const isAuthenticated = (req, res, next) => {
    if (req.session && req.session.user) {
        return next();
    }
    return res.status(401).json({ success: false, message: 'Unauthorized' });
};

const hasRole = (...roles) => {
    return (req, res, next) => {
        if (!req.session || !req.session.user) {
            return res.status(401).json({ success: false, message: 'Unauthorized' });
        }

        if (roles.includes(req.session.user.role)) {
            return next();
        }

        return res.status(403).json({ success: false, message: 'Forbidden: Insufficient permissions' });
    };
};

module.exports = { isAuthenticated, hasRole };