feat: implement admin authentication middleware and API endpoint

- Add `auth.ts` middleware for session validation in server. - Update `auth.ts` in middleware to use async and fetch ping API. - Modify `admin.vue` to utilize `useAuthStore()` for state management. - Introduce `ping.ts` API in server for admin route validation.

feat: implement admin authentication middleware and API endpoint
22d74be5 · Sofiane Lasri · b5c2ec97 · 22d74be5 · 22d74be5 · 22d74be5
Commit 22d74be5 authored 6 months ago by Sofiane Lasri
--- a/middleware/auth.ts
+++ b/middleware/auth.ts
-export default defineNuxtRouteMiddleware((to) => {
+export default defineNuxtRouteMiddleware(async () => {
    const hasToken = useCookie('session_token');
-    if (!hasToken && to.path.startsWith('/admin')) {
+    if (!hasToken) {
+        return navigateTo('/login');
+    }
+    let isAuthorized = false;
+    await useFetch('/api/admin/ping', {
+        onResponse({response}) {
+            console.log(response.ok);
+            if (response.ok) {
+                isAuthorized = true;
+            }
+        }
+    });
+    if (!isAuthorized) {
        return navigateTo('/login');
    }
 });
\ No newline at end of file
--- a/pages/admin.vue
+++ b/pages/admin.vue
 <script setup lang="ts">
 definePageMeta({
  middleware: 'auth'
-})
+});
+useAuthStore();
 </script>
 <template>

--- a/server/api/admin/ping.ts
+++ b/server/api/admin/ping.ts
+import {EventHandlerRequest, H3Event} from "h3";
+export default defineEventHandler(async () => {
+    return "pong";
+});
\ No newline at end of file
--- a/server/middleware/auth.ts
+++ b/server/middleware/auth.ts
+import {EventHandlerRequest, H3Event} from "h3";
+import prisma from "~/lib/prisma";
+export default defineEventHandler(async (event: H3Event<EventHandlerRequest>) => {
+    if (!event.path.startsWith('/admin/')) {
+        return;
+    }
+    const sessionToken = getCookie(event, 'session_token');
+    const sessionUserId = getCookie(event, 'userId');
+    console.log(sessionToken, sessionUserId);
+    if (!sessionToken || !sessionUserId) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+    const dateNow = new Date();
+    const session = await prisma.session.findUnique({
+        where: {
+            token: sessionToken,
+            expiresAt: {
+                gte: dateNow,
+            }
+        },
+    });
+    if (!session) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+    if (session.userId.toString() !== sessionUserId) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+});
\ No newline at end of file