ThaMunsta/loot-hunt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix stale auth permisisons
Build Images and Deploy / Update-PROD-Stack (push) Successful in 30s
Details

Browse Source
This commit is contained in:
Mike Johnston
2026-03-20 22:17:50 -04:00
parent 6f7ccb6409
commit b3f3bd394e
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/middleware/auth.js
+14 -1
View File
@@ -33,10 +33,23 @@ function requireOrganizerOrAdmin(req, res, next) {
function loadUser(req, res, next) { function loadUser(req, res, next) {
if (req.session && req.session.userId) { if (req.session && req.session.userId) {
// Refresh roles from DB on every request to catch admin changes
const { Users } = require('../models');
const user = Users.findById(req.session.userId);
if (!user) {
// User was deleted — destroy session
return req.session.destroy(() => {
res.locals.currentUser = null;
next();
});
}
req.session.isAdmin = !!user.is_admin;
req.session.isOrganizer = !!user.is_organizer;
req.session.displayName = user.display_name || user.username;
res.locals.currentUser = { res.locals.currentUser = {
id: req.session.userId, id: req.session.userId,
username: req.session.username, username: req.session.username,
displayName: req.session.displayName || req.session.username, displayName: req.session.displayName,
isAdmin: req.session.isAdmin, isAdmin: req.session.isAdmin,
isOrganizer: req.session.isOrganizer isOrganizer: req.session.isOrganizer
}; };