Compare commits
2 Commits
3a684a5d5a
...
022d727394
Author | SHA1 | Date | |
---|---|---|---|
022d727394 | |||
650a6ce1fc |
17
src/auth.ts
17
src/auth.ts
@ -9,4 +9,21 @@ export const { handle, signIn, signOut } = SvelteKitAuth({
|
|||||||
clientSecret: AUTHENTIK_SECRET,
|
clientSecret: AUTHENTIK_SECRET,
|
||||||
issuer: AUTHENTIK_ISSUER,
|
issuer: AUTHENTIK_ISSUER,
|
||||||
})],
|
})],
|
||||||
|
callbacks: {
|
||||||
|
// this feels like an extremely hacky way to get nickname and groups into the session object
|
||||||
|
// TODO: investigate if there's a better way to do this
|
||||||
|
jwt: async ({token, profile}) => {
|
||||||
|
if(profile){
|
||||||
|
token.nickname = profile.nickname;
|
||||||
|
token.groups = profile.groups;
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
},
|
||||||
|
session: async ({session, token}) => {
|
||||||
|
session.user.nickname = token.nickname;
|
||||||
|
session.user.groups = token.groups;
|
||||||
|
return session;
|
||||||
|
},
|
||||||
|
|
||||||
|
}
|
||||||
})
|
})
|
||||||
|
@ -2,28 +2,32 @@ import { authenticateUser } from "$lib/js/authenticate"
|
|||||||
import type { Handle } from "@sveltejs/kit"
|
import type { Handle } from "@sveltejs/kit"
|
||||||
import { redirect } from "@sveltejs/kit"
|
import { redirect } from "@sveltejs/kit"
|
||||||
import { error } from "@sveltejs/kit"
|
import { error } from "@sveltejs/kit"
|
||||||
export { handle } from "./auth"
|
import { SvelteKitAuth } from "@auth/sveltekit"
|
||||||
|
import Authentik from "@auth/core/providers/authentik"
|
||||||
|
import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/private";
|
||||||
|
import { sequence } from "@sveltejs/kit/hooks"
|
||||||
|
import * as auth from "./auth"
|
||||||
|
|
||||||
//export const handle : Handle = async({event, resolve}) => {
|
async function authorization({ event, resolve }) {
|
||||||
// if(event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')){
|
// Protect any routes under /authenticated
|
||||||
// event.locals.user = await authenticateUser(event.cookies)
|
if (event.url.pathname.startsWith('/rezepte/edit') || event.url.pathname.startsWith('/rezepte/add')) {
|
||||||
// if(!event.locals.user){
|
const session = await event.locals.getSession();
|
||||||
// throw redirect(303, "/login")
|
if (!session) {
|
||||||
// }
|
throw redirect(303, '/auth/signin');
|
||||||
// else if(!event.locals.user.access.includes("rezepte")){
|
}
|
||||||
// throw error(401, "Your user does not have access to this page")
|
else if (! session.user.groups.includes('rezepte_users')) {
|
||||||
// }
|
// strip last dir from url
|
||||||
// }
|
// TODO: give indication of why access failed
|
||||||
// else if(event.url.pathname.startsWith('/abrechnung')){
|
const new_url = event.url.pathname.split('/').slice(0, -1).join('/');
|
||||||
// event.locals.user = await authenticateUser(event.cookies)
|
throw redirect(303, new_url);
|
||||||
// if(!event.locals.user){
|
}
|
||||||
// throw redirect(303, "/login")
|
}
|
||||||
// }
|
|
||||||
// else if(!event.locals.user.access.includes("abrechnung")){
|
// If the request is still here, just proceed as normally
|
||||||
// throw error(401, "Your User does not have access to this page")
|
return resolve(event);
|
||||||
// }
|
}
|
||||||
// }
|
|
||||||
//
|
export const handle: Handle = sequence(
|
||||||
// const response = await resolve(event)
|
auth.handle,
|
||||||
// return response
|
authorization
|
||||||
//}
|
);
|
||||||
|
Loading…
Reference in New Issue
Block a user