module.exports = async (req, res) => { if(!req.user) { const err = new Error('Unauthorized') err.status = 401 throw err; } if(!req.user.is_admin) { const err = new Error('Forbidden') err.status = 401 throw err; } return 'next' }