LuHost/middleware/auth.js

// Authentication middleware
const AuthManager = require('../utils/auth');
const authManager = new AuthManager();

// Initialize auth manager
authManager.initialize().catch(console.error);

async function requireAuth(req, res, next) {
  if (req.session && req.session.user) {
    // User is authenticated
    return next();
  } else {
    // User is not authenticated - check if this is first user setup
    try {
      const isFirstUser = await authManager.isFirstUser();
      
      if (isFirstUser) {
        // No users exist yet - redirect to registration
        if (req.headers.accept && req.headers.accept.includes('application/json')) {
          return res.status(401).json({ error: 'No users configured. Please complete setup.' });
        } else {
          return res.redirect('/register');
        }
      } else {
        // Users exist but this person isn't authenticated
        if (req.headers.accept && req.headers.accept.includes('application/json')) {
          return res.status(401).json({ error: 'Authentication required' });
        } else {
          return res.redirect('/login?redirect=' + encodeURIComponent(req.originalUrl));
        }
      }
    } catch (error) {
      console.error('Error checking first user in auth middleware:', error);
      // Fallback to login on error
      return res.redirect('/login?redirect=' + encodeURIComponent(req.originalUrl));
    }
  }
}

function redirectIfAuthenticated(req, res, next) {
  if (req.session && req.session.user) {
    // User is already authenticated, redirect to dashboard
    return res.redirect('/');
  } else {
    // User is not authenticated, continue to login/register
    return next();
  }
}

function attachUser(req, res, next) {
  // Make user available to templates
  res.locals.user = req.session ? req.session.user : null;
  res.locals.isAuthenticated = !!(req.session && req.session.user);
  next();
}

module.exports = {
  requireAuth,
  redirectIfAuthenticated,
  attachUser
};