Attempted fix for auth
All checks were successful
Docker Deploy / build-and-push (push) Successful in 4m56s
All checks were successful
Docker Deploy / build-and-push (push) Successful in 4m56s
This commit is contained in:
@@ -201,11 +201,11 @@ function isActive(item: { href: string; exact?: boolean }) {
|
||||
window.location.reload();
|
||||
});
|
||||
|
||||
// Logout - invalidate session via fetch, then redirect
|
||||
|
||||
const logoutBtn = document.getElementById('logout-btn');
|
||||
logoutBtn?.addEventListener('click', async () => {
|
||||
await fetch('/api/auth/logout', { method: 'POST' });
|
||||
window.location.href = '/';
|
||||
window.location.reload();
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
|
||||
@@ -2,7 +2,11 @@ import { defineMiddleware } from "astro/middleware";
|
||||
import { validateSession } from "./lib/auth";
|
||||
import { validateApiToken } from "./lib/api-auth";
|
||||
|
||||
const PUBLIC_ROUTES = ["/", "/login", "/signup"];
|
||||
|
||||
export const onRequest = defineMiddleware(async (context, next) => {
|
||||
const { pathname } = context.url;
|
||||
|
||||
const authHeader = context.request.headers.get("Authorization");
|
||||
if (authHeader?.startsWith("Bearer ")) {
|
||||
const token = authHeader.substring(7);
|
||||
@@ -18,13 +22,7 @@ export const onRequest = defineMiddleware(async (context, next) => {
|
||||
|
||||
const sessionId = context.cookies.get("session_id")?.value;
|
||||
|
||||
if (!sessionId) {
|
||||
context.locals.user = null;
|
||||
context.locals.session = null;
|
||||
context.locals.scopes = null;
|
||||
return next();
|
||||
}
|
||||
|
||||
if (sessionId) {
|
||||
const result = await validateSession(sessionId);
|
||||
|
||||
if (result) {
|
||||
@@ -35,7 +33,19 @@ export const onRequest = defineMiddleware(async (context, next) => {
|
||||
context.locals.user = null;
|
||||
context.locals.session = null;
|
||||
context.locals.scopes = null;
|
||||
context.cookies.delete("session_id");
|
||||
context.cookies.delete("session_id", { path: "/" });
|
||||
}
|
||||
} else {
|
||||
context.locals.user = null;
|
||||
context.locals.session = null;
|
||||
context.locals.scopes = null;
|
||||
}
|
||||
|
||||
const isPublic =
|
||||
PUBLIC_ROUTES.includes(pathname) || pathname.startsWith("/api/");
|
||||
|
||||
if (!isPublic && !context.locals.user) {
|
||||
return context.redirect("/login");
|
||||
}
|
||||
|
||||
return next();
|
||||
|
||||
Reference in New Issue
Block a user