const logger = require('../utils/logger.js') const dbtools = require('../utils/dbtools.js') module.exports = function (options) { const { authDB, jsonResponse, exceptions } = options const renderLogin = (res) => { if (jsonResponse) { res.json({ result: 'nouser', msg: 'You are not logged in' }) } else { res.render('login') } } return function (req, res, next) { const ip = req.headers['cf-connecting-ip'] || req.connection.remoteAddress const sessionID = req.cookies.sessionID const isException = exceptions.some((exc) => { return req.url === exc }) if (isException) { logger.DebugLog(`EXCEPTION: ${req.url}`, 'auth', 1) next() return } if (!sessionID) { logger.DebugLog(`No session ID: ${req.url}`, 'auth', 1) renderLogin(res) return } const user = GetUserBySessionID(authDB, sessionID, req) if (!user) { logger.DebugLog(`No user:${req.url}`, 'auth', 1) renderLogin(res) return } req.session = { user: user, sessionID: sessionID } logger.DebugLog(`ID #${user.id}: ${req.url}`, 'auth', 1) UpdateAccess(authDB, user, ip, sessionID) dbtools.Update(authDB, 'sessions', { lastAccess: new Date().toString() }, { id: sessionID }) dbtools.Update(authDB, 'users', { lastIP: ip, lastAccess: new Date().toString() }, { id: user.id }) next() } } function UpdateAccess (db, user, ip, sessionID) { const accesses = dbtools.Select(db, 'accesses', { userId: user.id, ip: ip }) if (accesses.length === 0) { dbtools.Insert(db, 'accesses', { userID: user.id, ip: ip, sessionID: sessionID, date: new Date().toString() }) } } function GetUserBySessionID (db, sessionID, req) { logger.DebugLog(`Getting user from db`, 'auth', 2) const session = dbtools.Select(db, 'sessions', { id: sessionID })[0] if (!session) { return } const user = dbtools.Select(db, 'users', { id: session.userID })[0] if (user) { return user } }