feat: согласие на cookies — блокировка входа и регистрации

Co-authored-by: Cursor <cursoragent@cursor.com>

src/middleware/cookieConsent.js

@@ -0,0 +1,48 @@
+const CONSENT_COOKIE = 'cookie_consent';
+const CONSENT_VALUE = 'accepted';
+const CONSENT_MAX_AGE_MS = 365 * 24 * 60 * 60 * 1000;
+
+function hasCookieConsent(req) {
+  return req.cookies?.[CONSENT_COOKIE] === CONSENT_VALUE;
+}
+
+function loadCookieConsent(req, res, next) {
+  res.locals.cookieConsent = hasCookieConsent(req);
+  res.locals.returnTo = req.originalUrl;
+  next();
+}
+
+function requireCookieConsent(req, res, next) {
+  if (hasCookieConsent(req)) {
+    return next();
+  }
+
+  if (req.method === 'GET') {
+    return res.status(403).render('cookies-required', {
+      title: 'Согласие на cookies',
+      returnTo: req.originalUrl,
+    });
+  }
+
+  return res.redirect(
+    '/?error=' + encodeURIComponent('Примите согласие на использование cookies')
+  );
+}
+
+function setConsentCookie(res, isProduction) {
+  res.cookie(CONSENT_COOKIE, CONSENT_VALUE, {
+    maxAge: CONSENT_MAX_AGE_MS,
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: isProduction,
+    path: '/',
+  });
+}
+
+module.exports = {
+  CONSENT_COOKIE,
+  hasCookieConsent,
+  loadCookieConsent,
+  requireCookieConsent,
+  setConsentCookie,
+};