import { authCookieName, refreshSessionIfNeeded, verifySession } from '../libs/auth.js';

const requireAuth = (req, res, next) => {
  const session = verifySession(req.cookies?.[authCookieName]);

  if (!session) {
    return res.unauthorized('请先登录');
  }

  req.user = session;
  refreshSessionIfNeeded(res, session);
  next();
};

export default requireAuth;