14 lines
427 B
JavaScript
14 lines
427 B
JavaScript
function requireAuth(req, res, next) {
|
|
if (!req.session || !req.session.userId) return res.status(401).json({ error: 'unauthorized' })
|
|
next()
|
|
}
|
|
|
|
function requireAdmin(req, res, next) {
|
|
if (!req.session || !req.session.userId) return res.status(401).json({ error: 'unauthorized' })
|
|
if (!req.session.isAdmin) return res.status(403).json({ error: 'forbidden' })
|
|
next()
|
|
}
|
|
|
|
module.exports = { requireAuth, requireAdmin }
|
|
|