atash/chronus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Attempted fix for auth
All checks were successful
Docker Deploy / build-and-push (push) Successful in 4m56s
Details

Browse Source
This commit is contained in:
Atridad Lahiji
2026-02-13 10:55:35 -07:00
parent 5f7b36582c
commit 44de064d68
2 changed files with 25 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/layouts/DashboardLayout.astro
View File

@@ -201,11 +201,11 @@ function isActive(item: { href: string; exact?: boolean }) {
window.location.reload(); window.location.reload();
}); });
// Logout - invalidate session via fetch, then redirect
const logoutBtn = document.getElementById('logout-btn'); const logoutBtn = document.getElementById('logout-btn');
logoutBtn?.addEventListener('click', async () => { logoutBtn?.addEventListener('click', async () => {
await fetch('/api/auth/logout', { method: 'POST' }); await fetch('/api/auth/logout', { method: 'POST' });
window.location.href = '/'; window.location.reload();
}); });
</script> </script>
</body> </body>

36
src/middleware.ts
View File

@@ -2,7 +2,11 @@ import { defineMiddleware } from "astro/middleware";
import { validateSession } from "./lib/auth"; import { validateSession } from "./lib/auth";
import { validateApiToken } from "./lib/api-auth"; import { validateApiToken } from "./lib/api-auth";
const PUBLIC_ROUTES = ["/", "/login", "/signup"];
export const onRequest = defineMiddleware(async (context, next) => { export const onRequest = defineMiddleware(async (context, next) => {
const { pathname } = context.url;
const authHeader = context.request.headers.get("Authorization"); const authHeader = context.request.headers.get("Authorization");
if (authHeader?.startsWith("Bearer ")) { if (authHeader?.startsWith("Bearer ")) {
const token = authHeader.substring(7); const token = authHeader.substring(7);
@@ -18,24 +22,30 @@ export const onRequest = defineMiddleware(async (context, next) => {
const sessionId = context.cookies.get("session_id")?.value; const sessionId = context.cookies.get("session_id")?.value;
if (!sessionId) { if (sessionId) {
context.locals.user = null; const result = await validateSession(sessionId);
context.locals.session = null;
context.locals.scopes = null;
return next();
}
const result = await validateSession(sessionId); if (result) {
context.locals.user = result.user;
if (result) { context.locals.session = result.session;
context.locals.user = result.user; context.locals.scopes = null;
context.locals.session = result.session; } else {
context.locals.scopes = null; context.locals.user = null;
context.locals.session = null;
context.locals.scopes = null;
context.cookies.delete("session_id", { path: "/" });
}
} else { } else {
context.locals.user = null; context.locals.user = null;
context.locals.session = null; context.locals.session = null;
context.locals.scopes = null; context.locals.scopes = null;
context.cookies.delete("session_id"); }
const isPublic =
PUBLIC_ROUTES.includes(pathname) || pathname.startsWith("/api/");
if (!isPublic && !context.locals.user) {
return context.redirect("/login");
} }
return next(); return next();