function requireLogin(req, res, next) {
  if (!req.session.user) {
    return res.redirect("/");
  }

  // optional, aber sauber
  req.user = req.session.user;

  next();
}

function requireAdmin(req, res, next) {
  console.log("ADMIN CHECK:", req.session.user);

  if (!req.session.user) {
    return res.send("NICHT EINGELOGGT");
  }

  if (req.session.user.role !== "arzt") {
    return res.send("KEIN ARZT: " + req.session.user.role);
  }

  // 🔑 DAS HAT GEFEHLT
  req.user = req.session.user;

  next();
}

module.exports = {
  requireLogin,
  requireAdmin
};