71 lines
2.1 KiB
JavaScript
71 lines
2.1 KiB
JavaScript
const nocodbService = require('../services/nocodb');
|
|
|
|
const requireAuth = async (req, res, next) => {
|
|
const isAuthenticated = (req.session && req.session.authenticated) ||
|
|
(req.session && req.session.userId && req.session.userEmail);
|
|
|
|
if (isAuthenticated) {
|
|
// Set up req.user object for controllers that expect it
|
|
req.user = {
|
|
id: req.session.userId,
|
|
email: req.session.userEmail,
|
|
isAdmin: req.session.isAdmin || false
|
|
};
|
|
|
|
next();
|
|
} else {
|
|
console.warn('Unauthorized access attempt', {
|
|
ip: req.ip,
|
|
path: req.path,
|
|
userAgent: req.get('User-Agent'),
|
|
method: req.method,
|
|
timestamp: new Date().toISOString()
|
|
});
|
|
|
|
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
|
res.status(401).json({
|
|
success: false,
|
|
error: 'Authentication required'
|
|
});
|
|
} else {
|
|
res.redirect('/login.html');
|
|
}
|
|
}
|
|
};
|
|
|
|
const requireAdmin = async (req, res, next) => {
|
|
const isAuthenticated = (req.session && req.session.authenticated) ||
|
|
(req.session && req.session.userId && req.session.userEmail);
|
|
|
|
if (isAuthenticated && req.session.isAdmin) {
|
|
// Set up req.user object for controllers that expect it
|
|
req.user = {
|
|
id: req.session.userId,
|
|
email: req.session.userEmail,
|
|
isAdmin: req.session.isAdmin || false
|
|
};
|
|
|
|
next();
|
|
} else {
|
|
console.warn('Unauthorized admin access attempt', {
|
|
ip: req.ip,
|
|
path: req.path,
|
|
user: req.session?.userEmail || 'anonymous',
|
|
userAgent: req.get('User-Agent')
|
|
});
|
|
|
|
if (req.xhr || req.headers.accept?.indexOf('json') > -1) {
|
|
res.status(403).json({
|
|
success: false,
|
|
error: 'Admin access required'
|
|
});
|
|
} else {
|
|
res.redirect('/login.html');
|
|
}
|
|
}
|
|
};
|
|
|
|
module.exports = {
|
|
requireAuth,
|
|
requireAdmin
|
|
}; |