lib/api/security.js

/*
 * Copyright (c) 2026 by Christian Kellner.
 * Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause
 */

import * as userStorage from '../services/storage/userStorage.js';
import cookieSession from 'cookie-session';
const SESSION_MAX_AGE = 2 * 60 * 60 * 1000; // 2 hours
const unauthorized = (res) => {
  return res.send(401);
};
const isUnauthorized = (req) => {
  if (req.session.currentUser == null) return true;
  if (Date.now() - req.session.createdAt > SESSION_MAX_AGE) {
    req.session = null;
    return true;
  }
  return false;
};
const isAdmin = (req) => {
  if (!isUnauthorized(req)) {
    const user = userStorage.getUser(req.session.currentUser);
    return user != null && user.isAdmin;
  }
  return false;
};
const authInterceptor = () => {
  return (req, res, next) => {
    if (isUnauthorized(req)) {
      return unauthorized(res);
    } else {
      next();
    }
  };
};
const adminInterceptor = () => {
  return (req, res, next) => {
    if (!isAdmin(req)) {
      return unauthorized(res);
    } else {
      next();
    }
  };
};
const cookieSession$0 = (secret) => {
  return cookieSession({
    name: 'fredy-admin-session',
    keys: [secret],
    maxAge: SESSION_MAX_AGE,
  });
};
export { cookieSession$0 as cookieSession };
export { adminInterceptor };
export { authInterceptor };
export { isUnauthorized };
export { isAdmin };
foced to move to Apache 2.0 license 2025-12-11 10:40:55 +01:00			`/*`
Map View in Fredy :D (#253) * init map view * switching off 3d buildings when sattelite view is on * rename menu items * upgrading dependencies, adding provider to popups * adding screenshot for map view * fixing readme * next release version 2026-01-12 15:00:36 +01:00			`* Copyright (c) 2026 by Christian Kellner.`
foced to move to Apache 2.0 license 2025-12-11 10:40:55 +01:00			`* Licensed under Apache-2.0 with Commons Clause and Attribution/Naming Clause`
			`*/`

Making Fredy an ESM project (#70) Making Fredy an ESM project 2023-03-13 13:42:43 +01:00			`import * as userStorage from '../services/storage/userStorage.js';`
			`import cookieSession from 'cookie-session';`
security update 2026-03-31 13:33:01 +02:00			`const SESSION_MAX_AGE = 2 * 60 * 60 * 1000; // 2 hours`
UI (#15) Adding new Admin UI. Updating Fredy to V3.0.0 as it has been a large rewrite. Thanks for all contributions and help on the way! 2021-01-21 16:09:23 +01:00			`const unauthorized = (res) => {`
			`return res.send(401);`
			`};`
			`const isUnauthorized = (req) => {`
security update 2026-03-31 13:33:01 +02:00			`if (req.session.currentUser == null) return true;`
			`if (Date.now() - req.session.createdAt > SESSION_MAX_AGE) {`
			`req.session = null;`
			`return true;`
			`}`
			`return false;`
UI (#15) Adding new Admin UI. Updating Fredy to V3.0.0 as it has been a large rewrite. Thanks for all contributions and help on the way! 2021-01-21 16:09:23 +01:00			`};`
			`const isAdmin = (req) => {`
			`if (!isUnauthorized(req)) {`
			`const user = userStorage.getUser(req.session.currentUser);`
			`return user != null && user.isAdmin;`
			`}`
			`return false;`
			`};`
			`const authInterceptor = () => {`
			`return (req, res, next) => {`
			`if (isUnauthorized(req)) {`
			`return unauthorized(res);`
			`} else {`
			`next();`
			`}`
			`};`
			`};`
			`const adminInterceptor = () => {`
			`return (req, res, next) => {`
			`if (!isAdmin(req)) {`
			`return unauthorized(res);`
			`} else {`
			`next();`
			`}`
			`};`
			`};`
security update 2026-03-31 13:33:01 +02:00			`const cookieSession$0 = (secret) => {`
UI (#15) Adding new Admin UI. Updating Fredy to V3.0.0 as it has been a large rewrite. Thanks for all contributions and help on the way! 2021-01-21 16:09:23 +01:00			`return cookieSession({`
			`name: 'fredy-admin-session',`
security update 2026-03-31 13:33:01 +02:00			`keys: [secret],`
			`maxAge: SESSION_MAX_AGE,`
UI (#15) Adding new Admin UI. Updating Fredy to V3.0.0 as it has been a large rewrite. Thanks for all contributions and help on the way! 2021-01-21 16:09:23 +01:00			`});`
			`};`
Making Fredy an ESM project (#70) Making Fredy an ESM project 2023-03-13 13:42:43 +01:00			`export { cookieSession$0 as cookieSession };`
			`export { adminInterceptor };`
			`export { authInterceptor };`
			`export { isUnauthorized };`
			`export { isAdmin };`