23 lines
627 B
JavaScript
23 lines
627 B
JavaScript
import db from '../db.js';
|
|
|
|
export function requireAuth(req, res, next) {
|
|
if (!req.session?.userId) {
|
|
return res.status(401).json({ message: 'Nicht angemeldet' });
|
|
}
|
|
const u = db
|
|
.prepare('SELECT id, active FROM users WHERE id = ?')
|
|
.get(req.session.userId);
|
|
if (!u || !u.active) {
|
|
req.session.destroy(() => {});
|
|
return res.status(401).json({ message: 'Nicht angemeldet' });
|
|
}
|
|
next();
|
|
}
|
|
|
|
export function requireAdmin(req, res, next) {
|
|
if (req.session?.role !== 'admin') {
|
|
return res.status(403).json({ message: 'Administratorrechte erforderlich.' });
|
|
}
|
|
next();
|
|
}
|