const requireAuth = (req, res, next) => {
    if (req.session && req.session.authenticated) {
        next();
    } else {
        if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
            res.status(401).json({ 
                success: false, 
                error: 'Authentication required' 
            });
        } else {
            res.redirect('/login.html');
        }
    }
};

const requireAdmin = (req, res, next) => {
    if (req.session && req.session.authenticated && req.session.isAdmin) {
        next();
    } else {
        if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
            res.status(403).json({ 
                success: false, 
                error: 'Admin access required' 
            });
        } else {
            res.redirect('/login.html');
        }
    }
};

module.exports = {
    requireAuth,
    requireAdmin
};