feat: согласие на cookies — блокировка входа и регистрации

Co-authored-by: Cursor <cursoragent@cursor.com>

src/routes/account.js

@@ -3,11 +3,14 @@ const bcrypt = require('bcryptjs');
 const { query, formatPrice } = require('../db');
 const { getCart, cartCount } = require('../cart');
 const { requireAuth } = require('../middleware/auth');
+const { requireCookieConsent } = require('../middleware/cookieConsent');
 const { ROLE_LABELS } = require('../constants/roles');
 const { asyncHandler } = require('../utils/asyncHandler');
 
 const router = express.Router();
 
+router.use(requireCookieConsent);
+
 router.use((req, res, next) => {
   const cart = getCart(req);
   res.locals.cartCount = cartCount(cart);

src/routes/auth.js

@@ -3,6 +3,7 @@ const bcrypt = require('bcryptjs');
 const { query, formatPrice } = require('../db');
 const { getCart, cartCount } = require('../cart');
 const { requireAuth } = require('../middleware/auth');
+const { requireCookieConsent } = require('../middleware/cookieConsent');
 const { ROLES } = require('../constants/roles');
 const { asyncHandler } = require('../utils/asyncHandler');
 
@@ -15,13 +16,14 @@ router.use((req, res, next) => {
   next();
 });
 
-router.get('/register', (req, res) => {
+router.get('/register', requireCookieConsent, (req, res) => {
   if (req.session.userId) return res.redirect('/account');
   res.render('register', { title: 'Регистрация', error: null, values: {} });
 });
 
 router.post(
   '/register',
+  requireCookieConsent,
   asyncHandler(async (req, res) => {
     const { name, email, password, password2 } = req.body;
     const values = { name, email };
@@ -70,7 +72,7 @@ router.post(
   })
 );
 
-router.get('/login', (req, res) => {
+router.get('/login', requireCookieConsent, (req, res) => {
   if (req.session.userId) return res.redirect('/account');
   res.render('login', {
     title: 'Вход',
@@ -82,6 +84,7 @@ router.get('/login', (req, res) => {
 
 router.post(
   '/login',
+  requireCookieConsent,
   asyncHandler(async (req, res) => {
     const { email, password } = req.body;
     const next = req.body.next || '/';

src/routes/cookies.js

@@ -0,0 +1,24 @@
+const express = require('express');
+const { setConsentCookie } = require('../middleware/cookieConsent');
+
+const router = express.Router();
+const isProduction = process.env.NODE_ENV === 'production';
+
+router.get('/policy', (req, res) => {
+  res.render('cookies-policy', {
+    title: 'Политика cookies',
+    cookieConsent: res.locals.cookieConsent,
+  });
+});
+
+router.post('/accept', (req, res) => {
+  setConsentCookie(res, isProduction);
+  const returnTo = req.body.return_to || req.query.return_to || '/';
+  const safe =
+    typeof returnTo === 'string' && returnTo.startsWith('/') && !returnTo.startsWith('//')
+      ? returnTo
+      : '/';
+  res.redirect(safe);
+});
+
+module.exports = router;

src/routes/shop.js

@@ -2,6 +2,7 @@ const express = require('express');
 const { query, pool, formatPrice } = require('../db');
 const { getCart, cartCount, cartItems, cartTotal } = require('../cart');
 const { requireAuth } = require('../middleware/auth');
+const { requireCookieConsent } = require('../middleware/cookieConsent');
 const { asyncHandler } = require('../utils/asyncHandler');
 
 const router = express.Router();
@@ -155,6 +156,7 @@ router.post('/cart/remove/:id', (req, res) => {
 
 router.get(
   '/checkout',
+  requireCookieConsent,
   requireAuth,
   asyncHandler(async (req, res) => {
     const cart = getCart(req);
@@ -174,6 +176,7 @@ router.get(
 
 router.post(
   '/checkout',
+  requireCookieConsent,
   requireAuth,
   asyncHandler(async (req, res) => {
     const cart = getCart(req);
@@ -249,6 +252,7 @@ router.post(
 
 router.get(
   '/orders',
+  requireCookieConsent,
   requireAuth,
   asyncHandler(async (req, res) => {
     const { rows: orders } = await query(
@@ -264,6 +268,7 @@ router.get(
 
 router.get(
   '/orders/:id',
+  requireCookieConsent,
   requireAuth,
   asyncHandler(async (req, res) => {
     const { rows } = await query(