diff --git a/lib/auth.ts b/lib/auth.ts
index d494ed1..52cede1 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -1,5 +1,39 @@
 import bcrypt from 'bcryptjs'
+import { getIronSession } from 'iron-session'
+import { cookies } from 'next/headers'
 import { prisma } from '@/lib/prisma'
+import { SessionData, sessionOptions } from '@/lib/session'
+import { getAccessibleProduct } from '@/lib/product-access'
+
+export async function getSession() {
+  return getIronSession<SessionData>(await cookies(), sessionOptions)
+}
+
+export async function requireUser() {
+  const session = await getSession()
+  if (!session.userId) throw new Error('Niet ingelogd')
+  return session
+}
+
+export async function requireWriter() {
+  const session = await requireUser()
+  if (session.isDemo) throw new Error('Niet beschikbaar in demo-modus')
+  return session.userId
+}
+
+export async function requireProductAccess(productId: string) {
+  const session = await requireUser()
+  const product = await getAccessibleProduct(productId, session.userId)
+  if (!product) throw new Error('Product niet gevonden of geen toegang')
+  return product
+}
+
+export async function requireProductWriter(productId: string) {
+  const userId = await requireWriter()
+  const product = await getAccessibleProduct(productId, userId)
+  if (!product) throw new Error('Product niet gevonden of geen toegang')
+  return product
+}
 
 export async function registerUser(username: string, password: string) {
   const existing = await prisma.user.findUnique({ where: { username } })