let error = require("./error"); function sessionCheck(permission) { return (req, res, next) => { if (permission === -1 && req.session.user) { res.redirect(req.session.lastUrl); } if (!req.session.user) { req.session.lastUrl = req.originalUrl; req.session.save(() => res.redirect("/login")); } else if (req.session.user.permissions < permission) { return error(req, res, "Permission denied !", 403); } else next(); } } module.exports = sessionCheck;