module.exports = (app) ->
  
  app.authenticate = (req, res, next) ->
    if req.isAuthenticated()
      return next()
    res.redirect('/login')

  app.authorize = (act, resource) ->
    (req, res, next) ->
      unless req.isAuthenticated()
        return res.redirect('/login')
      unless req.user.can(act, resource)
        return res.send 403
      return next()