-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathadminDashboard.js
More file actions
32 lines (26 loc) · 1.09 KB
/
adminDashboard.js
File metadata and controls
32 lines (26 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/**
* Admin dashboard authentication middleware.
* Protects the admin dashboard HTML page with session-based authentication.
* Requires the user to be logged in via session and have admin role.
*/
import { getRow } from '../db/authDb.js';
/**
* Middleware to protect admin dashboard page.
* Checks for session authentication and admin role.
* Redirects to login if not authenticated or not admin.
*/
export const authenticateAdminDashboard = async (req, res, next) => {
// Check if user has a session
if (!req.session || !req.session.user) {
// Redirect to login with return_to parameter
return res.redirect(`/login?return_to=${encodeURIComponent(req.originalUrl)}`);
}
// Get user's role from database
const user = await getRow('SELECT role FROM users WHERE id = ? AND is_active = TRUE', [req.session.user.id]);
if (!user || user.role !== 'admin') {
// Non-admin user - redirect to login with error
return res.redirect(`/login?error=admin_required&return_to=${encodeURIComponent(req.originalUrl)}`);
}
// User is authenticated and is admin - allow access
next();
};