Alexander/homepage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cospend: require group membership for access

Browse Source
This commit is contained in:
Alexander Bocken
2025-09-12 22:26:57 +02:00
parent effed784b7
commit 4b2250ab03
1 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/hooks.server.ts
View File

@@ -12,19 +12,42 @@ import { initializeScheduler } from "./lib/server/scheduler"
initializeScheduler(); initializeScheduler();
async function authorization({ event, resolve }) { async function authorization({ event, resolve }) {
// Protect any routes under /authenticated
if (event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')) {
const session = await event.locals.auth(); const session = await event.locals.auth();
// Protect rezepte routes
if (event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')) {
if (!session) { if (!session) {
// Preserve the original URL the user was trying to access // Preserve the original URL the user was trying to access
const callbackUrl = encodeURIComponent(event.url.pathname + event.url.search); const callbackUrl = encodeURIComponent(event.url.pathname + event.url.search);
redirect(303, `/login?callbackUrl=${callbackUrl}`); redirect(303, `/login?callbackUrl=${callbackUrl}`);
} }
else if (!session.user.groups.includes('rezepte_users')) { else if (!session.user.groups.includes('rezepte_users')) {
// strip last dir from url error(403, {
// TODO: give indication of why access failed message: 'Zugriff verweigert',
const new_url = event.url.pathname.split('/').slice(0, -1).join('/'); details: 'Du hast keine Berechtigung für diesen Bereich. Falls du glaubst, dass dies ein Fehler ist, wende dich bitte an Alexander.'
redirect(303, new_url); });
}
}
// Protect cospend routes and API endpoints
if (event.url.pathname.startsWith('/cospend') || event.url.pathname.startsWith('/api/cospend')) {
if (!session) {
// For API routes, return 401 instead of redirecting
if (event.url.pathname.startsWith('/api/cospend')) {
error(401, {
message: 'Anmeldung erforderlich',
details: 'Du musst angemeldet sein, um auf diesen Bereich zugreifen zu können.'
});
}
// For page routes, redirect to login
const callbackUrl = encodeURIComponent(event.url.pathname + event.url.search);
redirect(303, `/login?callbackUrl=${callbackUrl}`);
}
else if (!session.user.groups.includes('cospend')) {
error(403, {
message: 'Zugriff verweigert',
details: 'Du hast keine Berechtigung für diesen Bereich. Falls du glaubst, dass dies ein Fehler ist, wende dich bitte an Alexander.'
});
} }
} }