import db from '../db.js';

export function requireAuth(req, res, next) {
  if (!req.session?.userId) {
    return res.status(401).json({ message: 'Nicht angemeldet' });
  }
  const u = db
    .prepare('SELECT id, active FROM users WHERE id = ?')
    .get(req.session.userId);
  if (!u || !u.active) {
    req.session.destroy(() => {});
    return res.status(401).json({ message: 'Nicht angemeldet' });
  }
  next();
}

export function requireAdmin(req, res, next) {
  if (req.session?.role !== 'admin') {
    return res.status(403).json({ message: 'Administratorrechte erforderlich.' });
  }
  next();
}

/** Maschinen, Tickets, Events, Anhänge bearbeiten (nicht: nur Viewer). */
export function requireCrmEdit(req, res, next) {
  const r = req.session?.role;
  if (r === 'admin' || r === 'after_sales') {
    return next();
  }
  return res.status(403).json({ message: 'Keine Bearbeitungsrechte.' });
}