OIDC can check for groups now to properly secure users

2024-02-15 04:10:06 +01:00
parent 78f293a127
commit 909f8ff9ad
2 changed files with 23 additions and 0 deletions
--- a/src/hooks.server.ts
+++ b/src/hooks.server.ts
@@ -15,6 +15,12 @@ async function authorization({ event, resolve }) {
 		if (!session) {
 			throw redirect(303, '/auth/signin');
 		}
+		else if (! session.user.groups.includes('rezepte_users')) {
+			// strip last dir from url
+			// TODO: give indication of why access failed
+			const new_url = event.url.pathname.split('/').slice(0, -1).join('/');
+			throw redirect(303, new_url);
+		}
 	}

 	// If the request is still here, just proceed as normally