diff --git a/middleware/auth.ts b/middleware/auth.ts index 5048b24c316618f701b82aebc25c6fd56cb1698a..53fc7a2fdfbe263cbc571fd30bc3e202b54b8ee7 100644 --- a/middleware/auth.ts +++ b/middleware/auth.ts @@ -1,6 +1,20 @@ -export default defineNuxtRouteMiddleware((to) => { +export default defineNuxtRouteMiddleware(async () => { const hasToken = useCookie('session_token'); - if (!hasToken && to.path.startsWith('/admin')) { + if (!hasToken) { + return navigateTo('/login'); + } + + let isAuthorized = false; + await useFetch('/api/admin/ping', { + onResponse({response}) { + console.log(response.ok); + if (response.ok) { + isAuthorized = true; + } + } + }); + + if (!isAuthorized) { return navigateTo('/login'); } }); \ No newline at end of file diff --git a/pages/admin.vue b/pages/admin.vue index 67818b9fcf8915ecaeb4ed2fafc95893dd354460..bdb76bcf95f439b1b15c5b002acf6412930720a0 100644 --- a/pages/admin.vue +++ b/pages/admin.vue @@ -1,7 +1,10 @@ <script setup lang="ts"> definePageMeta({ middleware: 'auth' -}) +}); + +useAuthStore(); + </script> <template> diff --git a/server/api/admin/ping.ts b/server/api/admin/ping.ts new file mode 100644 index 0000000000000000000000000000000000000000..6064d83998470b086a06c39d79378167bec75a0a --- /dev/null +++ b/server/api/admin/ping.ts @@ -0,0 +1,5 @@ +import {EventHandlerRequest, H3Event} from "h3"; + +export default defineEventHandler(async () => { + return "pong"; +}); \ No newline at end of file diff --git a/server/middleware/auth.ts b/server/middleware/auth.ts new file mode 100644 index 0000000000000000000000000000000000000000..3927e0a92a1a8accaa0ab4d3747f81a8c030eca6 --- /dev/null +++ b/server/middleware/auth.ts @@ -0,0 +1,34 @@ +import {EventHandlerRequest, H3Event} from "h3"; +import prisma from "~/lib/prisma"; + +export default defineEventHandler(async (event: H3Event<EventHandlerRequest>) => { + if (!event.path.startsWith('/admin/')) { + return; + } + + const sessionToken = getCookie(event, 'session_token'); + const sessionUserId = getCookie(event, 'userId'); + console.log(sessionToken, sessionUserId); + + if (!sessionToken || !sessionUserId) { + throw createError({statusCode: 401, statusMessage: 'Unauthorized'}); + } + + const dateNow = new Date(); + const session = await prisma.session.findUnique({ + where: { + token: sessionToken, + expiresAt: { + gte: dateNow, + } + }, + }); + + if (!session) { + throw createError({statusCode: 401, statusMessage: 'Unauthorized'}); + } + + if (session.userId.toString() !== sessionUserId) { + throw createError({statusCode: 401, statusMessage: 'Unauthorized'}); + } +}); \ No newline at end of file