const db = require("../database/database");

async function auth(req, res, next) {
  if (!req.session.user) {
    return res.redirect("/");
  }

  try {
    const [rows] = await db.query(
      "SELECT session_token FROM accounts WHERE id = ?",
      [req.session.user.id],
    );

    if (!rows.length) {
      req.session.destroy();
      return res.redirect("/");
    }

    if (rows[0].session_token !== req.session.user.token) {
      req.session.destroy();
      return res.redirect("/");
    }

    next();
  } catch (error) {
    console.error(error);
    res.redirect("/");
  }
}

module.exports = auth;