diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts index 73c5d820891f904ad1c21eca8dfc0fb333255602..6e895ebadbd0faaa22eb6d00a587091e6bcf3ff5 100644 --- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts +++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts @@ -18,9 +18,15 @@ class SecurityMiddleware { return SecurityMiddleware._instance; } - //Check if at least ONE rule match. It's NOT an AND but it's a OR function. For IsJuryUnlock, IsStudentUnlock and IsScheduleUnlock it's cumulative - check(...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void { + // First check if connected then check if at least ONE rule match. It's NOT an AND but it's a OR function. + check(checkIfConnected: boolean, ...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void { return async (req: ApiRequest, res: express.Response, next: express.NextFunction) => { + if ( checkIfConnected ) { + if ( req.session.profile.userID === null ) { + return req.session.sendResponse(res, StatusCodes.UNAUTHORIZED); + } + } + let isAllowed = checkTypes.length === 0; if ( !isAllowed ) {