const nocodbService = require('../services/nocodb'); const requireAuth = async (req, res, next) => { const isAuthenticated = (req.session && req.session.authenticated) || (req.session && req.session.userId && req.session.userEmail); if (isAuthenticated) { // Set up req.user object for controllers that expect it req.user = { id: req.session.userId, email: req.session.userEmail, isAdmin: req.session.isAdmin || false }; next(); } else { console.warn('Unauthorized access attempt', { ip: req.ip, path: req.path, userAgent: req.get('User-Agent'), method: req.method, timestamp: new Date().toISOString() }); if (req.xhr || req.headers.accept?.indexOf('json') > -1) { res.status(401).json({ success: false, error: 'Authentication required' }); } else { res.redirect('/login.html'); } } }; const requireAdmin = async (req, res, next) => { const isAuthenticated = (req.session && req.session.authenticated) || (req.session && req.session.userId && req.session.userEmail); if (isAuthenticated && req.session.isAdmin) { // Set up req.user object for controllers that expect it req.user = { id: req.session.userId, email: req.session.userEmail, isAdmin: req.session.isAdmin || false }; next(); } else { console.warn('Unauthorized admin access attempt', { ip: req.ip, path: req.path, user: req.session?.userEmail || 'anonymous', userAgent: req.get('User-Agent') }); if (req.xhr || req.headers.accept?.indexOf('json') > -1) { res.status(403).json({ success: false, error: 'Admin access required' }); } else { res.redirect('/login.html'); } } }; module.exports = { requireAuth, requireAdmin };