const User = require('../module/User');

async function permission(ctx, next) {
  if (!ctx.session.user) {
    return ctx.error('请登陆后在执行此操作!', 401);
  }

  let user = new User();
  user.name = ctx.session.user.name;
  
  let result = await user.query();
  if (result.length === 0 || result[0].hide) {
    ctx.error('该账号不存在!');
  } else if (result[0].psw !== ctx.session.user.psw) {
    ctx.error('密码错误');
  } else {
    await next();
  }
}

module.exports = exports = permission;