fedilove/api/src/auth.js

const pwd = require('./passwd.js')

module.exports = {
	enforceSession: async (req, res, next) => {
		const ret403 = (reason) => {
			const suffix = reason !== undefined ? '. Reason: '+reason : ''
			return res.status(403).send('API endpoint forbidden'+suffix)
		}

		if (req.cookies['fedilove_session'] === undefined)
			return ret403()

		const sess = await db.table.sessions().findOne({ session: req.cookies['fedilove_session'] })
		if (sess === null)
			return ret403()

		const user = await db.table.users().findOne({ _id: sess.id_user })
		if (user.activated !== 1)
			return ret403('User is no activated yet')
		if (user.banned !== undefined && user.banned === 1)
			return ret403('User has been banned')
		if (user.deleted !== undefined && user.deleted === 1)
			return ret403('User has been deleted')

		res.locals.user = user
		next()
	},
}