re-protect client paths

This commit is contained in:
Alexander Bocken 2024-02-15 03:13:49 +01:00
parent 3a684a5d5a
commit 650a6ce1fc
Signed by: Alexander
GPG Key ID: 1D237BE83F9B05E8

View File

@ -2,28 +2,26 @@ import { authenticateUser } from "$lib/js/authenticate"
import type { Handle } from "@sveltejs/kit" import type { Handle } from "@sveltejs/kit"
import { redirect } from "@sveltejs/kit" import { redirect } from "@sveltejs/kit"
import { error } from "@sveltejs/kit" import { error } from "@sveltejs/kit"
export { handle } from "./auth" import { SvelteKitAuth } from "@auth/sveltekit"
import Authentik from "@auth/core/providers/authentik"
import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/private";
import { sequence } from "@sveltejs/kit/hooks"
import * as auth from "./auth"
//export const handle : Handle = async({event, resolve}) => { async function authorization({ event, resolve }) {
// if(event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')){ // Protect any routes under /authenticated
// event.locals.user = await authenticateUser(event.cookies) if (event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')) {
// if(!event.locals.user){ const session = await event.locals.getSession();
// throw redirect(303, "/login") if (!session) {
// } throw redirect(303, '/auth/signin');
// else if(!event.locals.user.access.includes("rezepte")){ }
// throw error(401, "Your user does not have access to this page") }
// }
// } // If the request is still here, just proceed as normally
// else if(event.url.pathname.startsWith('/abrechnung')){ return resolve(event);
// event.locals.user = await authenticateUser(event.cookies) }
// if(!event.locals.user){
// throw redirect(303, "/login") export const handle: Handle = sequence(
// } auth.handle,
// else if(!event.locals.user.access.includes("abrechnung")){ authorization
// throw error(401, "Your User does not have access to this page") );
// }
// }
//
// const response = await resolve(event)
// return response
//}