import type { Request, Response, NextFunction } from 'express';
import type { SessionManager } from '../services/session-manager.js';
export function cookieAuthMiddleware(sessionManager: SessionManager) {
return (req: Request, res: Response, next: NextFunction): void => {
// Skip auth for login and logout endpoints
if (req.path === '/auth/login' || req.path === '/auth/logout') {
next();
return;
}
const sessionId = req.cookies?.dashboard_session;
if (!sessionId) {
res.status(401).json({ error: 'Authentication required' });
return;
}
const session = sessionManager.validate(sessionId);
if (!session) {
res.clearCookie('dashboard_session');
res.clearCookie('csrf_token');
res.status(401).json({ error: 'Session expired or invalid' });
return;
}
// Attach session to request for downstream use
(req as any).dashboardSession = session;
next();
};
}
