28 lines
No EOL
504 B
JavaScript
28 lines
No EOL
504 B
JavaScript
const db = require("../data/database");
|
|
|
|
|
|
|
|
async function auth (req, res, next) {
|
|
const user = req.session.user;
|
|
const isAuth = req.session.isAuthenticated;
|
|
|
|
if (!user || !isAuth) {
|
|
return next();
|
|
}
|
|
const userDoc = await db.getDb().collection('users').findOne({_id: user.id})
|
|
|
|
if (userDoc && userDoc.isAdmin) {
|
|
|
|
const isAdmin = userDoc.isAdmin;
|
|
|
|
res.locals.user = userDoc;
|
|
res.locals.isAuth = isAuth;
|
|
res.locals.isAdmin = isAdmin;
|
|
}
|
|
|
|
|
|
|
|
next();
|
|
}
|
|
|
|
module.exports = auth |