Setup permissions check on index

app.js

@@ -1,10 +1,10 @@
-let createError = require("http-errors");
 let express = require("express");
 let path = require("path");
 let cookieParser = require("cookie-parser");
 let logger = require("morgan");
 let sassMiddleware = require("node-sass-middleware");
 const session = require("express-session");
+const error = require("./routes/utils/error");
 let config = process.env.NODE_ENV === "test" ? {} : require("./config/config.json");
 
 let indexRouter = require("./routes/index");
@@ -42,8 +42,8 @@ app.use("/", indexRouter);
 app.use("/login", loginRouter);
 
 // catch 404 and forward to error handler
-app.use((req, res, next) => {
+app.use((req, res) => {
-  next(createError(404));
+  return error(req, res, "Page not found", 404);
 });
 
 // error handler

routes/index.js

@@ -1,8 +1,8 @@
 let express = require("express");
 let router = express.Router();
+const sessionCheck = require("./utils/sessionCheck");
 
-/* GET home page. */
+router.get("/", sessionCheck(1), (req, res) => {
-router.get("/", (req, res) => {
   res.render("index", { title: "L'ETU" });
 });
 

routes/utils/error.js

@@ -0,0 +1,4 @@
+module.exports = (req, res, message, status, subMessage) => {
+    res.status(status || 500);
+    res.render("error", {message: message, error: {status: subMessage || undefined}});
+};

routes/utils/sessionCheck.js

@@ -0,0 +1,15 @@
+let error = require("./error");
+
+function sessionCheck(permission) {
+    return (req, res, next) => {
+        if (!req.session.user) {
+            req.session.lastUrl = req.originalUrl;
+            req.session.save(() => res.redirect("/login"));
+        } else if (req.session.user.permissions < permission)
+            return error(req, res, "Permission denied !", 403);
+        else
+            next();
+    }
+}
+
+module.exports = sessionCheck;