53 lines
1.6 KiB
TypeScript
53 lines
1.6 KiB
TypeScript
import { NextFunction, Response } from "express";
|
|
import ErrorResponse from "@server/types/ErrorResponse";
|
|
import { db } from "@server/db";
|
|
import { users } from "@server/db/schema";
|
|
import { eq } from "drizzle-orm";
|
|
import createHttpError from "http-errors";
|
|
import HttpCode from "@server/types/HttpCode";
|
|
import config from "@server/lib/config";
|
|
import { verifySession } from "@server/auth/sessions/verifySession";
|
|
import { unauthorized } from "@server/auth/unauthorizedResponse";
|
|
import logger from "@server/logger";
|
|
|
|
export const verifySessionUserMiddleware = async (
|
|
req: any,
|
|
res: Response<ErrorResponse>,
|
|
next: NextFunction
|
|
) => {
|
|
const { session, user } = await verifySession(req);
|
|
if (!session || !user) {
|
|
if (config.getRawConfig().app.log_failed_attempts) {
|
|
logger.info(`User session not found. IP: ${req.ip}.`);
|
|
}
|
|
return next(unauthorized());
|
|
}
|
|
|
|
const existingUser = await db
|
|
.select()
|
|
.from(users)
|
|
.where(eq(users.userId, user.userId));
|
|
|
|
if (!existingUser || !existingUser[0]) {
|
|
if (config.getRawConfig().app.log_failed_attempts) {
|
|
logger.info(`User session not found. IP: ${req.ip}.`);
|
|
}
|
|
return next(
|
|
createHttpError(HttpCode.BAD_REQUEST, "User does not exist")
|
|
);
|
|
}
|
|
|
|
req.user = existingUser[0];
|
|
req.session = session;
|
|
|
|
if (
|
|
!existingUser[0].emailVerified &&
|
|
config.getRawConfig().flags?.require_email_verification
|
|
) {
|
|
return next(
|
|
createHttpError(HttpCode.BAD_REQUEST, "Email is not verified") // Might need to change the response type?
|
|
);
|
|
}
|
|
|
|
next();
|
|
};
|