34 lines
883 B
JavaScript
34 lines
883 B
JavaScript
const requireAuth = (req, res, next) => {
|
|
if (req.session && req.session.authenticated) {
|
|
next();
|
|
} else {
|
|
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
|
res.status(401).json({
|
|
success: false,
|
|
error: 'Authentication required'
|
|
});
|
|
} else {
|
|
res.redirect('/login.html');
|
|
}
|
|
}
|
|
};
|
|
|
|
const requireAdmin = (req, res, next) => {
|
|
if (req.session && req.session.authenticated && req.session.isAdmin) {
|
|
next();
|
|
} else {
|
|
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
|
res.status(403).json({
|
|
success: false,
|
|
error: 'Admin access required'
|
|
});
|
|
} else {
|
|
res.redirect('/login.html');
|
|
}
|
|
}
|
|
};
|
|
|
|
module.exports = {
|
|
requireAuth,
|
|
requireAdmin
|
|
}; |