From e8d668cde0c94a40350d9bcac341ede509743553 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Minelli?= <michael@minelli.me>
Date: Tue, 6 Jun 2023 20:19:31 +0200
Subject: [PATCH] SecurityMiddleware => Add check if connected

---
 ExpressAPI/src/middlewares/SecurityMiddleware.ts | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/ExpressAPI/src/middlewares/SecurityMiddleware.ts b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
index 73c5d82..6e895eb 100644
--- a/ExpressAPI/src/middlewares/SecurityMiddleware.ts
+++ b/ExpressAPI/src/middlewares/SecurityMiddleware.ts
@@ -18,9 +18,15 @@ class SecurityMiddleware {
         return SecurityMiddleware._instance;
     }
 
-    //Check if at least ONE rule match. It's NOT an AND but it's a OR function. For IsJuryUnlock, IsStudentUnlock and IsScheduleUnlock it's cumulative
-    check(...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void {
+    // First check if connected then check if at least ONE rule match. It's NOT an AND but it's a OR function.
+    check(checkIfConnected: boolean, ...checkTypes: Array<SecurityCheckType>): (req: ApiRequest, res: express.Response, next: express.NextFunction) => void {
         return async (req: ApiRequest, res: express.Response, next: express.NextFunction) => {
+            if ( checkIfConnected ) {
+                if ( req.session.profile.userID === null ) {
+                    return req.session.sendResponse(res, StatusCodes.UNAUTHORIZED);
+                }
+            }
+
             let isAllowed = checkTypes.length === 0;
 
             if ( !isAllowed ) {
-- 
GitLab