14 lines
404 B
JavaScript
14 lines
404 B
JavaScript
// Nur eingeloggte User
|
|
function requireAuth(req, res, next) {
|
|
if (req.isAuthenticated()) return next();
|
|
res.status(401).json({ error: 'Nicht eingeloggt' });
|
|
}
|
|
|
|
// Nur Admins (Whitelist)
|
|
function requireAdmin(req, res, next) {
|
|
if (req.isAuthenticated() && req.user?.isAdmin) return next();
|
|
res.status(403).json({ error: 'Kein Admin-Zugriff' });
|
|
}
|
|
|
|
module.exports = { requireAuth, requireAdmin };
|