32 lines
613 B
JavaScript
32 lines
613 B
JavaScript
const db = require("../database/database");
|
|
|
|
async function auth(req, res, next) {
|
|
if (!req.session.user) {
|
|
return res.redirect("/");
|
|
}
|
|
|
|
try {
|
|
const [rows] = await db.query(
|
|
"SELECT session_token FROM accounts WHERE id = ?",
|
|
[req.session.user.id],
|
|
);
|
|
|
|
if (!rows.length) {
|
|
req.session.destroy();
|
|
return res.redirect("/");
|
|
}
|
|
|
|
if (rows[0].session_token !== req.session.user.token) {
|
|
req.session.destroy();
|
|
return res.redirect("/");
|
|
}
|
|
|
|
next();
|
|
} catch (error) {
|
|
console.error(error);
|
|
res.redirect("/");
|
|
}
|
|
}
|
|
|
|
module.exports = auth;
|