alapa
Version:
A cutting-edge web development framework designed to revolutionize the way developers build modern web applications.
60 lines (59 loc) • 2.08 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.LoginRequired = LoginRequired;
const globals_1 = require("../../shared/globals");
const utils_1 = require("../../utils");
const main_1 = require("./main");
async function LoginRequired(req, res, next) {
// Initialize user properties
res.locals.user = null;
req.user = null;
req.authenticated = false;
// Check if there is a userId in session
if (req.session.userId) {
try {
// Check if user is authenticated
const user = (await main_1.Auth.check(req)) ? main_1.Auth.user : null;
if (user) {
res.locals.user = user;
req.user = user;
req.authenticated = true;
// Validate session userId
if (req.session.userId === user.id) {
return next(); // Proceed to the next middleware
}
else {
// Session token mismatch
req.flash("info", "Invalid session. Please log in again.");
}
}
else {
// User not found, invalidate session
req.flash("info", "Session expired. Please log in again.");
await invalidateSession(req);
}
}
catch (err) {
utils_1.Logger.error("Failed to fetch user data:", err);
req.flash("error", "Internal server error.");
}
}
else {
// No session userId, user is not authenticated
req.flash("info", "Please log in.");
}
// Redirect to login page
const loginURL = globals_1.GlobalConfig.auth.loginUrl || "/login";
const url = req.originalUrl;
res.redirect(`${loginURL}?next=${url}`);
}
async function invalidateSession(req) {
return new Promise((resolve) => {
req.session.destroy((err) => {
if (err) {
utils_1.Logger.error("Failed to destroy session:", err);
}
resolve();
});
});
}