Handling sessions, json response if not logged in

modules/api/auth.middleware.js

@@ -6,12 +6,11 @@ const exceptions = [
   '/login'
 ]
 
-// TODO: session table, dont store pw in cookie
-
 module.exports = function (options) {
   const { authDB } = options
 
   return function (req, res, next) {
+    const sessionID = req.cookies.sessionID || req.session.id
     const isException = exceptions.some((exc) => {
       return req.url === exc
     })
@@ -22,14 +21,32 @@ module.exports = function (options) {
       return
     }
 
-    const user = req.session.user || GetUserBySessionID(authDB, req.cookies.sessionID, req)
+    const user = req.session.user || GetUserBySessionID(authDB, sessionID, req)
+    console.log(req.session)
+
+    // update 'sessiosn' table 'lastAccess' stuff
+    if (sessionID) {
+      dbtools.Update(authDB, 'sessions', {
+        lastAccess: new Date().toString()
+      }, {
+        id: sessionID
+      })
+    }
+
+    console.log(dbtools.SelectAll(authDB, 'sessions'))
+
+    // FIXME: invalidate when new ip or something
 
     if (user) {
       logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1)
       next()
     } else {
       logger.DebugLog(`No user:${req.url}`, 'auth', 1)
-      res.render('login')
+      // res.render('login')
+      res.json({
+        result: 'nouser',
+        msg: 'You are not logged in'
+      })
     }
   }
 }
@@ -44,12 +61,17 @@ function GetUserBySessionID (db, sessionID, req) {
     id: sessionID
   })[0]
 
+  if (!session) {
+    return
+  }
+
   const user = dbtools.Select(db, 'users', {
     id: session.userID
   })[0]
 
   if (user) {
     req.session.user = user
+    req.session.id = sessionID
     return user
   }
 }