequest) {
|
||||
return res.status(401).json({ message: 'User authentication required.' });
|
||||
}
|
||||
|
||||
/* Redirect to user login page */
|
||||
return res.redirect('/login-user');
|
||||
}
|
||||
|
||||
req.session = session;
|
||||
next();
|
||||
}
|
||||
|
||||
/**
|
||||
* Middleware to require any authentication (admin or user).
|
||||
*/
|
||||
export function requireAnyAuth(req, res, next) {
|
||||
const token = getAuthToken(req);
|
||||
const session = token ? validateSession(token) : null;
|
||||
|
||||
if (!session) {
|
||||
const isApiRequest = req.path.startsWith('/api/') || req.xhr || req.headers.accept?.includes('application/json');
|
||||
|
||||
if (isApiRequest) {
|
||||
return res.status(401).json({ message: 'Authentication required.' });
|
||||
}
|
||||
|
||||
return res.redirect('/');
|
||||
}
|
||||
|
||||
req.session = session;
|
||||
next();
|
||||
}
|
||||
Reference in New Issue
Block a user