shop
43 lines
1.2 KiB
JavaScript
43 lines
1.2 KiB
JavaScript
const { query } = require('../db');
|
|
const { asyncHandler } = require('../utils/asyncHandler');
|
|
const { ROLES } = require('../constants/roles');
|
|
|
|
function requireAuth(req, res, next) {
|
|
if (!req.session.userId) {
|
|
const nextUrl = encodeURIComponent(req.originalUrl);
|
|
return res.redirect(`/login?next=${nextUrl}`);
|
|
}
|
|
next();
|
|
}
|
|
|
|
function requireAdmin(req, res, next) {
|
|
if (!req.session.userId) {
|
|
const nextUrl = encodeURIComponent(req.originalUrl);
|
|
return res.redirect(`/login?next=${nextUrl}`);
|
|
}
|
|
if (res.locals.user?.role !== ROLES.ADMIN) {
|
|
return res.status(403).render('error', {
|
|
title: 'Доступ запрещён',
|
|
message: 'Недостаточно прав. Требуется роль администратора.',
|
|
code: 403,
|
|
});
|
|
}
|
|
next();
|
|
}
|
|
|
|
const loadUser = asyncHandler(async (req, res, next) => {
|
|
if (req.session.userId) {
|
|
const { rows } = await query(
|
|
'SELECT id, email, name, role FROM users WHERE id = $1',
|
|
[req.session.userId]
|
|
);
|
|
res.locals.user = rows[0] || null;
|
|
} else {
|
|
res.locals.user = null;
|
|
}
|
|
res.locals.isAdmin = res.locals.user?.role === ROLES.ADMIN;
|
|
next();
|
|
});
|
|
|
|
module.exports = { requireAuth, requireAdmin, loadUser };
|