17 lines
597 B
JavaScript
17 lines
597 B
JavaScript
let error = require("./error");
|
|
|
|
function sessionCheck(permission) {
|
|
return (req, res, next) => {
|
|
if (permission === -1 && req.session.user) {
|
|
res.redirect(req.session.lastUrl);
|
|
} else if (permission !== -1 && !req.session.user) {
|
|
req.session.lastUrl = req.originalUrl;
|
|
req.session.save(() => res.redirect("/login"));
|
|
} else if (req.session.user && req.session.user.permissions < permission) {
|
|
return error(req, res, "Permission denied !", 403);
|
|
} else
|
|
next();
|
|
}
|
|
}
|
|
|
|
module.exports = sessionCheck;
|