Skip to content
Snippets Groups Projects
Commit 22d74be5 authored by Sofiane Lasri's avatar Sofiane Lasri
Browse files

feat: implement admin authentication middleware and API endpoint

- Add `auth.ts` middleware for session validation in server.
- Update `auth.ts` in middleware to use async and fetch ping API.
- Modify `admin.vue` to utilize `useAuthStore()` for state management.
- Introduce `ping.ts` API in server for admin route validation.
parent b5c2ec97
Branches master
No related tags found
No related merge requests found
Pipeline #564 failed
export default defineNuxtRouteMiddleware((to) => { export default defineNuxtRouteMiddleware(async () => {
const hasToken = useCookie('session_token'); const hasToken = useCookie('session_token');
if (!hasToken && to.path.startsWith('/admin')) { if (!hasToken) {
return navigateTo('/login');
}
let isAuthorized = false;
await useFetch('/api/admin/ping', {
onResponse({response}) {
console.log(response.ok);
if (response.ok) {
isAuthorized = true;
}
}
});
if (!isAuthorized) {
return navigateTo('/login'); return navigateTo('/login');
} }
}); });
\ No newline at end of file
<script setup lang="ts"> <script setup lang="ts">
definePageMeta({ definePageMeta({
middleware: 'auth' middleware: 'auth'
}) });
useAuthStore();
</script> </script>
<template> <template>
......
import {EventHandlerRequest, H3Event} from "h3";
export default defineEventHandler(async () => {
return "pong";
});
\ No newline at end of file
import {EventHandlerRequest, H3Event} from "h3";
import prisma from "~/lib/prisma";
export default defineEventHandler(async (event: H3Event<EventHandlerRequest>) => {
if (!event.path.startsWith('/admin/')) {
return;
}
const sessionToken = getCookie(event, 'session_token');
const sessionUserId = getCookie(event, 'userId');
console.log(sessionToken, sessionUserId);
if (!sessionToken || !sessionUserId) {
throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
}
const dateNow = new Date();
const session = await prisma.session.findUnique({
where: {
token: sessionToken,
expiresAt: {
gte: dateNow,
}
},
});
if (!session) {
throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
}
if (session.userId.toString() !== sessionUserId) {
throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
}
});
\ No newline at end of file
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment